Chapters 7 & 8 - Investigating and Concealing Theft Acts Flashcards
Fraud investigation contains elements of 4 methods
theft investigation methods
concealment investigation methods
conversion investigation methods
inquiry investigation methods
what factors to consider when deciding to investigate a fraud or not?
1 predication (fraud symptoms, tip, anomalies)
- cost
- strength of evidence
- public exposure risk
Proper sequence of events to resolve allegations:
- identify the allegation
- review source documents and records
- employ other investigative procedures
- interview those you think are innocent
- interview suspect(s)
these steps move from outward to inward
what is invigilation
a period of extremely tight controls making it nearly impossible for someone to continue their fraud. purpose is to establish a baseline to see how much fraud is really taking place
what is a period of extremely tight controls for the purpose of establishing a baseline of normal activity
invigilation
things to be careful about when imposing invigilation
- its expensive
- its invasive and people may quit, so get management’s approval
steps to gathering electronic evidence
- secure the device and perform initial task
- clone the device and calculate a CRC checksum
- search the device manually
- . searching the device using automated procedures (forensic software)
explain securing the device and performing initial tasks
- must have a right to seize it
- must maintain a clean chain of custody
- take pictures of seizure site, have witnesses
- pull computer plug, DO NOT shut down normally
explain cloning the device and calculate CRC Checksum
- perform a copy of the hard drive
- calculate CRC Checksum
- seal away original disk
- perform investigation on the cloned copy
explain searching the device manually
search cloned copy for
- web history
- documents
- trash bin
- emails
- usb drives
- recently loaded files
- have someone check the server for their deleted emails
