Digital Forensic Investigators’ Skills are Critical as Investigations Grow More Complex

Robert Bond

Digital forensic evidence is playing a larger role in determining the guilt or innocence of defendants in both civil and criminal matters. As technology captures movement, messages, photos, and the vast majority of what is done on laptops, smartphones, and tablets, it’s increasingly difficult for criminals to cover their digital tracks.

On the other hand, with hard drives increasing in size, the number of applications on a system exploding, data moving to the cloud, and applications like CCleaner destroying valuable data, investigators are constantly challenged to enhance their skills in order to locate and make sense of the most relevant potential evidence. The bottom line is that digital forensics expertise is becoming increasingly important in uncovering the electronic data relevant to the case and assembling the events so that the facts are clear to the judge and jury.

Assisting the SEC in Investigating Insider Trading

In the recent insider trading case, SEC v Yang, the Securities and Exchange Commission was provided assistance in its investigation by Anthony (Tony) Balzanto, an EnCE-certified digital forensic investigator, a part-time EnCase instructor, and a partner at computer forensics firm 4Discovery. The SEC provided Anthony the PST file from a Gmail account of the defendant Siming Yang, a registered broker dealer in New York. The SEC alleged that Yang purchased shares of Zhongpin Inc., based on non-public information just prior to the CEO’s announcement that he was taking the company private. Zhongpin shares surged 21% on the CEO’s news and the shares Yang purchased rose in value more than $600,000.

Yang denied making the trades and blamed a friend who he claimed had access to his accounts. Unfortunately for Mr. Yang, Tony Balzanto--an expert in computer forensics and a user of EnCase Forensic since Version 3 was released 12 years ago--was handling the examination of the Gmail account and trading account logs.

Tracking the Trades

In an interview with Tony after he completed instructing the Computer Forensic II class in Pasadena, he explained that he was able to assemble a spreadsheet for the prosecuting attorney from the SEC that listed the trade times and IP addresses from the cities that Yang had admitted traveling to, including New York, Hong Kong, and Miami. Other corroborating evidence included personal e-mails that were sent by Yang from the same Gmail account and in the same city at essentially the same time the trades were made.

Largely based on the evidence Tony brought to light, Yang was convicted of “front-running” or using private information as a registered broker dealer to profit from trading public shares. In addition, it was learned in the trial that Yang deleted several documents, including a presentation that described the benefits of taking Zhongpin Inc. private. Clearly Yang tried to destroy any electronic evidence that may be used to convict him.

We understand that, even as digital forensic tools advance, so do the investigative challenges. Cases like this remind us that it is the digital forensic investigator who is tasked with sifting through memory dumps, unallocated space, and obscure artifacts to find information that will allow them to reconstruct the events of the case in a timely manner is vital to uncovering the facts of a case.

The team at EnCase acknowledges the tremendous challenges that confront the investigators that we serve, however, with more than 50,000 of these investigators having walked through our training facilities; we also know the dedication, persistence, and adaptability you bring to your profession and this challenge. We thank you for service and look forward to working as hard as we can to provide the best digital forensic tool, the most robust education and certification program, the best partners through EnCase App Central, the most powerful EnScripts, and certainly our gratitude.

No comments :

Post a Comment