Need to catch a thief... Please help!

techead

techead

Honorary Master
Joined
Apr 11, 2008
Messages
12,185
Reaction score
48
Location
by the mountain
For legal reasons, I can't use the software package name or the company name. I'm just gonna call it package xyz. Let me sketch the scenario...

A small office. Two computers on Windows 7,connected via LAN. Bob and Mary. Both computers have xyz. Bob and Mary each have there own login for xyz.

Bobs pc holds the data for package xyz. When he makes changes, the software updates on his pc. When Mary is logged in, it updates over the LAN and no data is stored on Marys computer.

Fraudulent activities have been picked up, and it is strongly believed that Bob has been using his OWN computer, logged in as Mary, and committed these transactions. Mary denies it. Strong suspicion that Bob is indeed guilty.

I have a list of data, including times and dates that changes were made to the data on Bobs machine. For which he claims that Mary did from her computer, over the LAN.

Somehow, I need to prove that there were was no network activities from Marys computer at that time, which would disprove his allogation.

Ideas on how to approach and issue much appreciated.
 
techead said:
For legal reasons, I can't use the software package name or the company name. I'm just gonna call it package xyz. Let me sketch the scenario...

A small office. Two computers on Windows 7,connected via LAN. Bob and Mary. Both computers have xyz. Bob and Mary each have there own login for xyz.

Bobs pc holds the data for package xyz. When he makes changes, the software updates on his pc. When Mary is logged in, it updates over the LAN and no data is stored on Marys computer.

Fraudulent activities have been picked up, and it is strongly believed that Bob has been using his OWN computer, logged in as Mary, and committed these transactions. Mary denies it. Strong suspicion that Bob is indeed guilty.

I have a list of data, including times and dates that changes were made to the data on Bobs machine. For which he claims that Mary did from her computer, over the LAN.

Somehow, I need to prove that there were was no network activities from Marys computer at that time, which would disprove his allogation.

Ideas on how to approach and issue much appreciated.
Click to expand...

unplug marys comp network?
 
koeksGHT said:
unplug marys comp network?
Click to expand...
Bob and Mary continue to work except I have Bobs pc, which was whipped away and replaced with an identical one.

Need to investigate this whole thing on Bobs old pc, which I am in possession of...
 
Tempted to tell OP to FOAD based on posting history, but on the off chance that this might actually prevent future fraud I'll provide some real feedback.

>Somehow, I need to prove that there were was no network activities from Marys computer at that time

Not happening.

Your best bet is to pull login times off the windows event log.

Also...10 internet points says its Pastel...Xpress version...maybe Partner at a stretch.
 
HavocXphere said:
Tempted to tell OP to FOAD based on posting history, but on the off chance that this might actually prevent future fraud I'll provide some real feedback.

>Somehow, I need to prove that there were was no network activities from Marys computer at that time

Not happening.

Your best bet is to pull login times off the windows event log.

Also...10 internet points says its Pastel...Xpress version...maybe Partner at a stretch.
Click to expand...
I've upset you in the past?
 
techead said:
I've upset you in the past?
Click to expand...
Annoyed more than upset.

I feel I've met my requisite quota of helpfulness for today though so lets not dwell on the past. I'm curious to hear what happens to Bob & Mary next...
 
techead said:
For legal reasons, I can't use the software package name or the company name. I'm just gonna call it package xyz. Let me sketch the scenario...

A small office. Two computers on Windows 7,connected via LAN. Bob and Mary. Both computers have xyz. Bob and Mary each have there own login for xyz.

Bobs pc holds the data for package xyz. When he makes changes, the software updates on his pc. When Mary is logged in, it updates over the LAN and no data is stored on Marys computer.

Fraudulent activities have been picked up, and it is strongly believed that Bob has been using his OWN computer, logged in as Mary, and committed these transactions. Mary denies it. Strong suspicion that Bob is indeed guilty.

I have a list of data, including times and dates that changes were made to the data on Bobs machine. For which he claims that Mary did from her computer, over the LAN.

Somehow, I need to prove that there were was no network activities from Marys computer at that time, which would disprove his allogation.

Ideas on how to approach and issue much appreciated.
Click to expand...

A lot will depend on exactly what sort of logging is maintained by the package in question.

If it lids the IP address that the login comes from, then you should be sorted.
 
Your best bet would be mary's pc if you want to disprove activity there. Sonce I assume the app itself doesnt log this type of depth. Does it run on sql server?
 
Unfortunately its all package dependent, it should have logging of the IP the user logged in from and what was done during that session.
 
If you leave bob as is, will he still continue with this fraudulent activity? If you think he will, it would be the best to start monitoring traffic, very closely, given that it is in your IT policy.
 
Was Mary physically at her workstation at the times of the transactions being captured? All you need is one occasion where she was out of office for whatever reason.
 
MickeyD said:
Was Mary physically at her workstation at the times of the transactions being captured? All you need is one occasion where she was out of office for whatever reason.
Click to expand...

Only if you can prove that Mary was not there.
 
Right so the software does stuff all logging from a ip address point of view. So that's out the question. I was hoping to reply on using Windows logs?
 
Lord Nikon6 said:
If you leave bob as is, will he still continue with this fraudulent activity? If you think he will, it would be the best to start monitoring traffic, very closely, given that it is in your IT policy.
Click to expand...
Nah its all out in the open so he has stopped now. He's not that stupid to continue I assume.
 
techead said:
Right so the software does stuff all logging from a ip address point of view. So that's out the question. I was hoping to reply on using Windows logs?
Click to expand...

Windows logs is not a great tool in this sense, depends, Is it a group policy based network?
 
Or....
if you truely believe that Mary is innocent:


install an activity logger/tracker on both PCs
or at least on Mary's PC - then if you can prove that Mary is not typing acused transactions, it cannot be called entrapment if it was Bob.
 
PsyWulf said:
Your best bet would be mary's pc if you want to disprove activity there. Sonce I assume the app itself doesnt log this type of depth. Does it run on sql server?
Click to expand...
I would have to confirm but we looking at a piece of software that is about 20 years old. Almost certainly no sql. Will confirm
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X