Report on Digital Forensic Investigation

digital forensic tools

Report on Digital Forensic Investigation

Executive Summary

With the current use of e-money programs and electronic cards, there is increasing fraud and online criminal at a high rate. With the modern hi-tech knowledge and lack standard security, digital evidence are not able to be proven by the so-called victims of any shoddy online scam. The key objective of this paper is to investigate an appraisal situation by garnering the knowledge of the personnel as well as take what the field gives (King, 2016).

In addition, as the head of the Information Protection Department, am required to carry investigation and determine the cause, reason, measure, and litigation of the fault occurred. The case at hand is that there was an illegal transfer of money from one account to unauthorized recipients. The department that received money is known. The order has been issued that the investigation to be carried so secretly that no member should be knowledgeable of what is going on. Moreover, to strengthen the investigation, the lawsuit and agencies can be applicable.

In this paper, I will illustrate all the strategy for conducting this investigation fully. Furthermore, the outline for the investigation used in this paper is genuine, modern, and accepted. In addition, transparent procedures and step by step forensic investigation and collection of data have been conducted in a manner that suggests quality work (TEAM, 2011). The technology has played its vital role during the course. The fruits of this investigation are a great success which has been able to not only detect the fraud to trial but also highly skilled of personnel undertaken the process (King, 2016).

There are measures put across to prevent future error, failure, and loophole of the system. The future of the system is the key determination to prevent any future incident of fraud. The selection of project investigation team, in this case, matters a lot. The task of selecting will be left out to a forensic investigator who is entitled to manage all businesses as far as the investigation is concerned.

Generally, the investigation is thought to be carried out to determine the scope and intent, legal restrictions, investigator limits, public information to the victim and clients, the breakdown procedures, reports and liaison requirements and the fact of the incidents. The investigation has to follow a certain formulation: the discussion of preliminaries investigation, the risk associated during the process, the investigation questions and a technical bench of staffs.

The paper consists of clear guideline for digital forensic investigation. The procedures underlined include several phases such as investigation, preparation, digital forensics, physical, closure, presentation and reporting phases.


The definition of forensic has been defined in many versions. The co-existence of the definition of this term is the application of scientific knowledge into investigating the act of crime. The personnel in this field of forensic are entitled to the collection, preservation, and analyzing scientific information obtained during the investigation (King, 2016). Furthermore, the legal staffs are meant to spend much of their time in the field or the scene of the crime. The crime scene is necessary for the help of collecting the evidence as well as firsthand information.

The collected information may undergo several process and stages to determine the cause of fraud. These stages may comprise of laboratory, analysis, and revelation of the investigation. In addition, the role of forensic scientists in the laboratory is to testify and act like a witness who is experienced. This scientist can witness both in criminal and civil cases.

In our case study, the application of forensic expertise is to investigate and identify the cause and course of fraud that occurred without the authorization of the account holder. To do this investigation, there are procedures to follow so as get the main points at hand. These procedures are separated into five phases namely; physical forensic and investigation, the phase of preparation, presentation and reporting phase, closure and digital forensic phases (Abdalla et al., 2017).

Forensic Science about our Case Study

The forensic science field comprises several branches of sciences. They are such as biological, chemistry and physics. Biology in our case is used for identification and recognition. Through an evaluation of the process, the knowledge of chemistry is needed. Physics skills are used for physical evidence. Currently, it is necessary to apply the judicial system because it has got broad and skilled personnel with enough skills. In addition, the application of laws, in this case, help us to achieve relevant information related to legal and criminal evidence (Crime Scene Investigator, 2018).

The forensic science will prove the availability of criminal act, crime perpetrator and the relationship of the occurred crime (King, 2016). This evidence happens through test administrations, data interpretations, forensic scientist truthful testimony, and physical evidence examination. Forensic science is the core part of many convictions and criminal cases regarding the goals facts through serving prosecution and defense. The forensic testimony is trustworthy to many criminal and civil cases. In general, the forensic personnel is greatly concerned with testimony and evidence obtained from the field  (The National Academics Press, 2013).

During my investigation, I performed both chemical and physical analysis on officials’ enforcement of law and physical evidence captured at the crime scene. As a scientific expert, I used microscopic techniques for examining, compound instruments, scientific codes, and literature references during evidence analysis which identifies individual and class characteristics.

