Cyber Forensics and Audit Services

The evolving corporate landscape has increased the importance and complexity of IT Infrastructure. While it has served as a boon in bringing in efficiency and productivity as compared to a paperbound world, it has also increased the risk of vulnerability and fraud.

The digital technologies and the internet are indispensable tools in modern era of business and the corporates are trying to leverage the ever evolving opportunities of cyber space from automating basic internal processes to adopting cloud services. While the Corporate's journey of digital adoption continues to grow, one misstep in the digital life cycle has cascading effect of cyber fraud, data breaches, ransomware, downtime, civil litigation and loss of business reputation.

Cyber Security and Forensic Audit Services are necessary for all organisations from a small start up to a global conglomerate to secure the IT environment. The audit provides an overall assessment of companies' hardware, software, network security, data-centre, potential vulnerabilities and suggests measures to strengthen the companies IT Infrastructure.

Thus, a process of technical evaluation that assesses the current status of your systems, applications, and network to gauge its performance. The audit ensures all systems are running optimally as per your business needs.

Some Typical Cyber Frauds/Crimes Affecting Businesses:

  • Hacking involving compromise of Organisation's Critical Servers
  • Phishing and email spoofing attacks
  • Denial-of-service-attack that renders the resources useless
  • State funded cyber-attacks on key Organisations
  • Competitor sponsored attacks to gather sensitive Company's Information
  • Defacement of a Company's Corporate Website
  • Identity theft
  • Electronic money laundering/fund diversion
  • Theft of Intellectual Property
  • As a response, V Sahai Tripathi & Co ('VST') has set up a Cyber Security & Forensic Services Division which provides preventive as well as Investigative Fraud and Cyber Crime Services for Public and Private Corporations, as well as small and mediumsized businesses. We work closely with business owners, executives, and legal counsel to provide clear answers in complex cases where every investigation is led by a fraud examiner. Our Forensic Services team identifies and deals with a wide range of financial crime, business misconduct and fact-finding approach.

    Our Team

    Our Cyber Security & Forensic Services Division has a growing team of Professionals, which includes Chartered Accountants, Engineers, MBAs, Research Analysts, Journalists, former law enforcement officials, to assist clients in complex areas of fraud investigation, anti-fraud advisory, network forensic services, data leak forensic services, dispute resolution advisory etc. Our team includes

    • Pic 1 - Vishwas Tripathi (FCA)
    • Pic 2 -Colonel Inderjeet Singh (Cyber Security and Forensics Expert)
    • Pic 3 - Divyanshi Agarwal (Cyber Security and Forensics Specialist)
    • Pic 4 - Garima Tripathi (ACA)
    • Pic 5 - Barun (ACA)
    • Pic 6 - Mahima Tripathi (Audit Manager)

    Brief Profile Of Our Team Members:

    Vishwas Tripathi B Com (Hons), FCA
    Mr. Vishwas Tripathi was enrolled with ICAI as a member in 1988. He has an experience of more than 32 years in the profession with a graduate degree in B Com (Hons) from Shri Ram College of Commerce and is a promoter partner in CA Firm ( V. Sahai Tripathi and Co.). He has rich experience in various fields, such as Taxation Law, Company Law, Auditing, Corporate Finance liaison, Non Residents Exchange control regulations services relating to setting up of liaison/project office in India, etc. His core expertise lies in Financial Consultancy, Management consultancy, Corporate advisory, Taxation, Investment planning and business advisory services. Further, he served as Chairman, Board of Directors, United News of India (UNI) continuously from March 2013 to March 2021.

    Colonel Inderjeet Singh
    Colonel Inderjeet Singh has served in the Indian Defence Forces, is Alumnus of IIT Kharagpur and Symbiosis Institute of Management, Pune. He is an experienced Information Systems professional with experience of more than 29+ year across wide spectrum of areas spanning cyber security operations leadership and influencing policy level decisions in multiple organizations. Throughout his career, he has parlayed his extensive background in security and a deep knowledge to help organizations build and implement strategic cyber security solutions.
    He has consistently delivered mission-critical results in the field of in Information Security Management, Cyber Security, Cyber Warfare and Cyber Risk Management. He is visionary for Start-Up Incubation, Entrepreneurship Development, Strategic Consulting and New Technology Evaluation for commercial viability. He is a Subject Matter Expert on latest innovative Technological domains and effectively managed mission critical projects. He has been consistently awarded while in Army and was awarded:

    • Magnificent CIO of the Year "Award in year 2016
    • Excellence Award" by International Police Commission (IPC) 2019
    • Fifty Innovative Leaders Award 2020, Cyber Security Leadership Award 2020
    • 30 most Influential Indian thought Leader in Blockchain 2021

    Divyanshi Agarwal B. Tech
    Ms Divyanshi Agarwal is B.Tech graduate in computer science with specialization in cybersecurity forensics. Through her curriculum she has gained in depth knowledge in the field of cybersecurity, and has a great knowledge of the current trends in the industry.

