Hello..
I have a case where a bank employee used the bank system to transfer money illegally.
We are extracting the evidence from multiple systems. The evidences mainly are the transaction logs.
Do we need to image every system or just extracting the logs will be enough.
Thanks…
alwall,
This really depends on what you are after.
Is the case likely to end up in a criminal court? If so then you'll need to talk to the police to see what they would require (at least thats how it would be in the UK)
Do the logs on their own provide a prima facie case against the suspect?
What other material is likely to be uncovered if you image the lot?
What procedures have you got in place to show that the logs/image you have obtained haven't been corrupted or fabricated?
There is a lot to consider and I would suggest you have to balance out the pros and cons before you decide ultimately what to do…
Paul