The changing business environment is compelling organizations to rely on an increasingly complex information technology infrastructure. While it can provide avenues to make information flow faster and cheaper, it may expose organizations to new and varied business risks and challenges. For starters, it can complicate the process of discovering electronic facts when organizations need it the most.
KPMG has a dedicated Forensic Technology lab which enables the recovery and use of critical digital evidence to support investigations and litigation. Using various tools (proprietary, open source, vendor tools), we can extract, transform and visualize information from any source in any format, including laptops, mobile phones and other electronic devices.
The tools can help establish whether evidence has been erased or modified; analyze electronic content and patterns of Internet and e-Mail usage; recover deleted data; and assess and explain metadata within recovered files, even if certain persons sought to destroy it.
Our key services include
- Forensic Data analysis – Data management, data analysis, dashboards and advance analytics
- Computer Forensics – Disk Imaging, data recovery, keyword search and incident response
- Discovery management – eDiscovery and document management
- Tooling support for investigations and disputes.
Our laboratory is among the first and largest of its kind in India. Based in Gurgaon, it has a completely virtual infrastructure running on cloud operating system which can handle multiple millions of transactions and offers seamless storage using a 20 Terabyte Storage Area Network (SAN). The entire infrastructure is connected to a dual homed internet connection and also secured by multiple layers of firewalls.
Since its inception in September 2009, the lab has preserved over 25 terabytes of data, processed 5 terabytes of Relational Database Management System (RDBMS) data and performed e-discovery (A service that has been specifically designed to support the extraction, capture, processing and review of digital and conventional evidence, irrespective of volume) on 700 GB of custodian files.
We recently helped investigate into a case of employee fraud in an asset management company.
Our client, an asset management company, suspected an employee of being engaged in Front Running and Tail Gating, thereby exposing the company to losses, malpractice, bad reputation, and loss of customers. We developed an analytics-based hypothesis to detect potential front running. As part of this, a trend analysis was performed on buy and sell patterns of the select equities. Using the call log information of the suspected employee that was provided by the client, we conducted link analysis to identify other suspects.
We were able to establish the collusion between the employee and other suspects. We were also able to point out other potential front running cases in the organizations that could be considered for investigation.
In another instance, we were able to help a client, a fortune 500 global bank, to identify control weaknesses in its IT systems.
The client repeatedly faced a system outage of its consumer facing online banking portal, the reason for which could not be conclusively attributed to any operational/system failure. The preliminary examination pointed towards deletion/un-installation of key system file of the Application Server.
Our team considered several hypotheses based on the technical and architectural understanding of the client’s systems. A list of procedures were designed to prove/disprove each hypothesis, including but not limited to - log analysis, discussions with key client personnel present at the time of the incident, event correlation, and discussions with experts supporting the platform and application server.
We were able to identify control weaknesses, potential system security exploits and practices by the IT team which were in violation of the policy and procedures. Indications of a manual involvement were discovered and reported to the client.