With everything around us going online, it comes as no surprise that workplace behaviours have also made the transition and are now occurring virtually. From our daily team catch-ups to our client engagements, our workday is now defined by us sitting in our spare room waiting for that next video conference or email invite to pop up on our screens.
Traditionally, evidence collected during a workplace investigation is a mixture of documents, procedures and personal accounts that paint the picture of whether a certain conduct did or did not occur. Today, however, we find that the digital world has a bigger role to play in that behaviours, whether positive or negative, and experiences, whether positive or negative, are exhibited during virtual meetings, over emails and text messages and are not only confined to business hours, but extend to any time of the day or night.
To conduct a thorough investigation, we must turn or focus on gathering this digital evidence and exploring the virtual workplace in a way we had never done before. To do so, we must identify, acquire, analyse and report.
The first step in gathering digital evidence is to identify what evidence we need; which devices are likely to have hosted this evidence and when. Given the amount of data we use on a daily basis, without setting these clear parameters our search can go on for hours and hours unnecessarily losing valuable time and increasing cost for no reason.
Once we identify what we need and where to find what we need, we then set our sights on acquiring this information taking into considerations the organisational structure and framework put into place around digital information and ownership of that information in a workplace context.
Before we begin the process of acquiring any evidence, we must turn our minds to the laws in place to protect individual especially from a privacy perspective. Often employees use their work issue mobile phone or computer for personal use and we must ensure we adhere to privacy legislation and not collect information unrelated to our investigation.
Evidence acquisition refers to collecting the maximum amount of data relating to our investigation from all the likely sources and verifying the data integrity to ensure it has not been fabricated. In this digital world, it easy to fabricate digital evidence so an in-depth assessment using purposely designed software and processes is required. Involving employers at this stage is also helpful in determining the business impact of the planned investigation strategy.
Once all the evidence is collected, it is time to analyse the data and decipher what we have gathered and revert our minds back to good old traditional evidence analysis to achieve our objective. To perform a successful evaluation, you must preserve the collected data and create an event timeline, perform media and artefact analysis, string search, and employ data recovery tools to authenticate the collected evidence to complete the investigation. In situations like this, you may need to employ the services of someone with the skills to undertake that analysis.
It may sound complicated, but following a process and having a structured approach in managing the digital evidence collected will assist maintaining a healthy oversight of the investigation.
The final stage is to report your findings. After collating all the required data and analysing the evidence, it is time to produce your report and communicate the details of what actions you performed, any observations you made and the findings reached. The report should also include any none digital evidence assessed and weighed together to produce a well balance and accurate finding based on all evidence articulating the digital approach.
About Marc Dib
Marc Dib conducts workplace investigations and reviews for Worklogic’s government and private sector clients.
Marc has extensive expertise in transnational and complex investigations in areas including fraud, intelligence, anti-corruption and professional standards.