IT Group has been commissioned on many occasions by insurance companies relating to suspected fraudulent claims, ranging from investigations into arson through to the analysis of images that may have been taken after the alleged burglary occurred.
As a result of our work, considerable sums of money have been safeguarded by insurers where fraudulent or inaccurate claims have been identified, often with figures upwards of a million pounds.
By using a range of digital forensic techniques, we can uncover digital evidence contained within electronic devices. This evidence can assist the claim handler to check the validity of a suspect claim.
Picture, Video and Document Analysis
We have successfully uncovered fraudulent claims for high value stolen goods by conducting EXIF data analysis on photographs submitted to support the claim. The EXIF data contained within an image will show the exact date and time a photograph was taken, if the image has been edited and even what camera took the photograph. On some occasions, it is apparent from our analysis of the data that the photograph of the ‘stolen’ item was taken after the claim was submitted, proving that the item was still in the claimant's possession after the alleged date of the theft.
Mobile Phone Forensics
Cell Site Analysis
Mobile phone mapping/tracking using cell site analysis can be used to determine the approximate location of an individual’s mobile phone at any given time, based upon their calls and texts (both sent and received). This can build up a complete picture that can provide unique data that helps to establish the whereabouts and movements of a person's mobile phone (and therefore strong evidence of the movement of the person themselves) on any given day.
Live and Deleted Data Extractions
Mobile Forensic techniques can interrogate a mobile device at a byte level. This means that messages, photographs, videos, website history and application usage as well as user-generated content can often be extracted from the mobile device, even if the data in question has been deleted. Often, we are able to extract hundreds of deleted texts that the owner of the device believed to be wiped from the device.
Further Analysis of Messages in Chat Applications
Extracting information from chat applications including WhatsApp or Facebook Messenger can help to establish if there is any relationship between claimants. As a result of previous investigations, we have successfully proven that parties claiming never to have known each other were in regular contact or ’friends’ on a social networking site.
Hard Drive Analysis
A full forensic analysis of a computing device can be conducted in a similar manner to analysis conducted for criminal cases. A full extraction of the device at a byte level allows a complete image of the machine to be used, bypassing any Windows passwords. This allows advanced techniques such as data carving to be used to recover deleted data, extraction of live emails and media content that can be used for further metadata and EXIF data analysis.
Following a cyber attack or similar networking-based crime, completing a forensic analysis can often also help to determine if an intrusion has taken place, as well as discovering the exact documents that have been altered or accessed by the attacker. All of these techniques are backed up by an interpretation by industry experts who can give a full explanation of the results of the analysis.
Examining the contents of a computing device can also reveal further evidence that many do not initially realise is available. Using a technique known as ‘Timeline Forensics’, it is possible to determine if a suspect was or was not at the computer at a specific time, as well as identifying what activities the user was engaged in at the time. If a suspect claims he was down at the local corner shop at 2am but activity was present on the device at this time, it casts doubt on the alibi. We can provide a full interpretation of the timeline of activity to clients in an understandable and easy-to-follow format.
Linking well with Computer Forensics, Data Recovery can be used to extract data that is believed to be lost. We are often instructed to interrogate damaged devices to determine if evidence can be gained from the contents of fire-damaged or water-damaged equipment; both being potential sources of valuable data in circumstances where there is a suspicion that someone has perhaps attempted to destroy evidence. We offer a free assessment on damaged devices to determine the likelihood of success, and have a history of achievement, recovering data from fire-damaged and water-damaged devices in many and varied circumstances.
|Aaron Pickett is a Digital Forensic Examiner at IT Group specialising in Information Security, Computer Forensics and e-Disclosure. Aaron holds accreditation from Bond Solon Expert Witness Training, as well as UFED Cellbrite Mobile Phone Forensics, using both of these to assist IT Group to stay at the vanguard of the Legal and Forensic Computing sectors.|