Method and apparatus for maintaining high data integrity and for providing a secure audit for fraud prevention and detection
First Claim
1. An apparatus for maintaining high data integrity and for providing a secure audit for fraud prevention and detection, comprising:
- a client server comprising a memory storing instructions which are executed by a server processor to perform the steps of;
copying digital data that is stored on at least one client production server;
storing said digital data on a data storage and in an encrypted format comprising an encryption key that is held by any of a client and a client backup/restore service provider;
archiving discrete versions of computer folders by making multiple, sequential copies of said digital data on a predetermined time interval schedule that comprises any of a set, dynamic, and randomly variable interval;
a forensics analysis system comprising a memory storing instructions which are executed by a forensics analysis processor to perform the steps of;
identifying a need to determine if fraud has occurred;
creating a virtual client historical environment;
comparing, in the virtual historical environment, putatively identical computer data of said archived discrete versions of computer folders stored on said data storage at different points in time and, based on said comparing, discovering missing documents that had been deleted or documents with modification dates that have changed when there would otherwise have been no need to change them, wherein said putatively identical data comprises a plurality of said discrete archival versions of said computer folders, each version containing documents as they existed at the point in time at which they were archived, said comparing comprising any of;
comparing contents of said computer folders from different points in time, comparing the number of documents in said computer folders, comparing a last data and time of modification, and comparing the contents of a document in any of said computer folders at different points in time;
based upon said comparing, identifying any of;
missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them, thereby discovering fraud or searching for evidence after a fraud is suspected; and
based on said identifying missing documents or documents that have changed, restoring from said data storage data that has been saved on at least one point in time on said at least one client production server and that has been changed or deleted on said at least one client production server.
2 Assignments
0 Petitions
Accused Products
Abstract
Any of various comparisons of computer folders from different points in time is performed. Such comparisons provide the ability to discover missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them and thus allows discovery of missing documents to discover fraud or to search for evidence after a fraud is suspected. In another embodiment, deltas in accounting system vendor invoice accounts are compared at different points in time, potentially exposing the practice of moving fraudulent vendor transactions into a large group of legitimate transactions for a legitimate vendor. Per period transaction totals for specific periods for legitimate vendors are compared over historical time for suspicious activity. A comparison of reports from the two different periods, using exact data and software from those separate periods (instead of reporting from “current” data), may raise a red flag otherwise missed.
-
Citations
4 Claims
-
1. An apparatus for maintaining high data integrity and for providing a secure audit for fraud prevention and detection, comprising:
-
a client server comprising a memory storing instructions which are executed by a server processor to perform the steps of; copying digital data that is stored on at least one client production server; storing said digital data on a data storage and in an encrypted format comprising an encryption key that is held by any of a client and a client backup/restore service provider; archiving discrete versions of computer folders by making multiple, sequential copies of said digital data on a predetermined time interval schedule that comprises any of a set, dynamic, and randomly variable interval; a forensics analysis system comprising a memory storing instructions which are executed by a forensics analysis processor to perform the steps of; identifying a need to determine if fraud has occurred; creating a virtual client historical environment; comparing, in the virtual historical environment, putatively identical computer data of said archived discrete versions of computer folders stored on said data storage at different points in time and, based on said comparing, discovering missing documents that had been deleted or documents with modification dates that have changed when there would otherwise have been no need to change them, wherein said putatively identical data comprises a plurality of said discrete archival versions of said computer folders, each version containing documents as they existed at the point in time at which they were archived, said comparing comprising any of;
comparing contents of said computer folders from different points in time, comparing the number of documents in said computer folders, comparing a last data and time of modification, and comparing the contents of a document in any of said computer folders at different points in time;based upon said comparing, identifying any of;
missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them, thereby discovering fraud or searching for evidence after a fraud is suspected; andbased on said identifying missing documents or documents that have changed, restoring from said data storage data that has been saved on at least one point in time on said at least one client production server and that has been changed or deleted on said at least one client production server.
