Closing the case on data integrity

Rene Hamel, senior manager of corporate investigation services in the computer forensics and business intelligence tools department at the Royal Bank of Canada (RBC), shares some crime-busting stories from his RCMP and KPMG days.

Money lender bumped off

A couple in Vancouver is loaning money at a high interest rate; the wife balances the books. Her husband comes home and finds her dead. Hamel images their computer and locates all the files modified just before her death. He cracks the password on a Quicken file and finds a list of borrowers. Suspicions are raised that one of those borrowers may be the murderer, but the list is huge and seemingly impossible to narrow down — until a few days later when the RCMP discovers a drug squad has been writing down the license plates of all the people parking in the area over the last few days. They verify that one of the names tied to the license plates matches a name in the Quicken file. Suspect is apprehended and confesses.

Fraud culprit tracked

A huge amount of money exists in a trust fund. A law firm employee changes the number of a file stored in the company document management system and transfers the money overseas. Hamel’s KPMG team looks at the workflow in the firm and narrows the list down to 35 or 40 suspects. They search the suspects’ computers for the fraudulent document number, and find it on one computer. To cover his tracks, the culprit deleted the document and used a utility to clean up the system. But he modified the file in WordPerfect, which stores in its memory the document’s last 10 actions. Perpetrator also overlooked a directory that saved earlier drafts of the fake file.

The last written word

A woman is found dead at her computer desk at home. Officer on the scene finds an open Word document containing a letter she was writing around the time of her death. Computer is taken to local IT shop, where employee boots up the system and looks at some files — but as he opens and closes them, he corrupts their time stamps. Luckily, Hamel’s RCMP team finds the backup version of the document in the computer’s temp file; the metadata shows the last edit to the document was about 71 hours ago, confirming the coroner’s assessment of the time of the victim’s death.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now