Downloading: Using Computer Software as an Investigative Tool
Bowker, Arthur L., Drinkard, Leonard N., The FBI Law Enforcement Bulletin
Consider the following scenario. At 9 o'clock one Monday morning, the owner of a local business makes a frantic call to your agency's fraud unit. She reports that she arrived at work early that morning and was surprised to find the office manager, a 5-year employee, already busy at the computer. He appeared extremely nervous, and as the owner approached the computer, she discovered that he had gained unauthorized access to the company's payroll files.
When asked why, the office manager nervously responded that he thought the system had miscalculated the withholdings on his last paycheck, and he was only "checking it out." Suspicious of this response, the owner checked the computer's access log for the payroll system, something she had not done for some time.
Her inquiry revealed that the office manager had accessed the system before and after each payday for the past year. Investigating further, the owner made a startling discovery. The company that prepares her firm's checks had been issuing 60 paychecks every pay period, even though she employs only 55 people.
Confronted with the discrepancy, the office manager admitted to "borrowing" some funds. Heavy drinking had dulled his memory of exactly how much money he had "borrowed." He refused to answer any more questions and tendered his letter of resignation.
When the police responded, the owner promised to cooperate with the investigation. Yet, she also informed the officers that she could not afford to have her business disrupted in any way.
This unfortunate business owner had fallen victim to a computer manipulation crime, an offense that involves changing data or creating records in a computer system to commit another crime,(1) in this scenario, embezzlement. Although the law enforcement community has recognized the seriousness of these crimes for more than a decade,(2) investigations typically have been complicated, time-consuming, and disruptive to the victim's business operations. However, using a technique known as downloading, law enforcement agencies now can use their computer software as an investigative tool to solve computer manipulation crimes quickly and easily.
NOT FOR COMPUTER EXPERTS ONLY
Downloading is the process of transferring a computer program, file, or other electronic information from a remote database or other computer to a user's own computer.(3) When investigating computer manipulation crimes, law enforcement officers can download the victim's computerized financial records to a disk, return to their office, and use their agency's software to reorganize the data into a format that enables them to detect falsifications.
Specifically, downloading enables investigators to sort, select, and organize entries in whatever manner the investigation demands. This method makes analyzing the data much easier than manually examining journals, ledgers, or check registers in whatever manner the entries might be organized, such as by date or check number.
Investigators can examine only those entries that may be evidence of a crime - such as checks with false payees, fictitious voided checks, or checks for large dollar amounts - without searching every computer entry and every canceled check by hand. By reducing the number of computer entries investigators need to compare to hard-copy evidence (for example, canceled checks, vouchers, or invoices), downloading permits easy detection of any discrepancy and/or falsification the embezzler used to conceal the crime.
In short, downloading allows law enforcement agencies to use commercially available software to analyze volumes of data without seizing computer equipment, disrupting the victim's business, and manually searching every piece of evidence. Downloading possesses clear advantages over the methods traditionally used to investigate computer manipulation crimes.
TRADITIONAL INVESTIGATIVE METHODS
Some investigators note that investigations into computer manipulation crimes comprise 90-percent detective work and 10-percent computer work. …