Majority of my forensic investigation was dominated by scientific researches within which were done in the laboratory. The work undertaken was outside and near the crime scene where the investigators observe and collect the evidence. Legal researchers worked very closely with the investigators — the personnel’s compromise the locals, regional and national law enforcement.

Forensic and Appraisal Reviews

            Forensic reviews are special kind of appraisal intelligence which are new in the field of forensics. The real meaning of forensic is a process of investigating a scene of fraud which involves looking for justice in accordance to the law following the ethical, legal procedures. Forensic reviews pertain the comprehensive audits of determining fraud caused by the main victim (Crime Scene Investigator, 2018).

On the other hand, Appraisal reviews are used to determine whether the evaluation is done as per the transaction, any risk before, during and after a trade, and if the transaction carried has met all the qualification. These reviews should be able to verify the consistency followed by the letter of engagement. Furthermore, these the appraisal or evaluation reviews should show the fund statement routine which shows the evaluation of post-funding. These precautions are meant for a higher quality of evaluation for they are in danger of losing key information during the transaction. These measures assist in detecting any issue and control of transactions.

  Forensic Science Organization

The organization of forensic investigation is done because this field is complex. The field requires highly skilled staffs especially in the area of forensic science there is a need documented questions, latent prints, tracing evidence and firearms among others. The forensic scientists are divided into three broad categories; namely Forensic Scientists, Associated Scientists, and Forensic Pathologists.

In my group of personnel, I contained forensic scientist professionals who were working in law enforcement, private laboratories for the forensic and government (Crime Scene Investigator, 2018). The responsibility of these professionals was to deal with analysis and a specific number of tests, for example, ballistics and trace evidence among others.

The second group contained the associated scientists who are professionals with the knowledge of forensic science. These personnel included forensic odontologists who are trained and skilled in dentist science. They were of great help because they assisted in carrying out an investigation in all suspected areas for biting. In addition, they investigated to identify any important information necessary for infestation on the purported gadget or machine used for fraud.

Furthermore, the forensic pathologist is professionals with skills of medical examiner among another related field. They are responsible for overseeing analyses and clinical forensic tests. In the group also, there were other specialized skilled staffs such as forensic accounting who is responsible for utilizing accounts, audits, and any investigation required. This is achieved by conducting an exam into the financial statements of the company.

Forensic Accounting

The forensic accountant provides an accounting audit and analysis which suitable and can be presentable in the law court (King, 2016). These staffs are trained to investigate and to oversee all accounting books in the company. In this case, where the fraud occurred through money transfer to an unauthorized person, the forensic accountant was to look beyond the figures and numbers and react with the business reality of the then situation.

A forensic accountant is a skilled and qualified personnel who are in good position of interpreting, analyzing and summing up any complex business and financial issue. In our cooperation, they are entitled to investigate, detect and fix any fraud attempted or tried and done. They are responsible for developing computer systems to manage the information, compiling financial proof and evidence, as well as communicate their findings either in presentation or reports (Abdalla, Hazem, & Hashem, 2017).

Through investigation we conducted in the cooperation, the forensic accountant was the one testify in the court through presenting a visual supports and aids to trials evidence against the culprit. These professionals are entitled to trace the lost money, identify the gadget used in the act, money recovery and account reviews. Due to their high legal interaction, they may in need of more training in alternative dispute resolution known as ADR, for familiarity with the system of law and judiciary (Crime Scene Investigator, 2018).

Forensic Accountant Litigation Support

In our cooperation, the forensic accountant holds in litigation in any case of quantifying damages or frauds in need and occur respectively. The involved parties in legal disputes apply quantification to help in resolving any disagreements through court decisions and settlement. In addition, forensic accountants in cooperative are employed as the expert witness if any way a disagreement arises and end up in court (King, 2016).

Litigation team comprises litigation attorney, expert witness, and the client. The litigation personnel is applied differently as per the need of the case at hand. In our case, we needed other distinguished experts not only the forensic accountants. These other members of the litigation team comprise of computer engineers, ethical hackers and system developers to appropriate the issue of transferring unauthorized money transfer (Abdalla, Hazem, & Hashem, 2017).

