- Use Cases
Investigations are a search for the truth. As a forensic investigator you are either validating or invalidating a suspicion of wrongdoing. Traditionally investigators have had to piece together bits of information often struggling to find all the pieces of the puzzle. New technologies can dramatically impact your ability to quickly find the “truth”.
With large case loads, resolving cases quickly is a priority for most investigators. Additionally it’s imperative to stop theft or fraudulent actions ASAP as customers’ PII and the companies intellectual property may be at great risk. Having the right forensic investigative tools to resolve cases faster is crucial for the forensic investigative team. Advanced user activity monitoring tools like Veriato’s Investigator can uncover crucial evidence within seconds of an incriminating action, or statement, taking place.
Investigator’s stealth agent can be remotely deployed on a suspects machine. It will immediately start monitoring and recording all the user’s computer activity including:
Pictures are worth a thousand words. Never has this been more true than when you watch the screenshot video playback of an employee doing something wrong or illegal. The visual evidence let’s you close a case in record time and it gives you 100% confidence in your conclusions.
Monitoring all user activity on a PC or Mac 24/7 results in a massive amount of data and screenshot evidence. Sifting through the data is sometimes necessary, but using “keywords” that alert you as soon as a suspicious activity takes place is crucial. Alerts not only eliminates investigators overlooking an important piece of evidence, but they also lets you take action quickly to stop fraudulent transactions or to protect valuable data from being moved off of your network.
Keywords should be specific to your company and the individual being investigated, (e.g. AcmeTopSecret.XLS or server04\creditcardmaster). Additionally, predefined keyword lists can also be imported, covering more universal topics of investigation (e.g. bullying, sexual harassment, fraud, theft etc.). The FBI in conjunction with Ernst & Young created a 3,000 word keyword list around fraud. Some of the top keyword phrases used by employees in email communications with coconspirators include:
Veriato’s Investigator is a powerful tool when investigating an individual suspected of wrongdoing. However, by taking insider security to the next level a security team can become threat hunters.
Veriato’s Cerebral is an insider threat platform the utilizes user behavior analytics, event anomalies and keywords to proactively monitor all employees 24/7. You alerted to the first signs of a threat dramatically reducing a corporations level of risk. If you’re not monitoring, you don’t know what you don’t know.