Tuesday, 28 April 2020

With news of the leak of former Prime Minister Malcom Turnbull’s autobiography coming out last week, attention quickly turned to those responsible and the matter promptly referred to the Australian Federal Police.

But in a situation like this, when an electronic document has been distributed without the knowledge of its owner, how exactly do you go about identifying the source of the leak?

As a Forensic investigator at KordaMentha, Brendan Read shared some insights with Information & Data Manager Magazine into the process of a typical digital investigation.

“The process of identifying whether electronic information had been obtained without knowledge of the controller or has been altered from its original state is not necessarily an easy job”

“To identify if a document has been modified or data has been compromised you need to conduct a thorough digital investigation. Digital investigations can be similar to fraud investigations in that you may need to work backwards. You identify where the money ended up and work back. The same can be true for digital investigations. By working back you develop a timeline of activity to determine where the source of the document may have come from or at what point the document may have been tampered with.”

“There are various tools available online which can allow a person to modify the metadata of a document. When these changes occur to the document it is possible that little clues are left behind…Using specialist forensic tools these clues can be identified and verified to provide important factual information about the authenticity or legitimacy of a document. It is important to use multiple forensic tools to maintain the integrity of your investigation and any findings.”

To read the original article as featured in Information & Data Manager click here.