Content deleted Content added
Elec junto (talk | contribs) Undid revision 651895701 by 117.248.14.165 (talk) |
|||
Line 6:
== Methodology ==
The analysis of large volumes of data is typically performed in a separate database system run by the analysis team. Live systems are usually not dimensioned to run extensive individual analysis without affecting the regular users. On the other hand, it is methodically preferable to analyze data copies on
Due to the nature of the data, the analysis focuses more often on the content of data than on the database it is contained in. If the database itself is of interest then [[Database forensics]] are applied.
In order to analyze large structured data sets with the intention of detecting financial crime it takes at least three types of expertise in the team: A data analyst to perform the technical steps and write the queries, a team member with extensive experience of the processes and internal controls in the relevant area of the investigated company and a forensic scientist who is familiar with patterns of fraudulent behaviour.
After an initial analysis phase using methods of [[explorative data analysis]] the following phase is usually highly iterative. Starting with a hypothesis on how the perpetrator might have created a personal advantage the data is analyzed for supporting evidence. Following that the hypothesis is refined or discarded.
The combination of different databases, in particular data from different systems or sources is highly effective. These data sources are either unknown to the perpetrator or he/she can not manipulate them afterwards.
[[Data visualization|Data Visualization]] is often used to display the results.
| |||