• No results found

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "BDO CONSULTING FORENSIC TECHNOLOGY SERVICES"

Copied!
27
0
0

Loading.... (view fulltext now)

Download now ( 27 Page )

Full text

(1)

MARCH 2013

BDO CONSULTING

(2)

AGENDA

Introduction

About BDO Consulting

Computer Forensics & E-Discovery Practice

Current Trends

Case Studies

Q&A

Page 2 Page 2

(3)

Michael Barba

Managing Director,

CISSP, GSNA, DFCP, EnCE, CPP

EXPERIENCE SUMMARY

 Managing Director, BDO USA LLP Computer Forensics and Electronic Discovery Practice

 Over 15 Years IT Security, Investigations , Computer Forensics, and Electronic Discovery Engagements

 Employee Code of Conduct Investigations  Intrusion Investigations

 Theft of Intellectual Property

 A Recipient of the “High Technology Criminal Investigation Association Case of the Year Award”

 Member Digital Forensic Certification Board (DFCB.org)  Thirteen Years of Physical Security

 Managing security staff of 30 people  Loan Office Defalcation Investigations  Employee Code of Conduct Investigations  Executive Protection Planning

[email protected] Direct: 212-885-8120 Mobile: 908-917-7795 100 Park Avenue New York, NY 100123 Tel: 212-885-8000 Fax: 212-697-1299 www.bdoconsulting.com Page 3

(4)

LITIGATION & FRAUD INVESTIGATIONS

Retained by Law Firms

Retained by Public and Private Companies

Retained by Insurance Companies

Retained by Government Agencies

Page 4

(5)

BDO CONSULTING’S FORENSIC

TECHNOLOGY SERVICES

(6)

FORENSIC TECHNOLOGY SERVICES

On-Site Lab

Page 6

Dedicated and Secure

Access and climate controlled

Sophisticated and diverse tools

E-discovery platform hosting

capabilities

State-of-the-art

Scalable

Page 6

(7)

Forensic Technology Services

Computer Forensics

Collection & Preservation

Analyzing individuals’ conduct

Including deletion activity, file copying, Internet browsing and wiping/secure deletion

activity.

Data Recovery

Search live and deleted files, unallocated space and slack space, based on keywords

and/or concepts and recovery.

Identify known system and user files, as well as duplicate files and email threads, to

limit and expedite document review.

Password Cracking and/or Bypassing

Identify password protected and encrypted files as well as process to view content.

Online investigations

Social Media

Email Threads/Tracking and Identification

BDO CONSULTING, Litigation & Fraud Investigation Services Page 7

Page 7

(8)

Introduction

Electronic Discovery Reference Model (EDRM)

Source: Socha Consulting and Gelbmann & Associates

(9)

Forensic Technology Services

E-Discovery

Electronically Stored Information (“ESI”) Protocol & Policies

Rule 26(f), meet & confer conferences

Strategy development

Identification, preservation & collection

Data culling (Date Filter, Search Terms, Computer Assisted Review)

Data processing (Indexing, “Error Correction”)

Review & production

Multinational, multilingual reviews

30(b)(6) fact witnesses

Page 9

(10)

FORENSIC TECHNOLOGY SERVICES

Computer Forensics & E-Discovery

Identify Filter Search Review Smoking Gun

Page 10

(11)

Forensic Technology Services

Data Analytics

Page 11

COMP

LEX

D

AT

A S

ETS

D

IS

PA

RAT

E D

ATA

LA

RG

E D

AT

A S

ET

S

Extract data from various systems

Evaluate data quality and standardization

Verify data accuracy

Identify and report data anomalies

Identify deviations in data patterns

Organize and summarize data sets

Tools & ERP Systems

 ACL  Access  AS400  Dynamics  IDEA  JD Edwards  Oracle  PeopleSoft  SAP  SQL Server  Tableau  Excel (vlookup/stats/modeling/auto mated formula review)

Page 11

(12)

FORENSIC TECHNOLOGY SERVICES

Need for Computer Forensic Services

Page 12

Clients faced with litigation or internal issues

When there is fraud detected at your client

When there are allegations of fraud raised in the audit

When you hear of a litigation proceeding with a large discovery component

When there is a product liability class action involving consumer products

When there may be a time & expense or wage & hour investigation/class action

Audit clients – Day to day needs

When your client has:

- a large volume of data - a complex dataset - disparate data

Tax clients – Day to day needs

When you need assistance automating and analyzing large data sets

Page 12

(13)
(14)

CHALLENGES OF SOCIAL MEDIA

Number of Accessible Computing of each

individual

2010: Average of five (5) devices per person

2013: Estimation of seven (7) devices per

person

YouTube Fun Fact

• More Video was uploaded to YouTube in the

past two months than if ABC, CBS, and NBC had been airing new content 24/7/365:

Since 1948

Power of the Subpoena

Law enforcement requests

Social media sites’ retention policies

Preservation requests – what to request?

