They got Al Capone for tax evasion; not for any one of the
hundred or so other crimes he allegedly committed. Apparently, it
was testimony of his accountant and the discovery of a mysterious
"second set of books" that finally put Capone away. The
books were well hidden. Fortunately, the accountant knew where to
find them.
Had it been today, Capone might well have gotten away with it.
Nowadays, it is trivial to keep one, two or three sets of books
based on the same transactions - one for the tax auditor, one for
the police and one for real. All three copies can be saved on a USB
key the size of a stick of gum. Moreover, the accounting files can
be encrypted so that no one, with the possible exception of the
National Security Agency, can read them1.
The Digital Detective (or more accurately, the digital
forensics specialist (DFS) now enters the scene. He or she is
a modern-day sleuth capable of tracking down electronic evidence,
recovering deleted files, reconstructing Internet transactions,
finding oh-so-carefully hidden emails, sifting through huge masses
of data and finding "the smoking gun." In the last
decade, digital forensics has grown from an esoteric subspecialty
to a full-blown profession. Training is extensive and includes
college or university degree programs, postgraduate training,
mandatory work experience and professional certification (e.g.,
Certified Computer Examiner designation – CCE). Most
importantly, the DFS earns widespread recognition and acceptance by
police forces and the courts as a valid (even preferred) source of
evidence and amicus curia (friend of the court) in
criminal and civil matters.
The DFS often works with lawyers, forensic accountants and law
enforcement as part of an integrated investigation team. The lawyer
may obtain physical evidence by using an Anton Piller order (civil
search warrant). The forensic accountant provides a theory of the
crime and helps to narrow the search parameters (e.g., time frame,
key words and accomplices). The DFS then proceeds to electronically
search the hard drives, smart phones, tablets, USB keys and even
cloud-based storage of the suspect using specialized software and
utilities. This is not a "Google" search. It requires a
high degree of technical proficiency with operating systems,
application software, file structures, malware and custom-built
electronic equipment designed to recover every last bit of
information.
A legally valid digital forensics examination and expert report
should (at minimum) address the following:
The computer, hard drive, etc., was obtained legally, or if
"hacked," done with court permission;
A documented chain of custody was maintained to ensure that
items were not lost or tampered with;
A forensic copy (exact duplicate made with special equipment)
of all hard drives, etc., was made prior to the commencement of any
work that can serve as a reference and prove that the electronic
records were not modified;
The software tools used to search and analyze the hard drives
must be recognized and accepted by the court (e.g., EnCase®
software), or their validity must otherwise be
established;
There must be a detailed record of all the scans and searches
run by the DFS, and the results must be reproducible;
The report must set out the findings in an objective and
impartial way, preferably in a way that is understandable to
non-technical judges and juries;
The DFS must be appropriately trained and certified and,
ideally previously qualified as an expert by the court; and
The DFS must attest (as do other experts) that his/her report
is impartial and accurate.
One of the most difficult aspects of an examination is
insightfully limiting the scope. Decisions of this nature, because
of their importance, are often made jointly by the professional
team. Too detailed an examination can be prohibitively expensive;
too superficial an examination may overlook critical evidence upon
which the case may turn.
Footnote
1. Recent American case law supports the proposition that
one can be compelled to disclose an encryption password to law
enforcement officials, but this has not yet been tested in Canada,
nor thoroughly litigated in the U.S.
The content of this article is intended to provide a
general guide to the subject matter. Specialist advice should be
sought about your specific circumstances.
Specific Questions relating to this article should be addressed directly to the author.
Bernie Madoff. Charles Ponzi. Enron. WorldCom. Most of us have heard of them. Some of us are glued to shows like CNBC’s American Greed, which focuses on the stories and details behind many white-collar crimes, many of which have affected everyday citizens. You would think we could learn.
When you think about accounting, what may first come to mind may be number crunching, expense reporting or tax season. Admittedly, these are generally all true; however, I would like to introduce you to another side of accounting.
The securities regulatory authorities in all Canadian provinces and territories except Ontario and British Columbia have announced their intention to issue harmonized interim local orders that provide exemptions from certain financial statement-related and audit requirements of Form 45-106F2 – Offering memorandum for non-qualifying issuers.
Many people think succession planning is estate planning (i.e. transfer of ownership). Instead, it is a
formal statement of what will happen to the management of the business when the owner/manager is no longer running it. Consider it to be a "will" for the business.
Twitter
Facebook
Digg 