    Garima Tripathi B Com (Hons), ACA
    Ms Garima Tripathi was enrolled as a member with ICAI in 2017. She has experience in the field of Audit, Accounting, Internal Auditing, Banking, Book Keeping and Information System Audits along with Financial Due Diligence. Her specialization is handling clients with vast data sets involving complicated transactions. Her client expertise is in Service Industry and Manufacturing Industries including setting up of procedural and accounting manuals.

    Barun Kumar B Com, ACA
    Mr Barun Kumar was enrolled as a member with ICAI in 2017. He has over 4 years of professional experience in statutory and tax audits of clients from diversified industries including FMCG, ITES, healthcare, real estate, educational institutes, etc. His areas of specialization include Statutory and Tax Audits, Financial Reporting, Advisory services on Ind AS & IGAAP.

    Mahima Tripathi B Com (Hons), Audit Manager
    Ms Mahima Tripathi has completed her B Com (Hons) from Delhi University. She has experience in the field of Audit, Accounting, Internal Auditing, Banking and Book Keeping. Further she has completed her CA Training in Transfer Pricing from a reputed MNC and also having a good exposure in RBI and Other Regulatory Compliances required to comply by Non Banking Financial Companies.

    Our Service Offerings

    Our Cyber Security & Forensic Services Division practices a preventive and investigative approach in the analysis of transactions, books, records, testing of documents, conducting interviews, forensic data analytics, collecting market intelligence and evidence gathering using forensic technology tools that can provide cybercrime prevention opportunities and deep insight into fraud risks to the client.

    A Snapshot Of The Services Provided By Us Is Given Below:

    Detailed nature of the above-mentioned services provided by VST is shared below

    Cyber Fraud Risk Assessment

    The complexity of IT Infrastructure within Corporates has made it necessary for Corporates to have an effective cyber fraud risk assessment strategy in place and have relevant systems and controls. Some of the critical questions being faced by most Board of Directors, CEOs, CIOs and CFOs today are:

    • Is our data secure?
    • Has some one stolen our critical data (financial, marketing, research, IP, customer data etc) despite having anti leak controls in place?
    • Is someone reading our emails?
    • Can our IT systems be compromised and brought down?
    • Are our networks systems infected with malware?

    VST's Cyber Security & Forensic Services Division can help clients assess their vulnerabilities to cyber fraud and define any weaknesses in their systems and help minimize their vulnerabilities to cyber fraud risks. VST's cyber fraud risk assessment solution is crafted to help clients in gauging how susceptible organisations are to cyber related threats. Our solution involves the following key assessment activities:

    • Cyber Fraud Risk Assessment
    • Cyber Controls Testing
    • Vulnerability Assessment & Penetration Testing
    • Cyber Red flag Analysis
    • Cyber Resilience Testing

    Anti-fraud and Compliance Services
    VST's anti-fraud advisory services help clients in complying with the regulatory requirements, while creating awareness about these issues amongst their employees. Over time, this awareness can help employees deter possible incidents of fraud, misconduct, or non-compliance that they may be exposed to.

    On-Demand Cyber Investigation Services
    With the rise of cyber incidents and the complexity involved, the incident response has to be quick with subject matter experts involved. Businesses/Organisations lack the resources, skills and insights to effectively and timely respond to cyber-attacks. Having a strategic partner to provide subject matter expertise and skills is critical to address the concerns relating to Cyber Risk.

    VST offers an on-demand cyber investigation team which can help to deliver the following solutions:

    • Immediate access to subject matter expert (remotely or on ground) to be early responders for any cyber-event.
    • Continued support for incident response and investigation at pre-agreed rates

    Investment Fraud Investigation Services
    Investment fraud investigations are conducted for investors who suspect their funds may be at risk in an illegitimate or illegal offering and for victims seeking financial recovery from collapsed or corrupt schemes. The purpose of an investment fraud investigation is to determine what actually happened with the client's funds, who's responsible and to provide a clear reporting of the evidence to support a positive outcome in settlement demands, civil litigation and criminal prosecution. The investigation may also involve tracing and locating assets to assist fraud victims in securing financial restitution.
    During a fraud examination, VST's investigators will gather and analyse the relevant facts of the investment scheme, identify the responsible parties and confirm their involvement through independent investigation, fact-finding and interviews. VST will also help client in documenting the extent of financial losses.

    Investigative Due Diligence Services
    Prior to any major business transactions, investigative due diligence is worthy of consideration.VST has ample resources and network to do a detailed verification, investigation, or audit of virtually every aspect of a company (or individual) for better decisions on joint venture, partnership, merger, acquisition and investments.VST can help clients to check the credit worthiness of a potential business partner or reputation check of the potential target, including their reputation among vendors, their payment schedule to vendors, and their salary schedule to employee and so on. Our expert team of investigators has the skills and necessary experience to uncover grave issues before the deal is done.