To achieve and connect the different experts, there is a need for a forensic report examiner. This staff is entitled to connect, link and join dots to all other experts in the process. A forensic report examiner is not a reviewer (Mollica, 2016). The forensic report examiner is entitled to single out any errors and mistakes made by the expert during the forensic investigation. In the case we are having, we are investigating how came to be that the transfer occurred and was not authorized. The forensic report examiner is the one making a comprehensive investigative report done by other experts. The role of forensic report examiner in our cooperation was to note any realizable mistakes from the reports of the other expert in the course.

On the other hand, a reviewer makes a goal review of different work appraiser in the determination of logic, reason, and judgment has done correctly and in a fair manner. A reviewer is not equal to forensic report examiner.  The report examiner has to examine deeply the analysis and all findings presented to him. This is done to affirm the cooperation that all fact analysis, theories researched and statement prepared are a determination of the condition of whether comments, data, and theory of appraisal have been used in support of final thought.

A reviewer in our case was not supposed to official visit the site, reports, and compare notes when performing the professional duty. Our forensic report examiner had no otherwise other than acting independently. His role is to scrutinize all appraisal reports in the determination of expertise of witness in performing his role to arrive appraisal conclusion. These conclusions are not somehow related to the case but very close to.

Appraisal Fraud

Appraisal fraud is defined as the kind of mortgage fraud where the actual value of the home is exaggerated deliberately to a higher price than usual. The price of the home plan becomes above than its fair market value. The reason given for overstating the market value is attained and used to help the buyer to get financing, the seller gets the better price than market value, and get the proper finance to the homeowner (King, 2016).

An appraisal fraud occurs when an appraiser is a con person, and regretless overstate the market value price. In our case, the money was transferred illegally and without authentication from the owner (Chen, 2018). It occurred to the account holder that the appraiser interfered with the system of transferring money without the owner consent. The appraiser used an accurate method such that there was either bribery of some officials or digital editing of the system (Crime Scene Investigator, 2018).

An appraisal fraud happens because there was a transaction that took place and involved the loan. The real value was supposed to be assessed by the human resource manager or property appraiser. The appraiser must ensure the good condition of every property and to examine the exterior and interior spaces to have a considerable range of value (Abdalla, Hazem, & Hashem, 2017).

On the off chance that the appraisal is excessively high or excessively low contrasted with the settled after moving a value, a bank or moneylender may renege on the advance. Property estimation appraisals are likewise utilized for assessment purposes to evaluate the measure of property charges a proprietor must pay.

Appraisal fraud is a standout amongst the most widely recognized kinds of home loan fraud, which happens when an appraiser or a purchaser or vendor misleadingly blow up (or empty) the estimation of a property with the goal that it separates altogether from the honest esteem. Through protecting themselves from this offense, banks will frequently set up the appraisal themselves utilizing a favored appraiser while guaranteeing a home loan or credit renegotiate.

Mortgage holders and imminent property holders ought to be similarly as cautious, and ensure that they have a free second conclusion at whatever point they will settle on a choice dependent on another person’s appraisal. Appraisers regularly feel strain to swell home costs with the goal that bargains. They don’t go into disrepair due to being not able to acquire a home loan because the advance sum surpasses as far as possible dependent on the cost of the house, for example, on the off chance that they should put 20% up to as an upfront installment. This issue was particularly wild in the number one spot up and repercussions of the lodging bubble related to the financial emergency.

Forensic Plan Guide

A forensic guide plan is a combination of series templates and checklists for recording computer analysis processes step by step. This record characterizes a single idea for showing the fundamental components of a Forensic Plan from the primary beginning contact through accommodation of the last Forensic Report. As the examination continues through the judicial procedures, agenda things will be practiced, and the consequences of those activities will be recorded in the Forensic Plan.

Investigation and Incident review

  1. Determination of investigation scope and intent

Each examination begins with the underlying contact. This is the stage at which the specialist is first reached concerning a conceivable examination. Efficient customers will have a Computer Incident Response Plan, IRP, and Team. The agent ought to use any data given by an Incident Response, IR, and group.

  1. Determining Legal Restrictions

Amid the underlying contact, the specialist ought to illuminate the customer of the need to contact their suitable legitimate insight concerning the occasion and educate direction of the longing to lead a forensic investigation. The cooperation is supposed to offer a group of counsels for the client.