(15)

SOCIAL MEDIA PRESERVATION BEST PRACTICES

Computing Devices (Computers, Tablets, Smart Phones)

Forensic preservation of devices

— Proper hardware (write blockers)

— Proper software

— Training in analysis – where to look and rebuilding

— Chain of custody – physical and documentation

— Preservation of collected data

Social Media Websites

Preservation requests – user and account details

Subpoenas

Preservation of received data

Chain of custody

Page 15

(16)
(17)

UNDERSTANDING DATA FLOW ANALYSIS

Logical flow of data

Email (enterprise, 3rd-party web-based)

Instant messaging (enterprise, 3rd-party web-based)

File and Print servers

Phone Systems – VoIP

Computer Hardware

External storage media (USB drives)

Vendor/Cloud-hosted data

Onsite, offsite, and online backup

Social Media

Peer-to-peer file sharing

Page 17

(18)

CHALLENGE OF DATA MAPPING & FLOW ANALYSIS

Paper Records

Physical, tangible

Limited locations

Easier to destroy

Electronic Records

Virtual, intangible, dynamic

Exponential growth in data volume

Numerous locations

Difficult to delete

Metadata

2.5 terabytes of data is equivalent to approximately 146 million pages of MS

Word Documents OR

58,000 Banker boxes of paper documents

Page 18

(19)

CHALLENGE OF DATA MAPPING & FLOW ANALYSIS

Continued

What is Metadata?

Data about data

What kind of information can you get?

Creation/modification date

Last print date

Hidden text

Hidden cells

Author’s name

Saved history

And much more …

Page 19

(20)
(21)

EMAIL POLICIES AND RETENTION ISSUES

Industry

Regulatory obligations

Organizational culture

Business needs

Risk tolerance

MATURITY MODEL APPROACH

Understand your technology infrastructure

Define the various stages within the maturity model that is applicable to your industry,

organization, business needs, risk tolerance, and regulatory obligations

Develop an email retention policy and implement technologies that are practical and

compatible with the policy

Regularly re-visit and update the model as business regulations and technologies

evolve

Expectation of Privacy??

TECHNICAL CONSIDERATIONS

Local email archives

Hosted or enterprise solutions

Functional requirements

Non-functional requirements

Page 21

(22)
(23)

RECORDS RETENTION BEST PRACTICES

Determine retention policy

Many policies are OK

— 60 day delete

— Keep everything

— Rigorous records management

Prepare process for legal holds

Determine process

Use technology

Map out data sources

Where is it and in what format

TRIGGERING EVENTS

Lawsuit

Subpoena

Preservation letter

Regulatory investigation letter

“Reasonable Anticipation” of

litigation

Threat of litigation

Employee storms out in a huff

Etc.

Page 23

(24)

EFFECTIVE RECORDS RETENTION POLICY

Establish Goals

Management supported

Teaming with IT, HR, and Legal

Conduct a current inventory of records maintained both electronically

and hardcopy

Assign retention periods

Include a Litigation hold period

Include a destruction procedure

Review the policy annually and monitor for compliance

Page 24

(25)

PRESERVATION BEST PRACTICES

Identify ‘Key Players’

Select relevant date range

Take preservation steps

Communicate preservation obligations

- OR -

Use technology to take users ‘out of the loop’

Immediate obligation

Use data map

Page 25

(26)

CONCLUSION

BDO CONSULTING, Litigation & Fraud Investigation Services Page 26

(27)

ABOUT BDO CONSULTING

BDO Consulting, a division of BDO USA, LLP, provides investigation, litigation, business restructuring, valuation, and risk advisory services to clients in the United States and internationally. Our highly

experienced and well-credentialed professionals leverage the global industry and accounting knowledge of the BDO international network, providing rapid, strategic advice to assist our

clients. www.bdoconsulting.com

To ensure compliance with Treasury Department regulations, we wish to inform you that any tax advice that may be contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code or applicable state or local tax or (ii) promoting, marketing or recommending to another party any tax-related matters addressed herein.

Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your individual needs. © 2013 BDO USA, LLP. All rights reserved. www.bdo.com

References

Download now ( PDF - 27 Page - 1.01 MB )

Related documents

Key SaaS, PaaS and IaaS Trends Through 2015: Business Transformation via the Cloud. Executive Summary. A research report prepared by:

Saugatuck Technology provides subscription research / advisory and consulting services to senior business and IT executives, technology and software vendors, business / IT

An argument for South Africa's accession to the optional protocol to the international covenant on economic, social and cultural rights in the light of its importance and implications

Due to the disparities in the international enforcement of socio- economic rights compared to that of civil and political rights; 5 the continued adjudication

The Graha or the Planets in the Shastras

networks - which might provide much-needed validation. Compressed visionary energy may periodically erupt into anti-social activity. Vedic Symbolism of Rahu – the North Node of

Computer Network Security Technician Career Technical Education (CTE) Certificate of Achievement

San Joaquin Delta College in partnership with the Cisco Academy has developed an academic program that prepares the students for and academic certificate in Computer Network

Enhancing the utility of Proteomics Signature Profiling (PSP) with Pathway Derived Subnets (PDSs), performance analysis and specialised ontologies

For those PDSs regarded as significant (p ≤ 5%), we calculate a ranking score for the mod and poor stage re- spectively using the reported iTRAQ protein ratios. Sup- pose we have a

Acute Lung Damage Associated with Transfusion during Pregnancy

El daño pulmonar agudo asociado a la transfusión TRALI (transfusión-related-acute- lunginjury), por sus siglas en inglés) es un síndrome clínico que se presenta como hipoxemia

CyberSecurity Sector ETF (HACK)

The Company pays an annual dividend of $1.50 per share, which equates to a 2.7 percent current yield... Rayonier

Examples Of Social Enterprise In Tanzania

System is the offers examples social tanzania stood as a social entrepreneurship sector, small businesses and social enterprise is run a travel.. Secondary to those are examples