Adherence to forensic procedures
Mistakes that were made
1. Laptop and phones had been left out and plugged in, instead of being securely out of sight.
2. Insurance claim was not made.
3. Serial numbers of laptops and phones were not taken/recorded as well as IMEI identifiers of
smartphones.
4. No realisation of what other items may be missing until a search for the laptop took place.
5. No attempt at asking for witnesses and their statements from anyone in the area including
security, maintenance workers and cleaners.
6. Leaving employee cards out of sight, making it easier to steal.
7. No checks to see if employees still possess their cards.
8. No check on card system to see if there is abnormal activity
9. No checks with security to see if they saw anything strange, while checking the premises.
10. No check on network to see if access could’ve been granted this way
11. No police investigation such as forensics and foot/fingerprint took place, to catch potential
suspects.
12. Data was not remotely wiped from the laptop using Find My Device software, even though the
tool offers this facility.
13. Laptop was not remotely password locked using Find My Device software, even though the tool
offers this facility.
Improving forensic procedures and the current protection measures
Recommendations
1. Update physical security policy for the devices. For example, if BCTAA frequently stores its
devices in an unsecured area which is in sight, it could attract potential robberies. Policy changes
should be implemented, so that BCTAA stores its devices securely, such as a key operated
cupboard, or padlocked/pin protected cupboard, to protect these devices from theft. These
cupboards come at an expense though. Staff should be trained to ensure they put the devices
back into these cupboards when they are finished. Network components must also be kept
secure, and only accessible by authorised people, to limit physical access and attacks to the
network. A requirement should be that employees and staff should be required to sign in and
sign out with their cards, instead of one employee opening the doors for everyone to go out.
This action meant that it was impossible to look at the door logs and decipher who left the
premises and who remained on sight. This would allow BCTAA to know who is present in the
premises and who is not. This would limit theft, as all employee’s movements will be accounted
for.
2. Update security policy. If the current BCTAA policy doesn’t include the security and
requirements of a password on the network, it should be edited to include this. BCTAA must
enforce this password policy on all staff and clients, to ensure that their data is as protected as
possible. Having strong passwords which are complex, would limit an attacker from guessing a
password and gaining access. A policy could be to make it mandatory to frequently change your
password after a given time period. This would come at no additional cost, and would enforce
data security.
, 3. Scanning procedures. All staff and guest mobile devices and staff accessing the network
remotely, should be scanned before they are allowed to connect to its respective wireless
access point and ultimately the network. Scanning these devices would better protect the
network from intrusion as well as infection and would help to limit attacks to the door control
system, which is connected to the network. Scanning procedures comes at a low cost, as
antivirus software usually includes this as part of its package.
4. BCTAA should ensure that mobile devices should not allowed to re-connect to the wireless
access point & Wi-Fi without requiring a password. Otherwise people who have previously been
in the BCTAA premises will always be connected to the network when they are near premises
and their device picks up the connection. This is unsafe and could potentially lead to
unauthorised access to the server and access to its files. This can be carried out by randomly
generating access point passwords or requiring a user to login to the network with certain
credentials. It can also be achieved by limiting a certain device’s time that they have access to
the network. This may be reasonable in terms of cost, as many modern Wi-Fi routers allow this
functionality and the ability to limit devices and change passwords. However, it is likely to be
time consuming to frequently do this manually.
5. Evidence preservation. Copies of the door logs should be made and kept. This is to ensure that
different people such as police, forensics, Baljinder and the EH management company all have a
copy of the document and can analyse it for themselves and move forward with the
investigation. Having copies of the logs means that if the thieves did return and tried to delete
the logs, there is still a backup and evidence. As more activity is recorded, the logs are likely to
be overwritten, so copies must be made before this occurs. This is relatively cheap to do, as it
would be cheap to print out copies of the logs.
6. Evidence preservation. Copies of the meeting summary must be made and kept. This is to
ensure that a record of what took place in the meeting and everything that was said is made.
This would help in the investigation and would ensure that everyone is informed of what is
going on and the current progress. Different people such as police, forensics, Baljinder and the
EH management company would benefit from the meeting summary and can analyse it for
themselves to keep up to date and learn more about what happened and try to piece together a
sequence of events and move forward with the investigation. Having copies of the logs means
that there is meeting notes and evidence of this, so that if someone forgets what was said in the
meeting, they can remind themselves. This is relatively cheap to do, as someone in the meeting
would write down everything that is said and then photocopy this document or record the
meeting with a device such as their personal smartphone and share the recording via email or
Bluetooth to other members of the meeting. Baljinder should also write down a copy of his
account, so that he can share this is part of the investigation.
7. Evidence preservation. The laptop tracking report should be preserved and kept. This is so that a
copy can be shared with the insurance company to help with their claim as well as with the
police in order to aid the investigation. There should be someone to forward this report to these
two groups to help BCTAA recover their losses. It would come at a low cost to copy this report
and forward it to the two groups.
Improving the security documentation
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LEVEL3ITBTEC. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.88. You're not tied to anything after your purchase.