Guidelines for Investigation

2

Investigation of computer related frauds - Outline

• Reasons

• Ways of committing frauds

• Prevention

• Aids for investigation

• Down side

• Legal issues

• Guidelines for investigation

3

Reasons• Breach of security protocol

• Improper usage of passwords

• Improved level of access – physical, software

• Lack of technical knowledge at supervisory level

• Multi tasking by single person

4

Ways of committing frauds

• Parallel package

• Point of sale – booking of articles having prefixed stamps

• Sanchay Post – access to database through SQL

• Sanchay Post- access through ‘Data entry’ module

• Meghdoot - access to database through SQL

• Unauthorised access to server (esp. thru wireless

connectivity)

5

Prevention

• Effective Monitoring

• Proper inspections

• Vigilant administration

• Low tolerance for breach of security

related issues

6

Aids for investigation

• Audit trail in the software– Operating system– SQL– Meghdoot– Sanchaya

7

Downside• Deleted data

• Multiple usage of operator

• Universal knowledge of passwords

• Lack of technical/application knowledge amongst inspectorial staff

• Electronic evidence

• Legal issues

8

Legal issues

• Fixing of responsibility– Primary – Secondary

• Software user-ids linkage to charged officials

• Memo of Distribution of Work

• Secrecy of password

Collection of Material Evidence

• Initial enquiries - the usual way • Indications of fraud - material evidence in the form of shift reports etc should be collected• Take back up of all databases in the presence of administrator and head of office• Search office for CD’s/floppies containing data and take possession of the same. Check the material contained in them for a clue to the modus operandi

Security Environment

• Examine the security environment of the office• List out the names of officials concerned and make enquiries with them• Whether supervisor allowed operators to use his pass word• Whether administrator password is known to operators• Whether password policies are enforced through the system

Modus Operandi• See whether any programming software are installed and running. Get the help of the administrator or any other specialist as to the function of such software. • Whether the accused has access to any systems both in the office and also outside software with which the frauds were committed in these systems also;

• Whether the accused owns a system and whether it is possible for him to misuse the

departmental applications using his/her system

Scope of the Fraud• Check all the articles posted on that day/received for delivery on the day with the relevant reports and see whether there are any indications as to fraud• Collect receipts from customers and check with office records• Whether receipts are generated through authorised offices only• Check whether receipts collected are in the form supplied to the office• Check the log on pattern of the user• Check the log files generated in administrator access

Clues from System Administrator Check the login pattern of the user - whether user was logging in at a time he/ she has not been assigned any work like beyond counter hours/ on holidays etc. Take a back up of all such log files. The administrator’s option generates log files of changes to tariff and other items made by the supervisor; check whether there are any indications in this log.• Check whether frauds committed by manipulating the database • Check the version software installed

• Case Study

Exercise