CSD1001 Group 4 Activity

CASE STUDY:
SEC employees access pornography at work
and put the organisation at risk
 MEMBERS
Priyanshu Dubey Sneha Pandey
21BCY10049 21BCY10050

Manomay Kaglkar Suhani Panda

21BCY10052 21BCY10053
INTRODUCTION
DIGITAL Digital forensics is a branch of forensic
FORENSICS IN science that focuses on identifying, acquiring,
INVESTIGATIONS processing, analysing, and reporting data
stored electronically.Electronic evidence is a
component of many criminal investigations
and digital forensic support is crucial in law
enforcement investigations.

This case study is about a potential security

incident at the SEC which put the entire
organisation at risk. It was investigated
majorly by digital forensic experts.
THE SEC
The U.S. Securities and Exchange
Commission (SEC) is an independent federal
government regulatory agency responsible for
protecting investors, maintaining fair and
orderly functioning of the securities markets,
and facilitating capital formation. The SEC
promotes full public disclosure, protects
investors against fraudulent and manipulative
practices in the market, and monitors
corporate takeover actions.
INVESTIGATION
CASE DETAILS An Investigation into the potential misuse of
government computers was started by the
SEC’s Office of the Inspector General (OIG)
because firewall logs identified several users
who had received access denials for Internet
pornography.

The SEC firewall was configured to block and

log this kind of traffic but employees were
trying to exploit loopholes in the system to
access the links.
 One of the employees reported that her
CASE DETAILS laptop hard drive suddenly crashed. A
complete forensic analysis of her hard drive
found 592 pornographic images in her
temporary Internet files, along with evidence
that she had attempted to bypass the SEC’s
Internet filters.

Further investigation identified several more

employees or contractors who were viewing
pornography on their government computers
while at work. This case is one example of
digital forensics solving a network
administration case.
 FORENSIC The steps followed in forensic investigation of
digital assets are -
INVESTIGATION
IDENTIFICATION - Evidence is numbered
and photographed only after obtaining a
valid search order.

PRESERVATION - It is then collected in

tamper-free bags so it does not get
contaminated. The bags are labelled and
sealed. The chain of custody document
ensures that only authorised personnel
handle the evidence.
 FORENSIC ANALYSIS - An exact copy of the data in
storage, chipsets and other components
INVESTIGATION
of the device is studied to prepare a
report.

DOCUMENTATION - All the data found is

recorded and the conclusion drawn from
the evidence is noted in the reports.

PRESENTATION - Reports and evidence

are verified. Only authentic reports and
untampered evidence bags are presented
in court.
CONCLUSION
PREVENTION The following steps can be taken to prevent
employees from accessing
inappropriate/suspicious sites at a workplace
or from an office device.

Websites can be blocked in browser

settings by system administrators.

The device can restricted to a single VPN

connection that checks every website that
is loaded and filters out inappropriate
sites.
 Implementing a company network wide
PREVENTION firewall that scans every request coming
to the company servers.

Asking for employees ID badges to

determine their access level.

Preventing USB devices like pendrives and

external drives from connecting to the PC.
This keeps confidential information safe.

Encrypting all company data and

preventing employees from having offline
copies of it.
THANK YOU