  1. Determine the need for a client from Investigation

The agent must be set up to talk about with the customer the likely results from the investigation. Any desires for the customer must be talked about, and any confusions must be revised before the beginning of the investigation.

  1. Determination of Available Resource.

The agent should appraise the sum of assets (time, gear and labor) that will be required to finish the investigation. Asset restrictions are dependably a thought in any investigation. The agent needs to talk about with the customer what assets will be required and in what amount. The discourse needs to address the effect of any asset deficiencies or impediments. The examiner needs a clear comprehension of the assets he is permitted to ask for and in what amount. The specialist needs to examine with the customer how additional assets are asked for and what the great period is for satisfying the demand. The customer and specialist need a clear comprehension of the expense of the investigation and recognize any cost limitations or spending roofs. The examiner should always deal with his opportunity to achieve the setup objective.

  1. Escalation procedures determination

The agent needs to talk about with the customer how to raise or advise the customer of operational issues including the investigation. Likewise, how additional or explicit assets, hardware or faculty collaboration is to be acquired from the customer’s delegates.

  1. Reporting and Liaison stage

The agent ought to guarantee that the customer gives a contact to the coordination of status reports and other analytical activities. The contract ought to be fit for planning with the customer’s lawful advice and law authorization specialists as required. The agent ought to examine when status reports are to be made, in what design. Furthermore, to whom. Status reports are extremely gainful to the customer and agent. Be that as it may, visit nitty gritty status reports turn out to be extremely work escalated and useless for the examiner. A settled upon organization and recurrence is fundamental. A finish of day movement synopsis ought to be adequate for general customers.

  1. Documentation of known incidence and initial facts

An IR Team might give a great deal of this data. The production of the episode POC and contact data rundown ought to be one of the main things the agent demands amid the underlying contact meeting. This rundown ought to be readied and accessible at the PID meeting (Abdalla, Hazem, & Hashem, 2017). The customer ought to be told to outline known episode realities and data, alongside an original timetable of occurrence occasions. The customer ought to furnish a rundown of staff with the learning of the occasion and a depiction of what data they have. The agent ought to inquire as to whether the customer has played out a harm appraisal and what the aftereffects of that evaluation uncovered. This data ought to be accessible at the PID meeting (Chen, 2018).

  1. Determine the facts of the incident.

The PID will be the place most of the known data of an episode will be introduced to the agent. The data got from the meetings will set up the first reference focuses on the investigation (Chen, 2018). Witnesses decipher circumstances diversely as per their impressions, qualities, and fears. Witnesses don’t generally get the entire circumstance right; the succession of occasions might be out of request or periods can be compacted or extended. Despite the wellspring of the episode data, the agent should re-approve vital substantive actualities that will be a piece of the last report (Crime Scene Investigator, 2018).

Formulation Plan to Improve the Security Measures

Review of Investigation.

An endless supply of the PID meeting, the agent, ought to have adequate data to begin planning the investigation. The examiner must review notes and statistics exhibited to resolve the best methodology. Strong enough data may lack due to precisely decide an underlying methodology. Workforce meetings may be directed to decide whether adequate data exists to continue (Crime Scene Investigator, 2018).

The examiner should arrange the customer demand and current realized data as indicated by the type(s) of exercises to explore. The customer asks for, and the kind of exercises to research may not compare; the customer may need a worker explored for fraud, however, realized data demonstrates just unseemly PC use action  (The National Academics Press, 2013). The examiner ought to characterize the investigation as indicated by Crime Chart and computer activities. The effect will help with deciding possible proof sources. Record and recognize announced reports occasions, dates and time for the necessary course of events (Crime Scene Investigator, 2018). The appraisal of the core course of events reference for decisive the preliminary point of coming together of the investigation ought to be done (Chen, 2018).

Review of Technical Skills

Assess the characterized methods for association with existing assets and specific aptitude levels. Protect bolster workforce is equipped for taking care of the proper sort of equipment, programming, and working frameworks associated with the information gathering exertion. Recognize any specific ability deficiencies and the electoral arrangements in the Forensic Plan (Abdalla, Hazem, & Hashem, 2017).

Read Also: Theories of Database and Database Management