    ERP and Application Forensic Services
    With white collar crime on the rise, many CFO and CEOs are witnessing a multitude of frauds on ERPs and business applications, such as financial embezzlement/procurement frauds/sales fraud/payroll frauds/expense frauds/supply chain management and agency frauds.
    With regard to the above, VST aims to provide the following solutions to the clients:

    • Build fraud risk scenarios
    • Review ERP and application configurations to test adequacy of fraud and cyber controls
    • Execute fraud analytics on ERP/application data
    • Validate/investigate key anomalies noted from results of fraud analytics

    Network Forensic Services
    Attacks on network infrastructure can take place from a multitude of sources, both external and internal. In many cases attacks succeed because of weaknesses in the elements such as traffic filtering on routers and firewalls, Rules on NIPS1/NIDS2, Wireless network management, Network architecture etc.
    With regard to same, VST aims to provide the following solutions to the clients:

    • Incident investigation (if any required by client)
    • Review of configuration on various network devices (firewall, router, IPS/IDS) to test adequacy of fraud and cyber controls
    • Execute red flag analytics on key device log files to identify potential incidents
    • Validate/investigate key anomalies noted from results of analytics

    Data Leak Forensic Services
    Cyber attackers target organisations for their most valuable asset i.e. data. The nature of the attack depends on the data targeted like Intellectual property, personally identifiable information, customer data and credit card data, financial/sales/production data, business plans, documents, agreements, emails, financial data etc.

    VST has a team of experts who can help clients by conducting data breach incident investigations and review the configuration on IT elements concerning data handling (i.e. data base servers, shared platforms, folders, file transfer protocol, file servers, backup data) to test adequacy of privacy and cyber controls.

    Malware Forensic services
    Malware seems to be the new attack vehicle in cyber war and can be developed for all sorts of platforms and operating systems. Malware developers are also increasingly focussing on mobile devices. Malware is being used to launch a series of cyber-attacks such as data stealing, outage of infrastructure, cyber spying, data corruption, ransom threats etc.

    VST's malware forensic services will help clients in investigating malware infection cases and suggest containment strategies. Our services include malware review to understand malware behaviour and review of configuration on various IT elements (Anti-virus servers, Anti-SPAM filters, Intrusion prevention system) to test adequacy of forensic and cyber controls and Malware attack simulation.

    Computer Forensic services
    It takes special skills, techniques and technology to find, gather and preserve digital evidence. Without rigorous data capture and discovery techniques, crucial evidence could be lost or may be dismissed by prosecutors and judges in a potential litigation. VST has a team of specialists that can help in the identification, collection and forensic analysis of electronic data by doing the following services:

    • Computer Incident Response
    • Electronic data recovery
    • IT Investigations
    • Incident response program development
    • Rapid Response Retainer

    Litigation Support and Dispute Resolution Advisory
    The rapid pace and complex manner in which commercial transactions between corporates are conducted has resulted in a large amount of litigation and disputes. To overcome such issues, experienced litigators require the support of dispute consulting professionals who can provide valuable financial insight and identify relevant risks.

    VST's litigation and dispute resolution services provide critical support to businesses involved in complex disputes. Whether client's dispute involves lost profits, reasonable royalties, economic damages or business valuation, our litigation support and dispute resolution advisory team has the skills and experience to calculate the damages and carefully assess how the issue affects the business. In each engagement, we deliver deep financial insight and detailed case analysis to bolster client's legal position in any dispute.

    Anti-Money Laundering Services
    VST can help clients to understand and address their anti-money laundering ('AML') challenges with proven experience, solutions and results. Our multi-phased approach includes AML risk assessment, evaluation of AML/ KYC procedures and enhancement, training and awareness, compliance and internal control assessments. AML programmes need to adapt to change as financial institutions grow. VST can help to identify gaps that will need to be filled by conducting an assessment of client's AML programme in its current state and comparing it to the AML programme that client's future state will require.

    Risk Mitigation Measures
    VST help clients to use the security policies in optimised manner to enhance the overall security and reduce the overall threat on the organisation whether it be the IT or physical threat. We will guide you through various prevention, deletion and remediation techniques to adapt and maintain an upper hand in security. This service will include a detailed guide through the 6-risk mitigation strategies:

    • Conduct a risk assessment to determine vulnerabilities
    • Establish network access controls
    • Implement firewalls and antivirus software
    • Create a patch management schedule
    • Continuously monitor network traffic
    • Build an incident response plan

    Build Security Architecture For The Client
    VST help client to provide overall solution of cyber security by providing it with a full threat proof personalised architecture that will act as a barrier to various threat keeping in mind the latest vulnerabilities of the time. This architecture will work as a foundation towards the building of security measures that are taken to avoid any sort of vulnerabilities. This will help as a great kick start for setting up a new organisation.

    Graph Showing the Increase In Cyber-Attacks in Last more than one Decade

    Percentage of Different Types Of Attacks