Business with online customers and intellectual properties are using cyber forensic investigators to deal with electronic crimes and employee’s wrongdoing. PayPal scam is one of the cyber crimes that required the knowledge of forensic scientists. Database and Internet investigators played a tremendous role in discovering credit card thieves. PayPal merchants reported being redirected to mock PayPal site. Forensic investigators discovered that the PayPal accounts were opened using the same IP address. The team used Sam Spade, trace route, and freeware network discovery to investigate the matter. Based on the investigation, there is evidence that could be used in a trial. Kothanek’s team is able to assist in the investigation and case trial process through provision of forensic evidence. One of the evidence is linking the computer IP address and the opening of new accounts. In fact, the evidence entails the link between the credit cards, Perl script and the IP address that were used by the fraudster to open accounts in the PayPal’s system.
The sniffer software shows how the operators were using the software to capture passwords and log-in details of PayPal card holders. This is a crucial evidence during the trial process. The forensic team should create the link between the software used by the mock operators and the accounts. Also, the use of fake PayPal server address is forensic evidence that can serve as evidence during the trial. It is worth noting that the criminal in the case bought goods using the fake credit cards through eBay. The goods were shipped to a specific shipping address. Forensic investigators should present the physical address and identify the ownership of the shipping address in Russia. As evidence, the link between the suspect credit card accounts, eBay transactions and the shipping address of goods can be used during the trial process.
The hard drive of the suspect’s computers is a crucial evidence during the trial process. Tracing the suspects was possible by access the computer that was used to open the accounts. The access to the computer is a breakthrough in the investigation and trial process. The evidence is retrieved from the suspect’s hard drive through imaging. This is the bit-stream copying of the suspect’s hard drive (EC-Council Press, 2010). The forensic investigators can extract the information from the hard disk and link it to the opening of accounts. The information on the hard drive reveals originality of various activities that took place on the suspect’s computer. The retrieval of erased files on the suspect’s computer can be used as evidence in the trial process. Authentication of information on the hard drive needs to be supported by the imaging process. The authentication of information will help in identifying the people contacted through the suspect’s computer (Kruse & Heiser, 2003). In the trial process, forensic investigators should focus on the admissibility of the evidence.
The Perl scripts that the perpetrators were using is part of the evidence that should be presented in the trial process. The Perl scripts were used by the suspects to open accounts in the PayPal system. Through PayPal system, it is possible to link the IP address of the suspect’s computer and the Perl scripts during the opening of PayPal accounts. Also, the FBI assistance plays a crucial role in developing the evidence. The computer of the suspects has PayPal information, which indicated their fraud activities. The computer of the suspects had the PayPal account information, which acted as evidence in court. The scam site information can be presented as evidence in court. Tracing of scam information redirects forensic experts into transactions carried out, where the money is channeled, and the credit cards.
The analysis of the evidence was very important during the investigation process. In this case, it was carried out by a forensic team from the company, with the assistance of FBI. The FBI identified fraud activities, and the Forensic experts retrieved and analyzed the information in the computers of the suspects.
The unusual activity that assisted in identifying the fraud is the overcharges and transactions made using the PayPal credit card. Real account holders began complaining of charges on their credit cards. The calls made by customers were an alarm to PayPal Company on the suspicious wire fraud (EC-Council Press, 2010). From a forensic perspective, the unusual charges became an indicator of the bigger things that the company customers were going through. For example, the fraudulent charges that the suspect PayPal accounts had made was more than $100,000. The company was liable for repaying the charges.
The evidence that was retrieved demonstrated that a criminal act had taken place. The evidence proved Vassili Gorchkov and Alexey Ironov were credit card thieves and wire fraud. This is based on the wire transactions that they made using fake PayPal accounts. Wire fraud is believed to be on the increase because most of the people are undertaking inline businesses. In a critical analysis, a gathering of e-evidence was made possible through the cooperation of various stakeholders. The stakeholders that assisted in the process include the FBI, eBay, PayPal forensic team, and the customers. The FBI assisted in accessibility the computer of the suspects. This played a crucial role in the collection of evidence. Information on the hard drives of suspect’s computers made a strong evidence in the investigation process. After the incident, PayPal has increased its strategies in protecting the customers and preventing wire frauds.
EC-Council Press. (2010). Computer Forensics: Investigating Network Intrusions and Cybercrime. Clifton Park, NY: Course Technology Cengage Learning.
Kruse, W. G., & Heiser, J. G. (2003). Computer Forensics: Incident response essentials. Boston, Mass. [u.a.: Addison-Wesley.