Need to catch a thief... Please help!

techead said:
Right so the software does stuff all logging from a ip address point of view. So that's out the question. I was hoping to reply on using Windows logs?
Click to expand...

If it doesn't log source+user+change data I can't think of any way you'll get real evidence/proof against this man via software. You'll have to find an instance whereat the time of the change he was on his machine while she wasn't on hers.

Or the sweet talking lady could actually be guilty.
 
techead said:
I would have to confirm but we looking at a piece of software that is about 20 years old. Almost certainly no sql. Will confirm
Click to expand...

SQL would have been perfect, as it logs fairly thoroughly. You can try checking the Windows system logs for Mary, as it would indicate account logins.
 
MickeyD said:
That's pretty obvious.
Click to expand...


The reason I mentioned it is because, in this small office scenario, with 2 computers, I am fairy sure that they do not have a clocking, or access control method in place to log when the employee is not on the office.
 
Lord Nikon6 said:
The reason I mentioned it is because, in this small office scenario, with 2 computers, I am fairy sure that they do not have a clocking, or access control method in place to log when the employee is not on the office.
Click to expand...
Yeah, agree... was thinking more in the line of: day's leave, at the gynae, out somewhere where she swiped her bank card, etc. e.g. traceable.
 
MickeyD said:
Yeah, agree... was thinking more in the line of: day's leave, at the gynae, out somewhere where she swiped her bank card, etc. e.g. traceable.
Click to expand...

fair point, you could also get cellphone traces, but not sure how many hoops one needs to jump through to obtain those legally.

OP, the software company should have catered for this. They need to have an activity log at least. It needs to write its data into some form of a database, which should have a Commiting user ID, or something similar.
 
Silly question: surely the data altered in some way benefits one of them (bank account number etc). Won't that be enough?
 
Lord Nikon6 said:
fair point, you could also get cellphone traces, but not sure how many hoops one needs to jump through to obtain those legally.

OP, the software company should have catered for this. They need to have an activity log at least. It needs to write its data into some form of a database, which should have a Commiting user ID, or something similar.
Click to expand...

You quite right it does write the activity log, but it's pretty basic. It includes the user that changed the data, in this case it was 'mary' but that's the whole dispute. It was done on Bobs pc with Marys login and the logs don't reflect that unfortunately.

The software is very basic, but I guess it's more the fault of the people involved for having two usernames and passwords that both parties knew. Eish
 
techead said:
I would have to confirm but we looking at a piece of software that is about 20 years old. Almost certainly no sql. Will confirm
Click to expand...

Another silly question, since the software is so old would it not be possible to manipulate the data without going through the user interface and thus bypassing network traffic?
 
LaraC said:
Another silly question, since the software is so old would it not be possible to manipulate the data without going through the user interface and thus bypassing network traffic?
Click to expand...
This is also quite possible if the person has the knowledge. But these people don't.

Also, you can quite clearly see all the 'ammended' transactions... It's just a case of proving that Bob did them with Marys login.

Which is problematic
 
Gonna fire up the pc and see what else this software might have stored, as up until now I've only seen the printed log file... Might contain more...

Edit: appreciate everyone chipping in so far
 
Ok well if Mary gave Bob her login details she is just as guilty unfortunately. You should under no circumstances give such credentials away, and leave the other person using them without you being present.
 
ok so two things...

I did a test where I have two computers on a LAN. The one is my home Laptop, and the other is the computer in question.

I wanted to see what happened(if anything) on the logs on my laptop when I saved a file , over the LAN, from Computer to Laptop. I wanted to see if there was an entry of any sort on the laptop recording that was access made by another computer.

Sure enough there was, and it was using the Guest Account built into my laptop to save the file onto my PC. My hoping is that I could compare the times of the fraudulant transactions (I have a list) to the logs in hope that there would be NO RECORD of the access. I could also use the same method to verify real transactions made by the lady (from her computer) with the logs on the computer I have. I know its not bulletproof, but its worth a shot...

Until I found that the logs are only going back 30 days on the computer that I have... sigh

The only other option is that I see there is a SQL folder inside the installation of the software. There are two .txt files with nothing in really, but I did find a Data sub folder with two files.

johannesburg.018 (602,428 KB)
JOHANNESBURG.FDB (1,104,548 KB)

I think these might be the DB files that the program uses. What do you think? If these are indeed SQL files do you think that there would be sufficient info inside of them to assist with things?

More importantly, how do I look inside?
 
techead said:
ok so two things...

I did a test where I have two computers on a LAN. The one is my home Laptop, and the other is the computer in question.

I wanted to see what happened(if anything) on the logs on my laptop when I saved a file , over the LAN, from Computer to Laptop. I wanted to see if there was an entry of any sort on the laptop recording that was access made by another computer.

Sure enough there was, and it was using the Guest Account built into my laptop to save the file onto my PC. My hoping is that I could compare the times of the fraudulant transactions (I have a list) to the logs in hope that there would be NO RECORD of the access. I could also use the same method to verify real transactions made by the lady (from her computer) with the logs on the computer I have. I know its not bulletproof, but its worth a shot...

Until I found that the logs are only going back 30 days on the computer that I have... sigh

The only other option is that I see there is a SQL folder inside the installation of the software. There are two .txt files with nothing in really, but I did find a Data sub folder with two files.

johannesburg.018 (602,428 KB)
JOHANNESBURG.FDB (1,104,548 KB)

I think these might be the DB files that the program uses. What do you think? If these are indeed SQL files do you think that there would be sufficient info inside of them to assist with things?

More importantly, how do I look inside?
Click to expand...

Quick google points to it being a database file. There are a couple viewers available for the .fdb file.
 
seems this is a firebird setup, from what I can see its opensource. but im battling a bit to find a GUI based reader for this DB file.

Found one of two command line tools, but Im not that proficient.
 
Pho3nix said:
Quick google points to it being a database file. There are a couple viewers available for the .fdb file.
Click to expand...

Would very much appreciate your input on what viewer I should lean towards?

I assume I would need credentials to open this DB file, its not just gonna allow me to open it right up surely?

edit : trying this http://www.razorsql.com/download_win.html
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X