When starting an investigation we start thinking about what we need or who we need to contact when it comes to specific crime types. As investigators we do this second nature, it is a process that just happens, and if we have never investigated a certain crime it can be overwhelming at times. Specific crimes often need specialized training and have agencies that may need to be contacted for assistance. When it comes to the digital evidence we also start thinking of the steps that need to be taken and how we are going to put things together. Let’s not let this be overwhelming as well.
Whether you are investigating child exploitation cases, human resource violations, terrorism, drugs, or financial crimes, getting to the data you need can be a little easier than you thought. Don't let the crime or the technical aspect overwhelm you. Think of any other case you have handled and how you had successful results, what was it that gave you those results, or what was it that you did to eliminate that device, which is just as important in an investigation. It’s not that you could not find it, it‘s that you thoroughly did your due diligence and are confident in your results. A solid pregame leads to a solid investigation. Digital forensics for financial crimes can be broken up into steps.
So where do you start when you are faced with multiple devices and a financial crime you may not be used to investigating? Your starting place is the investigation up to this point:
- What has been done?
- Who has been contacted?
- Who are the players?
- What are they accused of doing?
There will be specificity in each one of these questions that will help guide you to what you are looking for.
Reading through the report with your specific questions in mind will help cull out the specific items you need to continue. Start looking for keywords that will help you identify items in your investigation:
- Does the investigation involve spreadsheets or record keeping?
- Are there any documented conversations?
- What are the names of the victims or suspects?
- Is there Cryptocurrency involved?
Think about the list you can create answering these questions.
After reading through the investigation you should have a list of keywords and items, whether they are artifacts or files, you are looking for. At this point for the first pass on devices, early case assessment is the goal. Keywords should be unique so as to lessen the chance of false positives and more work. Keywords such as last names, user names, misspelled words, IP addresses, and account numbers will narrow down and collect the items of relevance. The types of files you are looking for should be targeted in scope and location, giving you results rich with positive hits.
When your digital investigation is something new and you're looking to get started, take a deep breath and think back on your past results. Chances are you have done the same thing in another investigation. Take a look at our Solving Financial Crimes Webinar for more tips and tricks and Happy Hunting!