Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.

Published byHester Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation."— Presentation transcript:

1 Guidelines for Investigation

2 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation Down side Legal issues Guidelines for investigation

3 3 Reasons Breach of security protocol Improper usage of passwords Improved level of access – physical, software Lack of technical knowledge at supervisory level Multi tasking by single person

4 4 Ways of committing frauds Parallel package Point of sale – booking of articles having prefixed stamps Sanchay Post – access to database through SQL Sanchay Post- access through ‘Data entry’ module Meghdoot - access to database through SQL Unauthorised access to server (esp. thru wireless connectivity)

5 5 Prevention Effective Monitoring Proper inspections Vigilant administration Low tolerance for breach of security related issues

6 6 Aids for investigation Audit trail in the software –Operating system –SQL –Meghdoot –Sanchaya

7 7 Downside Deleted data Multiple usage of operator Universal knowledge of passwords Lack of technical/application knowledge amongst inspectorial staff Electronic evidence Legal issues

8 8 Fixing of responsibility –Primary –Secondary Software user-ids linkage to charged officials Memo of Distribution of Work Secrecy of password

9 Collection of Material Evidence Initial enquiries - the usual way Indications of fraud - material evidence in the form of shift reports etc should be collected Take back up of all databases in the presence of administrator and head of office Search office for CD’s/floppies containing data and take possession of the same. Check the material contained in them for a clue to the modus operandi

10 Security Environment Examine the security environment of the office List out the names of officials concerned and make enquiries with them Whether supervisor allowed operators to use his pass word Whether administrator password is known to operators Whether password policies are enforced through the system

11 Modus Operandi See whether any programming software are installed and running. Get the help of the administrator or any other specialist as to the function of such software. Whether the accused has access to any systems both in the office and also outside software with which the frauds were committed in these systems also; Whether the accused owns a system and whether it is possible for him to misuse the departmental applications using his/her system

12 Scope of the Fraud Check all the articles posted on that day/received for delivery on the day with the relevant reports and see whether there are any indications as to fraud Collect receipts from customers and check with office records Whether receipts are generated through authorised offices only Check whether receipts collected are in the form supplied to the office Check the log on pattern of the user Check the log files generated in administrator access

13 Clues from System Administrator  Check the login pattern of the user - whether user was logging in at a time he/ she has not been assigned any work like beyond counter hours/ on holidays etc. Take a back up of all such log files.  The administrator’s option generates log files of changes to tariff and other items made by the supervisor; check whether there are any indications in this log. Check whether frauds committed by manipulating the database Check the version software installed

14 Case Study Exercise

15

Download ppt "Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation."

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
©Centrepoint Management Services Ltd, 2007 Introducing the VIEWpoint Videotex System.

©Centrepoint Management Services Ltd, 2007 Introducing the VIEWpoint Videotex System.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Guidelines for Inspection of Computerized Offices.

Guidelines for Inspection of Computerized Offices.
Chapter 2 Skimming.

Chapter 2 Skimming.
Investigation in Computerised Environment. Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise.

Investigation in Computerised Environment. Causes for fraud in computerised environment Lack of technical knowledge at supervisory level Improper exercise.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
MIS and interpreting data. What is MIS?- A management information system (MIS) provides information that is needed to manage an organization efficiently.

MIS and interpreting data. What is MIS?- A management information system (MIS) provides information that is needed to manage an organization efficiently.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Department Of Computer Engineering

Department Of Computer Engineering
Managing a computerised PO Operating environment 1.

Managing a computerised PO Operating environment 1.
Network security policy: best practices

Network security policy: best practices
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
Chapter 14 Network Management Business Aspects Architectures Technology.

Chapter 14 Network Management Business Aspects Architectures Technology.
Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.

Virtual Memory Tuning   You can improve a server’s performance by optimizing the way the paging file is used   You may want to size the paging file.
EPayment 5.4.1. ePayment Introduction It is the process of electronic transfer of bill data between booking and payment office Department of Post collects.

EPayment ePayment Introduction It is the process of electronic transfer of bill data between booking and payment office Department of Post collects.
Introduction to Business Organisations

Introduction to Business Organisations
WHAT Exam Practice WHY All MUST Most SHOULD Some COULD Be able to understand the requirements of the exam to achieve a grade D Be able to understand the.

WHAT Exam Practice WHY All MUST Most SHOULD Some COULD Be able to understand the requirements of the exam to achieve a grade D Be able to understand the.

Similar presentations

Ads by Google