Investigations are increasingly complex. We explore the key issues that shape modern investigations and how forensic expertise can help.
Data protection is predicted to be "one of the most dynamic and fast-developing areas"1. Planning an investigation to comply with the latest changes in data protection laws is a key issue.
Before considering data protection issues, it is important to look at the context of the investigation.
"The issue of data protection in modern investigations depends on its genesis: whether it arises from a complaint or from an investigation by regulators or law enforcement agencies; and whether it is compulsory or voluntary to disclose the data..."
Dominic Wai, Partner at ONC Lawyers.
Investigations are more complex than ever, for instance, a complaint could lead to an internal investigation and trigger a regulatory inquiry. Engaging a forensic team experienced in handling different situations and adapting accordingly is crucial. Handling an internal investigation may involve planning for a covert operation in order to collect highly sensitive information from stakeholders accused of misconduct. An investigation by
regulators or enforcement agencies, on the other hand, would benefit from having a forensic team with relevant experience and an understanding of their requirements.
Investigations today often involve collecting data across multiple jurisdictions. This gives rise to the challenge of ensuring that forensic workflows comply with each jurisdiction's data protection regulations. For instance, the People's Republic of China (China) has strict data protection laws, with various regulations prohibiting the transfer of information outside Chinese borders. Recent provisions now allow the Ministry of Public Security to remotely conduct penetration testing without the target's knowledge or consent1. In light of this increasing government scrutiny, forensic workflows have had to adapt to meet the needs of highly sensitive investigations in China. The ability to review data using mobile forensic equipment completely offline and without it ever leaving the client's site ensures investigations are shielded from external interference.
The complexity of new sources and types of data is proving to be a challenge for modern investigations. With data located in cloud storage, new models of mobile phones and third-party applications, collecting data requires the right expertise and tools with a "fit for purpose" strategy. Converting these complex data types into an easily reviewable format is necessary. Given the myriad of group conversations, files, voice messages and emoticons in chat data (e.g. WhatsApp/WeChat) to review, the extracted data is challenging to review and requires expert forensic help.
When dealing with internal IT teams of companies, self-collection of the data may be one solution offered. However, the risks associated with this are considerable. Metadata may be tampered with or portions could be missed during the collection. These risks may compromise fulfilling the obligation to provide a complete and defensible discovery for a regulatory investigation or anticipated litigation.
Building a Case from the Data
Faced with today's sophisticated methods to conceal misconduct, identifying relevant evidence out of a sizeable dataset can be challenging. To deal with this, forensic teams work with legal teams to structure the investigation in a targeted manner, focusing on certain custodians, time periods and types of activity. Forensic analysis reports then identify user behaviour and trends from the data that when regarded as a whole, amount to suspicious activity. This helps legal teams build reasonable grounds and a strong evidence-based case.
Investigations need a teamwork approach with lawyers and forensic experts working closely together. In planning the investigation, Dominic Wai advises,
"data protected by legal professional privilege and the privilege against self-incrimination should be identified and isolated at the outset. This is where legal teams play a crucial role in advising forensic experts..."
Early planning together ensures the rights of the client are protected and avoids later mistakes.
Modern investigations are complex, highly technical and fraught with pitfalls to avoid. Meeting the requirements of investigations today requires skilled handling and cannot be achieved without expert forensic help.
1 Source: Regulations on Internet Security Supervision and Inspection by Public Security Organs http://www.mps.gov.cn/n2254314/n2254409/n4904353/c6263180/content.html