ValueMentor received an urgent call from one of our client, a money exchange house in Dubai, to perform a cyber forensic investigation on a security incident.
The case
Large sums of funds were transferred based on the email instructions from a customer of a money exchange company . The email account owner, the customer of the money exchange house, took a stand that no instructions were sent. Management of both the companies jointly approached us to investigate the case.
The clients wanted us to establish whether a criminal and/or disciplinary offence had been committed. The client wanted to know
- the extent of any wrongdoing,
- the individuals involved and,
- whether the breach had led to any further offences taking place.
Our Approach
ValueMentor proposed a cyber forensics investigation to identify the consultants took a copy of both the organization’s email system in live mode. Historic and current information extracted from the email database was forensically analyzed to reconstruct a picture of the incident.
Evidences of our investigation indicated that the email was sent from the said company using the same email address. However, further analysis of the employee PC indicated that the email was not sent from that computer. This resulted in analyzing the authentication server for identifying the computers used by the employee in question. We had found one another computer from where the employee had logged into the mail server. Forensic analysis of that computer indicated that another employee might have used that computer during the time frame in question. To cross verify the physical access, we checked the physical access log systems to identify the locations of both the employees at that point in time.
The investigation resulted in identifying that the employee has shared his password with the other employee at some point in time and has never changed it afterwards. The evidence produced, as a result of ValueMentor’s forensic investigation, was submitted to the clients’ investigating officers in HR.
