Wonders never cease to end: anti-forensics in practice

These kinds of IT managers should be made to pay the price for negligence and or incompetence.

This omission is just too expensive to the company.

We are in the middle of a forensic investigation, and close on the ‘smoking gun’ only to discover that the suspect machine has four users all with system administrator access. It is now too difficult to affix responsibility for the exact user who installed a spyware application.

Why would IT assign multiple administrator passwords on a public computer? Why do all those people need to install applications?

The challenge we are finding is that, unlike user documents that are stored in a particular user’s windows account, installed applications are not easily identified as having been installed by a specific user. As if that is not enough, two other users are sharing another administrator username and password.

We have discovered a spyware installed on the machine and it has caused havoc to the entire network. The entire core accounting application went down and occasioned loss.

We are using Encase, FTK and Paraben and seem not to figure out how to overcome this challenge.

Any help will be appreciated. How do you tell which user installed an application on a machine that has four different users with administrator passwords; two of which are sharing an account?

We have accessed the personnel file of the Head of IT; and he has all the qualifications as expected – Bachelors in IT, two networking certifications and another certification in IT management.

It is as if they bought these qualifications.

It is tricky!

But seriously, we intend to have this chap for negligence and or incompetence. He should indemnify the company for the loss occasioned as a result of not recommending and or implementing best practices to ensure accountability for access and use of IT resources within the company. After all that is their critical role.


Share this



Related Articles

The habits of star performers

Not all staff are the same. Star performers have habits for high performance. A habit is something a staff does daily. It is part

Project frontline: the common schemes cybercriminals use

Cybercrime is on the rise. Anyone is a potential victim. Many people are not yet victims of cybercrime because no one is yet interested

Technology and the law: Why you need to care about e-Discovery and the law

As a computer forensic specialist, my consulting practice revolves around digital evidence, forensic investigation training and electronically stored information (ESI). The objective of my

Financial inclusion: getting it right on the money

Everybody wants it. But not everybody understands it. Everyone wants to live a decent life. However, to do so, you must have the financial

About Author