-
-
2. An apparatus for maintaining high data integrity and for providing a secure audit for fraud prevention and detection, comprising:
-
a client server comprising a memory storing instructions which are executed by a server processor to perform the steps of; copying digital data that is stored on at least one client production server; storing said digital data on a data storage and in an encrypted format comprising an encryption key that is held by any of a client and a client backup/restore service provider; archiving discrete versions of said digital data by making multiple, sequential copies of said digital data on a predetermined time interval schedule that comprises any of a set, dynamic, and randomly variable interval; a forensics analysis system comprising a memory storing instructions which are executed by a forensics analysis processor to perform the steps of; identifying a need to determine if fraud has occurred; creating a virtual client historical environment; comparing, in the virtual historical environment, putatively identical computer data of said archived discrete versions of digital data stored on said data storage at different points in time and, based on said comparing, discovering missing digital data or digital data that have changed when there would otherwise have been no need to change them, wherein said putatively identical data comprises a plurality of said discrete archival versions of said digital data, each version containing said digital data as they existed at the point in time at which they were archived, said comparing comprising any of;
comparing contents of said digital data from different points in time and comparing a last data and time of modification;based upon said comparing, identifying any of;
missing digital data and digital data that have changed when there would otherwise have been no need to change them, thereby discovering fraud or searching for evidence after a fraud is suspected; andbased on said identifying missing digital data or digital data that have changed, restoring from said data storage data that has been saved on at least one point in time on said at least one client production server and that has been changed or deleted on said at least one client production server.
-
-
3. A method for maintaining high data integrity and for providing a secure audit for fraud prevention and detection, comprising the steps of:
-
providing a client server comprising a server processor executing instructions to perform the steps of; copying digital data that is stored on at least one client production server; storing said digital data on a data storage and in an encrypted format comprising an encryption key that is held by any of a client and a client backup/restore service provider; archiving discrete versions of computer folders by making multiple, sequential copies of said digital data on a predetermined time interval schedule that comprises any of a set, dynamic, and randomly variable interval; a forensics analysis system comprising a forensics analysis processor executing instructions to perform the steps of; identifying a need to determine if fraud has occurred; creating a virtual client historical environment; comparing, in the virtual historical environment, putatively identical computer data of said archived discrete versions of computer folders stored on said data storage at different points in time and, based on said comparing, discovering missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them, wherein said putatively identical data comprises a plurality of said discrete archival versions of said computer folders, each version containing documents as they existed at the point in time at which they were archived, said comparing comprising any of;
comparing contents of said computer folders from different points in time, comparing the number of documents in said computer folders, comparing a last data and time of modification, and comparing the contents of a document in any of said computer folders at different points in time;based upon said comparing, identifying any of;
missing documents or documents with modification dates that have changed when there would otherwise have been no need to change them, thereby discovering fraud or searching for evidence after a fraud is suspected; andbased on said identifying missing documents or documents that have changed, restoring from said data storage data that has been saved on at least one point in time on said at least one client production server and that has been changed or deleted on said at least one client production server.
-
-
4. A method for maintaining high data integrity and for providing a secure audit for fraud prevention and detection, comprising the steps of:
-
providing a client server comprising a server processor executing instructions to perform the steps of; copying digital data that is stored on at least one client production server; storing said digital data on a data storage and in an encrypted format comprising an encryption key that is held by any of a client and a client backup/restore service provider; archiving discrete versions of said digital data by making multiple, sequential copies of said digital data on a predetermined time interval schedule that comprises any of a set, dynamic, and randomly variable interval; a forensics analysis system comprising a forensics analysis processor executing instructions to perform the steps of; identifying a need to determine if fraud has occurred; creating a virtual client historical environment; comparing, in the virtual historical environment, putatively identical computer data of said archived discrete versions of digital data stored on said data storage at different points in time and, based on said comparing, discovering missing digital data or digital data that have changed when there would otherwise have been no need to change them, wherein said putatively identical data comprises a plurality of said discrete archival versions of said digital data, each version containing said digital data as they existed at the point in time at which they were archived, said comparing comprising any of;
comparing contents of said digital data from different points in time and comparing a last data and time of modification;based upon said comparing, identifying any of;
missing digital data and digital data that have changed when there would otherwise have been no need to change them, thereby discovering fraud or searching for evidence after a fraud is suspected; andbased on said identifying missing digital data or digital data that have changed, restoring from said data storage data that has been saved on at least one point in time on said at least one client production server and that has been changed or deleted on said at least one client production server.
-
Specification