With the rise of white collar crime, criminal acts and cases of non-compliance pose significant threats.
Targeted cyber-attacks on information systems, both by internal and external perpetrators, and fraudulent activities using electronic data processing tools make the headlines almost every day. The diverse use of computer technology places high demands on measures to combat and protect a businesses’ core assets from cybercrime activities.
KPMG Forensic Technology meets these demands with cutting-edge technology and an interdisciplinary team of IT specialists and investigators. With the use of the latest, internationally recognised forensic tools, combined with many years of experience in the area of digital forensics, we tackle every case with a comprehensive and targeted solution.
Our four-phase case process
Any cybersecurity investigation will start and end with sound information governance. A robust information governance plan will greatly reduce the time and effort involved in a the investigation.
- Identification of evidence We identify the areas where electronic indications and evidence can be found, taking into account locally available data sources and network structures with external data pools (e.g. cloud services). Our investigations focus on all available data storage media – from laptops to Unix mainframes, from smart phones to tablet devices.
- Preservation of evidence All evidence must be inventoried and secured to preserve its integrity; the aim is to map the digital footprint in a way that is admissible as evidence in court. This can be carried out either in our Forensic Technology laboratory or directly at our clients’ premises. We locate deleted or hidden files (or fragments) and preserve evidence that the perpetrators believed to be untraceable. Neither the original data nor the systems are compromised or impaired in this process.
- Analysis of evidence With the use of powerful systems and tools, we analyse the secured data in our laboratory according to case specific requirements and put the jigsaw together, enabling differentiated evidence management. In some cases we already perform an initial analysis on site.
- Presentation of evidence The secured evidence, initially available only in electronic form, is processed in accordance with formal legal requirements and presented in a way that can be used in court. Our approach and results are always clearly traceable, repeatable and transparent. We can also provide expert witness testimony if required.
- Rapid response teams to ensure the rapid preservation of data for evidential purposes
- Advanced digital forensic capability to interpret large data sets, deleted or ephemeral data in order to prove a chain of events
- Investigation into and reporting on cyber-attacks for evidential or insurance purposes
- Expert witness services
- Advanced training and cyber response capability development