Crime show hints give forensic headaches

Fictional crime shows such CSI, USB data sticks and email inboxes that can hold gigabytes of data are all making it harder for businesses to stop employees stealing or misusing company information, says Australian computer fraud expert Peter Mercer.

Shows such as CSI are teaching fraudsters some of the basics in how to cover their tracks, such as the importance of clearing the hard drives on their computers, he says. "Those kind of shows can give people a bit more information than you would want."

Meanwhile, the volume of data and range of document types that need to be analysed risks swamping investigations.

Mr Mercer, chief executive of Vound Software, visited Wellington to promote Intella, an anti-fraud tool that lets non-technical staff manage investigations by searching for keywords in documents and file attachments and mapping the relationships between computer users, documents and devices.

"We had a recent case where somebody had scanned a document and emailed it so keyword searches weren't going to help. But we were able to look at all the pictures the person had sent, and from there work out that was an issue."

In another case, a staffer was detected printing an allegedly stolen document two hours before leaving the company.

Barry Foster, a forensic expert with consultancy Deloitte, who used to head the police electronic crimes lab in Auckland, says fraud is on the rise because of the economic downturn. Deloitte, which uses Intella in its own investigations, was contacted by four companies in a single day last month, all concerned by suspicions of data theft, some involving "high-level staff".

Despite the growing sophistication and complexity of computer fraud, Mr Mercer says some big cases have been cracked by analysing metadata – information about information – automatically stored by software applications.

He points to the settlement of a huge legal dispute in Hong Kong. A document was purported to have been printed at a certain time, but there are rumours metadata revealed that was before the make and model of the printer in question had been manufactured.

Another multimillion dollar case that he worked on involving a subdivision dispute was quickly solved after message identity fields showed an email had been forged from a joke email.