The Evolution of Forensic Auditing with AI – How I Would Do the Same Project Yesterday and Today
- jakubkraszkiewicz
- Feb 16
- 4 min read
To meet our readers' expectations, we decided to present a practical example on our blog. To demonstrate how evidence analysis can be automated using AI and a repeatable process, let's use the story of how employees of a large housing cooperative were stealing spare parts and using them for their own purposes. The entire story is true, however, we have hidden the client's identity, so we ask the reader not to try to guess the company's identity from the details provided.
The case took place several years ago, when aside from the replicants from the cult film 'Blade Runner,' machines still could not pass the Turing test. Digital evidence analysis was manual or, if you prefer, visual.
Our task was presented to us quite vaguely; at first, we only knew that foremen might be using spare parts for their own purposes, working on so-called 'side jobs' – performing repairs personally or through business activities. So I traveled with a colleague from the team to an explanatory proceeding in a medium-sized city in southern Poland. We learned the entire process – we knew who and why ordered spare parts and for what needs, who entered orders into databases, how repairs were called up and registered in the technical system. However, we faced a very important problem – spare parts did not have serial numbers that uniquely identified them, and during inventory, these parts were not counted individually. In practice, we knew who, how many, and when ordered parts and to which repair address, but apart from the concentration of orders around a few names and addresses, little resulted for the internal investigation. Not giving up – we divided our forces. I selected buildings for inspection where parts were replaced more than twice a year, while my colleague, posing as housing cooperative managements, called manufacturers and asked about the meaning of the codes used to mark parts. The lead proved accurate – in the sequence of numbers, the production date (month and year) was encoded. We also knew that a spare part under normal conditions could be used for ten or even fifteen years.
After investigative analysis, we had to enter about 150 selected buildings where parts were frequently replaced, photograph the codes, and perform digital evidence analysis. The analysis consisted of comparing repair dates and production dates from the parts ordered for them (the production date of the part occurred at most six months before its installation). The investigative analysis of about 300 photos taken was very tedious – it was necessary to record codes from photos, decipher parts' production dates from photos, and compare them with hypothetical production dates of parts from orders. After several days, it turned out that we had about 80% accuracy; in the case of about 120 buildings, digital evidence analysis showed that in the photos we had old equipment that certainly was not ordered at the time indicated by the orders we were analyzing. The punchline of this story was finding equipment warehouses (on the cooperative's premises) where cooperative employees hoarded ordered parts and could use them for any purpose. Equipment after purchase was not activated on fixed assets and immediately went to costs.
The moral of this story is twofold. You should always strive to ensure that our fixed asset records are relatively complete. The second thread concerns the use of generative artificial intelligence in digital evidence analysis.
Tomek Dyrda and I conducted an analysis, asking the AI model to decipher the code of sample equipment and analyze selected photos. Following the prepared prompt, the AI model correctly described how to read manufacturers' codes and almost one hundred percent accurately deciphered codes from photos, created a table of equipment production, and compared it with hypothetical given production dates of equipment from orders. After two hours, we received a list of matches – very similar to what took us nearly a week to complete. The limitation turned out to be only insufficient photo quality in a few cases (black digits on a metallic background).
We no longer have access to this material and cannot use it publicly, but for demonstration purposes, Tomek prepared an analysis of the nameplate of another device – example below:
Header | Value |
Manufacturer / brand | FANATEC (Endor AG, Germany) |
Product / model (as on label) | ClubSport Steering Wheel Formula Red Bull 2024 |
Serial number (S/N) | XX364012420 |
Other visible identifiers | SV392011490 (marking visible on both sides; most likely part / component / batch number) |
Power parameters | 5 VDC, 1000 mA |
Designed in | Germany |
Manufactured in | China |
Visible compliance markings | CE, UKCA, WEEE (crossed-out bin), FCC (and additional less legible symbols) |
QR code | Present on label (content not readable from provided photo) |
Earliest production date (inferred) | 2024-01-01 (earliest possible) |
Inference basis | Product name contains '2024' ('Formula Red Bull 2024'), which indicates that the device could not have been manufactured earlier than 2024 (no information on the label suggesting earlier pre-production copies). |
Explicit production date on label | Not visible / not provided in shown fragment of label |
Device description | Racing simulator steering wheel ('formula' style) for cooperation with Fanatec bases; visible quick-connect interface and gear shift paddle mechanisms. |
The AI model explained the codes used by manufacturers and interpreted the available information, indicating the possible year of production. Combining the capabilities of the AI model with an automatic analysis process allows analyzing hundreds or thousands of photos, documents, and recordings in a fraction of the time that was needed before.
An excellent example of how to use technology wisely, but remember – always under human control.
Another practical example next week.
Comments