Posted: May 9th, 2022

Case Study Forensic Report

Mr. Ivan Cembalos contacted Jayden Forensics on June 20, 2020, in connection to a possible network intrusion at the JLA Enterprise. Mr. Cembalos made this contact because he wanted support in regards to investigating this Intrusion and also come up with a report about the Intrusion. The Intrusion appeared to have taken place between 0900 and 1505 hours at the JLA Enterprises headquarters and, in particular, at the corporate office section. This report aims to provide Mr. Cembalos with a detailed analysis of the situation to determine the origin of the Intrusion, establish the likely purpose of this attack, and also identify the documents, files or data that might have been compromised during the attack. The information described in this report is proprietary, and according to Mishra (2020), it means that anybody who views has consented to understand that the information within is only for official use and that the report will be subjected to acceptable personal privacy and user agreements at JLA Enterprise.
Jayden Forensics investigator, Granit Cole undertook a thorough investigation at the JLA Enterprises headquarters and, in particular, at the corporate office section on June 20, 2020, from 1000 hours to 1400 hours. From this investigation, Cole noticed that the timing of these attacks coincided with the office peak hours, which are between 0900 and 1230 hours. Upon setting up a meeting with Mr. Ivan Cembalos, and having been shown all the likely network compromise that took place at JLA Enterprise, Mr. Cole requested that all work stations should be locked temporarily until the investigation is complete. Additionally, he requested that all employees must be checked off their removable media before they left the office building. Mishra (2020) argues that these measures were meant to ensure that no one from the office would interfere with the ongoing investigations.
From the investigation conducted, it was discovered that the Chief Financial Officer at JLA Enterprise computers had made several communications with an employee of the corporate office when the Intrusion had taken place. Further analysis of the employee’s servers to his computers revealed that he had authorized the transfer of money to an authorized offshore bank account. The fact that the communication between this employee and the Chief Financial Officer took place at the same when this Intrusion was happening led to the suspicion that the CFO was involved or the mastered mind of this embezzlement. Approximately $1000, 000 was taken from JLA Enterprise.
We can prove that the CFO at JLA enterprise was involved with this embezzlement based on a forensic analysis conducted on his computers at the corporate office alongside that of the junior employee. Using different data analytics tools to analyze JLA Enterprise expenditure over the past year revealed several suspicious transactions that had been authorized by the Chief Financial Officer in the last two months (Ojha & Pani, 2020). For instance, it was established that payment to this offshore bank account had increased ten found in the past two months without any clear explanation given in regards to why this development. Interestingly, these payments had been authorized and signed by the CFO, which clearly shows that he had the full knowledge of what was going on. Finally, further analysis of the dates and timing when the invoice and payments to this particular account were made revealed that they had been around the same dates over the two months periods and the time between when the invoice was sent. The payment was made was less than 15 minutes. This was a break from the past where invoices from this same account often took several hours or days before they could be paid. This pattern was an interesting development, but more work had to be done before making any conclusions.
On analyzing the Chief Financial Officer history at JLA Enterprise revealed that he had only been at the organization for five months while the employees suspected to be working with him had been around much longer for about a year. It was also established that the two had been friends for a long time since they had been in college, which represented a red flag in the investigation. The fact that invoices from the suspicious accounts were being made much faster over the past two months than usual, and there had been prior conversations between the CFO and the said employees also represents another red flag. Moreover, this pattern had only begun two months ago, which represents three months since the Chief Financial Officer at JLA Enterprise assumed office.
From this investigation, we can conclude that this Intrusion was an inside job between the Chief Financial Officer at JLA Enterprise, with a junior employee and external player working for an offshore bank account that had to be established through the help of the government and other international investigation bodies. This is because such an investigation will require the involvement of diplomatic relations and more advanced cross-border bank fraud investigation units (Parichha, 2020). As such, this report recommends that further actions and investigations should be taken against the Chief Financial Officer at JLA Enterprise to establish whether this network that was involved in this crime.

References
Mishra, P. (2020). Big data digital forensic and cybersecurity. Big Data Analytics and Computing for Digital Forensic Investigations, 183-203. DOI:10.1201/9781003024743-9
Ojha, A. C., & Pani, S. K. (2020). Data science and big data analytics. Big Data Analytics and Computing for Digital Forensic Investigations, 129-150. DOI:10.1201/9781003024743-6
Parichha, P. K. (2020). undefined. Big Data Analytics and Computing for Digital Forensic Investigations, 1-19. DOI:10.1201/9781003024743-1

Order | Check Discount

Tags: Case Study Forensic Report