3.forensic Audit Report - 1

January 14, 2017
Mr. ABC
CEO
XYZ PVT Ltd.
Hazratganj, Lucknow
U.P. 226001
Dear Mr. ABC,

We have completed our forensic accounting and investigative services for XYZ PVT
Ltd as outlined in the September 16, 2016 Engagement Agreement. This report to
you represents our final report with respect to our services.
The data included in this report was obtained from XYZ PVT Ltd on or before January
14, 2017. We have no obligation to update our report or to revise the information
contained therein to reflect events and transactions occurring subsequent to
January 14, 2017.
This report is solely for your information and is not to be referred to in
communications with or distributed for any other purpose to anyone who is not a
member of management.
Please contact Vijay Kumar Gupta at +91-9415561870 if you have any questions or
comments. We look forward to working with you in the future.
Thank you
For VKG ASSOCIATES

(Chartered Accountants)
..
..
VIJAY KUMAR GUPTA
M.NO. 401627
PLACE:- LUCKNOW
LIMITATIONS:
Our engagement was performed under the Statements and Standards issued by the
Institute of Chartered Accountants of India (ICAI). We conducted some investigation
but did not conduct an examination, the objective of which would be the expression
of our opinion on compliance. We have worked on standard procedures, other
matters might have come to our attention that had any relation to case would be
intimidated to you.
The sufficiency of the procedures conducted by our firm in connection with the
given matter, if any irregularity or issue or any other further matter arises, then it
would be solely the responsibility of XYZ PVT Ltd. Consequently, we have
maintained all the representations regarding the sufficiency of these procedures
taken by us in terms of our engagement. We will not be responsible for any of the
work carried by us for the matter we engaged or for any other purpose.
The findings set forth herein were prepared by us on the basis that we were
observed and informed by the Bank concerning the above reference of engagement
letter received by us.
BACKGROUND:
Ms. FFF an Account Manager of the company complaint from Mr. ABC for sexual
harassment against Mr. MMM, CFO of the company because he has provided a HP
Pen drive to her as on 11/01/2017 at approx. 08:00 Pm when she was leaving office
to home which contains some pornography movies and asked her repeatedly to see
that .
Mr. MMM, CFO of the company replied that he has provided a HP Pen drive but with
some official data, the pornography movies might be copied by her to cash the
reputation of CFO.
The Company has not found any pornography movies on any one of the computer
system.
OBJECTIVE
AND
SCOPE
AUDIT/INVESTIAGTION:
OF
THE
FORENSIC
(A)The objective of the engagement was to conduct a forensic audit/investigation of

the company data and employees as they relate to the following transactions:
1. Destroy the reputation of the company.
2. Sexual / mental harassment to employee.
(B) The investigation covered the period from February 1, 2016 to Jan14, 2017
subsequent to the end of field work and before January 14, 2017 additional
information and documentation was received pertinent to two (2) of these
transactions. This information is reflected in this report.
During the course of the preliminary assessment and subsequent investigation,
many other allegations were brought to the attention of investigation team. The
investigation team did not have these additional allegations as their prime focus
and these allegations were not documented to a forensic level.
In addition to the above allegations that are the subject of this report and have
been investigated, the team was able to partially document several of the other
allegations. The remainder has not been verified beyond what was noted and
obtained in the initial interviews.
(C) In all, during the course of the preliminary assessment and the subsequent
investigation, a total of seventy-one (11) individuals were interviewed including:
Eleven (11) current employees;

One (1) past employees;
INTERVIEWS:
Interviews were used to obtain information about and to understand the allegation
and to verify facts. During the forensic audit investigation, we conducted formal
interviews with individuals. Two (02) of these interviews were conducted with the
assistance of a court stenographer (see sworn statement below).
For formal interviews, notes were taken and/or recordings were made. In some
instances, the person was asked to sign the interview notes. If the interview was of
importance to a particular allegation, the interviewee was informed that he or she
would possibly have to confirm his or her statement at a later date.
The investigation team also conducted numerous informal interviews to collect
information relating to documents and activities. Informal interviews were not
recorded although hand written notes were frequently taken.
SWORN STATEMENTS:
Certain interviews were more important than others due to the position of the
employee or their significance in confirming facts. These interviews were recorded
by an official court stenographer, who took an oath from the interviewee before
commencing the session. Transcripts of the completed sworn statements were
provided to the person who was interviewed, shortly after the sessions.
COMPUTER SYSTEM REVIEW:

Followings are the devices which was connected in the Mr.MMM, CFO PC :-
Description
HP REST NULL
Driver
Microsoft Usbccid
Smartcard Reader
(WUDF)
USB Mass Storage
Device
USB Composite
Device
Microsoft Usbccid
Smartcard Reader
Device Type
Con
nect
ed
Sa
fe
To
Un
pl
ug
Vendor
Specific
No
No
13-01-2017
16:09
Smart Card
No
No
12-01-2017
20:36
Mass Storage
No
Yes
Unknown
No
Yes
Smart Card
No
No
Serial
Number
Last
Plug/Unplug
Date
12-01-2017
20:36
12-01-2017
20:36
12-01-2017
20:32
(WUDF)
USB Mass Storage
Device
USB Composite
Device
No
Yes
Unknown
No
Yes
Yes
Yes
12-01-2017
01:47
Yes
Yes
12-01-2017
01:47
No
Ye
s
hp v220w USB
Device
HID (Human
Interface
Device)
HID (Human
Interface
Device)
Mass
Storage
MTP USB Device
Unknown
No
No
SM-J700F
Unknown
Yes
Yes
Apple iPhone
Still Imaging
Yes
Yes
Printer
No
Yes
Unknown
No
Yes
Unknown
Yes
Yes
Mass Storage
No
Yes
Application1 port
Vendor
Specific
No
Yes
SanDisk Cruzer
Blade USB Device
Mass Storage
No
Yes
No
Yes
No
Yes
No
Yes
No
Yes
Unknown
No
Yes
Mass Storage
No
Yes
Mass Storage
No
Yes
Bluetooth
Device
Yes
Yes
USB Input Device

USB Input Device
USB Printing
Support
USB Composite
Device
USB Composite
Device
USB Mass Storage
Device
3GModem port
Application2 port
Application4 port
Application3 port
ALCATEL Mass
Storage USB Device
ALCATEL Mass
Storage USB Device
SanDisk Cruzer
Blade USB Device
Intel(R) Wireless
Bluetooth(R)
12-01-2017
20:32
12-01-2017
20:32
Mass Storage
Vendor
Specific
Vendor
Specific
Vendor
Specific
Vendor
Specific
AA0000000
0003722
048c4fa833
e8
5203f6c8c0
814321
8f116ca468
678b0d211b
d63bf68f24f
0d86bb9dc
CN27B28JZJ
05D2
4C53100145
0807114011
1234567890
ABCDEF
1234567890
ABCDEF
4C53100144
1105112352
11-01-2017
19:58
11-01-2017
17:30
11-01-2017
16:42
11-01-2017
16:24
11-01-2017
16:14
11-01-2017
16:14
11-01-2017
15:24
11-01-2017
14:19
11-01-2017
14:19
10-01-2017
23:51
10-01-2017
22:46
10-01-2017
22:46
10-01-2017
22:46
10-01-2017
22:46
10-01-2017
22:45
10-01-2017
22:43
10-01-2017
20:57
21-09-2016
19:43
USB Video Device

USB Composite
Device
Realtek USB 2.0
Card Reader
Video
Yes
Yes
Unknown
Yes
Yes
Vendor
Specific
Yes
Yes
2009010100
01
2010020139
6000000
Following is the calculation of HP Pen Drive Message Digest
User Actions
and Events
List
Created by using
LastActivityView
Actio
Descripti
n
on
Time
11- View
Filename
2.nov 16
Full Path
F:\DIT\BANK AUDIT\concurrent
21-09-2016
19:27
21-09-2016
19:26
21-09-2016
19:26
012017
20:00
11012017
19:59
11012017
19:59
11012017
19:59
11012017
19:59
11012017
19:5
8
11012017
19:58
11012017
19:58
11012017
19:47
11012017
19:47
11012017
19:45
11012017
19:40
1101-
Folder in
Explorer
audit\allahabad\-17\2.nov 16
Run .EXE
file
Eula.exe
C:\PROGRAM FILES (X86)\Adobe\READER

