Digital Forensics & Fraud Investigation

Digital Forensics investigations are still predominantly conducted in response to an incident. With this reactive approach, there is extreme pressure on the investigation team to gather and process digital evidence before it is no longer available or has been modified. The rudimentary practices followed by local law enforcement and limited knowledge of emerging forensic technology have led to weak capabilities in investigating corporate crimes.
The digital forensics and fraud investigation team of ThinkLaw comprises of lawyers who closely work with a team of technology specialists and ex law enforcement officials to provide comprehensive end to end investigation, detection, resolution and preventive advice and assistance in dealing with all kinds of frauds and crimes which have a digital footprint. The team liaises with various external agencies to mitigate damage. The legal team works in tandem with the teams of investigators to identify, collect and preserve evidence, conduct interviews and advises on strategy for perusing civil and criminal remedies.

The cornerstones applied by the team in this practice include:

• An integrated approach combining proven expertise in investigations, legal strategy and enforcement.
• An experienced cross-sectoral team of forensics specialists, retired law enforcement officials and IT experts.
• Discretionary approach to investigations.
• Customizing investigation techniques and technologies on a case by case basis.
• Ensuring that the evidence gathering procedure is admissible in court.

A. Prevention, Detection, Response and Containment Strategies

The need for specialized resources to help manage incidents – from initial investigation all the way through the litigation process – is paramount. ThinkLaw adopts and applies a comprehensive four-pronged approach to incidents.
Prevention
Limit the opportunity to commit fraud through:

• Access restrictions
• Internal control systems (SOPs, access protocols, continuing recon)
• Training to sensitize users
• Threat of adverse consequences
• Signed code of ethics from employees

Detection
Continually identify and monitor key fraud indicators (such as weakening internal controls, inadequate processes) through:

• Regular audits and risk assessment
• Whistleblower reporting, protection (and reward) programs
• Identifying, collecting and preserving evidence
• Conducting investigations within legally acceptable boundaries
• Analysis of evidence collected thereof
• Legal strategy for detection and incident management

Response

• Detailed evidence gathering, protection and preservation procedures
• Thorough litigation/complaints (independent/external), damage assessments, asset recovery proceedings
• External reporting and media communications strategy
• Resolution and strategy to deal with and mitigate technology crimes
• Strategy in prosecution and enforcement

Containment
Building a crisis management team comprising of HR, Legal, IT and communication experts for:

• Managing adverse publicity and reputation damage to the business/brand
• Informed decision making and legal review of proposed organizational response
• Advisory on risk mitigation in relation to cyber offences, frauds, breach of confidentiality and data protection
• Advisory on compliances and other obligations
• Examining and advising on establishing compliance policies in accordance with law

B. Operational, Financial and Regulatory Aspects

Fraud, in the modern context, can manifest across different stages of business lifecycle encompassing operational, financial and regulatory aspects. In each of these instances, digital forensics – a set of tools that can help companies prevent and detect instances of fraud, which can then guide the formation of optimal response and containment strategies.

Operational

• Compliance audits including Directors’ liabilities
• Preventing/handling the aftermath of cyber-attacks
• Investigating employees for violations of company policies/ fraudulent actions
• Sexual harassment/defamation and harassment cases
• Accident investigations
• Assistance in data recovery
• Impact assessment of fraud
• Business continuity readiness

Financial

• Due diligence in M&A transactions/investments/exits
• Detecting economic espionage
• Money laundering
• Corporate fraud
• Insider trading

Regulatory

• Data theft and IP infringement
• Cartelization and competition law related investigations
• Breach of contract investigations
• Fraud related investigations

Illustrative Experience

An illustrative list of digital forensic and fraud investigations assignments handled by the team members is set out below:

• Blackmail and espionage by a director:  A senior official of a company received an anonymous email containing references to several confidential documentation and business dealings of the company and casting several aspersions and allegations against the company that the company was engaging in wrongful and fraudulent activities. The sender of the email threatened to make these allegations public. We worked with the forensic team and the analysis revealed that (i) the sender of the email was a director of the company; (ii) the confidential information and all documents were collected by the director for a long period of time. We interviewed the director in accordance with law and when faced with evidence during the interview, he admitted to such wrong doing. The director was asked/made to resign from the board of the company immediately.
• Data theft: An investment banking company was suspecting that certain employees were stealing confidential client data and were passing on such data to competitors of the company. We worked with the forensic team to examine data logs and it was established that data was essentially stolen. We helped the company to draft and file a complaint with the cyber cell against the said employees. We further examined and revised the employment agreements of the employees, the employment procedures and policy manuals of the company by incorporating stricter provisions in order to mitigate risks.
• Economic espionage: A pharmaceutical company suspected that certain tender related data was stolen and passed on by an insider. We interviewed “people of interest” in accordance with law and were able to make the chief technology officer confess to such wrongdoing. We assisted the company in filing complaints with the police and have the chief technology officer arrested.
• Cartelling: An investigation was ordered in respect of suspected cartelling in the commodities business. The team was provided data dump of electronic communication amongst various individuals in several organisations. The team through careful analysis and deployment of word detection algorithms was able to identify certain code words and communication pattern amongst decision makers of multiple organisations which suggested an understanding being arrived at amongst the persons involved to monitor and regulate the prices of the commodities involved.
• Bribery: A whistle blower made allegations that the director of the Indian subsidiary of a UK based company had been wrongfully benefitting by appointing a consultant and is routing the finances of the company. We worked with the forensic team and the analysis revealed that (i) the founder of the consultant and the director were friends; and (ii) certain payments were made by the founder’s wife to the director’s wife. On being interviewed in accordance with law, the director admitted having acquaintance with the consultant and that there were certain financial transactions between him and the consultant. The director further admitted his failure to comply with his fiduciary duty and to act in the best interest of the company. Though the director was not charged under Indian bribery laws, his acts amounted to an offence under the UK laws. The director was asked to resign from the board of the company immediately.
• Investigation into the internal management of a club: The management of a club had difference of opinion in relation to the renovation of a fine-dining restaurant situated within the premises of the club. An enquiry committee was therefore set up to look into the matter. Forensic analysis revealed the ambiguities in relation to the actions taken by the members of the club in the above matter. The investigations inter alia also revealed various irregularities in the internal governance of the club such as, inconsistencies in the manner in which records of meetings of club were maintained, non-adherence to the bye-laws of the club, overwriting in relation to the records of the club, etc. We accordingly advised the club on the legal implications arising out of these forensic findings including director liability and director responsibilities.
• Compliance: We have assisted Indian subsidiaries of a UK based company in customizing their anti-bribery policy in accordance with the Indian scenario and laws and implementation of the said policy.