Benefits of centralised printing systems

Cheaper (est. €20,000 per annum for 2,000,000 prints a year)

Less internal IT support (universal driver)

Less time lost for user since the system is redundant

Defined supplier SLAs ensure failed printers are replaced on short time frames

Follow-Me printing improves security and more comfortable for meeting print-outs

No waiting or re-printing necessary if printer is crowded or crashed

Departmental billing simple to set up

Fault notification via email on all printers

Auto re-ordering of consumables

Printer standardisation implies users and administrators know the printers’ behaviour

Printing analysis and statistics possible through reporting tools

Quotas possible

Lower toner consumption (up to 60% compared to desktop printers)

Auto-deletion of unrequested printouts

 

 

Printer density is typically lower, so people will need to walk further to collect (lost time)

Must consider change resistance by employees

They can be more expensive if you print few pages (<2,500 a month), but this melts away quickly

Computer crime talk take aways

US congress started contemplating laws in 1970 bit only implemented in 1986.

Phreaking was the first hack. It happened in the us proving its superiority. Nowadays hacking happens from Russia. Is this the emerging super power?

A criminal offense requires both will and action. Involuntary action is not a criminal act.

Traditional trace evidence

Once it is evident there is a criminal offense stop investigations and pass on to police. They will use data blockers during disk access to prevent data being written to it. They are placed in a uncontaminated quarantine area first then labelled and registered and clearly marked . The system used to analyse or copy must have its registry checked and av scan run and all logged accordingly.

Poisoned tree concept that contamination moves down a seed. Defence will always use contamination to pour doubt into the evidence. If there is the slightest doubt it favours the accused. That evidence is thrown out.

there is no link between the computer or mobile and the person using it. And exclude beyond all doubt that the accused was the person using the mobile

Even digital signatures are not good enough since one can claim that someone else ha access to the device where signature is saved.

Twin towers guys went under the radar by sharing a gmail acct and leaving emails in draft never sending them. Thus there was.no matching record for the sent email. To date this is the only such occurrence in electronic cases.

In Malta we have the (British adopted) concept of the Criminal electronic environment which includes the perpetrators and devices

Using backups for examination is good practice since it has least disruption on the business. Of course this is not best .

Data blockers can cost as low as two hundred dollars.

Take as much detail as possible of the disk manufacture etc to prevent future failures from
Document all processes.
Ncase is a very good software but expensive. If you cannot afford it use free other but only licensed software to avoid worms from existing the data or compromising the outcome reliability.
Use only licensed an official software sources so that defence cannot put the evidence in question.
Do not carry out analyses on a trial and error basis

Conclude on evidence but do not forward any opinion.
Work in pairs and sign together the logs
Once you find evidence stop. Do not attempt to overdo it

Once you establish a fact you take control over the evidence. The disk cannot be accessed must be labelled signed etc till handed to police

In any investigation proving facts lies on prosecution
Once you prove one fact stop there. In Maltese law, ten or hundred cases makes no difference in the significance of the infringement.
Magistrate is an IT lay person so keep the analyses simple
Be concise and objective
Never suppose or assume. Be sure beyond any doubt
Use paid software to avoid virus infection of the free site be a point of attack

 

If meeting the guy keep minutes and both of you nee to sign.

Show and keep proof that you had a plan how to investigate. Ensure you can prove you worked in a structured manner. This again helps avoid contamination being a source of doubt.
Report objectively on findings
If identify a suspect remember you are not law enforcement

If meeting the guy keep minutes and both of you nee to sign.

Show and keep proof that you had a plan how to investigate. Ensure you can prove you worked in a structured manner. This again helps avoid contamination being a source of doubt.
Report objectively on findings
If identify a suspect remember you are not law enforcement