During an audit of a corporation's payroll records, a "dummy" employee (earning more than $60,000 a year) is discovered. The fraud examiners who are called into the case track the payroll and discover the fake employee's monthly paychecks are deposited electronically into a checking account at a local bank; with a court-appointed subpoena in hand, they also find out that the name on the account is fictitious. Further inquiries show that an electronic bill-paying service on the account regularly wires the monthly paycheck - minus one dollar to keep the account open - to an offshore bank. The fraud examiners try to obtain additional records from the overseas bank but are unsuccessful; their U.S. search authorizations aren't recognized. Interviews of employees working within the finance section of the corporation also are fruitless. The investigation comes to a temporary standstill and the examiners are discouraged. Unfortunately, they don't yet realize that the answer is right under their noses - in the company's computers.
The Internet, e-mail, financial software, and a variety of electronic gadgets have changed the business environment and the way fraud examiners conduct white-collar crime investigations. Incriminating evidence is no longer limited to paper trails but can be found on hard drives, servers, and compact discs. Electronic data can contain valuable evidence of wrongdoing that can put a fraudster behind bars faster than you can say, "delete it."
The fraud examiners in the opening scenario, after unsuccessfully following paper trails, decided to have a forensic analysis done on the payroll manager's computer. The analysis recovered deleted documents pertaining to the setup of the dummy employee. Subsequently, when the manager's home computer was seized and analyzed, the examiners found records on the offshore banking facility. When confronted with the information, the manager confessed to the fraud against the corporation.