11.0\Reader\Eula.exe
Run .EXE
file
OpenWith.exe
C:\Windows\System32\OpenWith.exe
View
Folder in
Explorer
NEXURE B
audit\allahabad\-17\ DEC16\REPORT\CON
AUDIT\NEXURE B
View
Folder in
Explorer
REPORT
audit\allahabad\-17\ DEC16\REPORT
View
Folder in
Explorer
xxx.vob
F:\MULTIMIDIA\FILMS\PORN\1\LL\XXX.
VOB
View
Folder in
Explorer
N AUDIT
N AUDIT
Run .EXE
file
DSMUSERTASK.E
XE
C:\WINDOWS\SYSTEM32\DSMUSERTASK.E
XE
Run .EXE
file
DSMUSERTASK.E
XE
XE
Run .EXE
file
WWAHost.exe
C:\Windows\System32\WWAHost.exe
Run .EXE
file
WWAHost.exe
User Logon
User Logon
2017
19:40
11012017
19:30
11012017
19:20
11012017
18:31
11012017
18:30
11012017
18:28
11012017
18:28
11012017
18:25
11012017
18:22
11012017
18:20
11012017
18:18
11012017
18:17
11012017
18:03
Resumed
from sleep
Run .EXE
file
LockApp.exe
C:\Windows\SYSTEMAPPS\MICROSOFT.LOC
KAPP_CW5N1H2TXYEWY\LockApp.exe
Run .EXE
file
HP.AIOREMOTE.E
XE
C:\PROGRAM
FILES\WINDOWSAPPS\AD2F1837.HPPRINT
ERCONTROL_65.1.190.0_X64__V10Z8VJAG
6KE6\HP.AIOREMOTE.EXE
Run .EXE
file
PRINTDIALOG.EX
E
C:\Windows\PRINTDIALOG\PRINTDIALOG.E
XE
Run .EXE
file
PRINTDIALOG.EX
E
XE
Run .EXE
file
PRINTDIALOG.EX
E
XE
Run .EXE
file
PRINTDIALOG.EX
E
XE
View
Folder in
Explorer
F:\
Run .EXE
file
OpenWith.exe
Run .EXE
file
PICKERHOST.EXE
C:\Windows\System32\PICKERHOST.EXE
Run .EXE
file
PICKERHOST.EXE
Run .EXE
file
MpCmdRun.exe
C:\PROGRAM FILES\WINDOWS
DEFENDER\MpCmdRun.exe
11012017
18:01
11012017
18:01
11012017
17:59
11012017
17:59
11012017
17:58
11012017
17:58
11012017
17:57
11012017
17:57
11012017
17:56
11012017
17:55
11012017
17:54
11012017
17:53
1101-
Run .EXE
file
DELLUPTRAY.EXE
C:\PROGRAM FILES (X86)\DELL

UPDATE\DELLUPTRAY.EXE
Run .EXE
file
DFS.COMMON.AG
ENT.EXE
C:\PROGRAM FILES\Dell\DELL
FOUNDATION
SERVICES\DFS.COMMON.AGENT.EXE
Run .EXE
file
PICKERHOST.EXE
Run .EXE
file
PICKERHOST.EXE
Run .EXE
file
PICKERHOST.EXE
Run .EXE
file
PICKERHOST.EXE
BUILDER3D.EXE
C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.3DBUIL
User Logon
User Logon
System
Started
User Logon
System
Shutdown
User
Logof
Run .EXE
file
2017
17:51
11012017
17:49
11012017
17:48
11012017
17:47
11012017
17:45
11012017
17:42
11012017
17:41
11012017
17:41
11012017
17:41
11012017
17:41
11012017
17:34
11012017
17:32
11012017
17:32
DER_11.0.17.0_X64__8WEKYB3D8BBWE\B
UILDER3D.EXE
Run .EXE
file
fsquirt.exe
C:\Windows\System32\fsquirt.exe
Select file
in
open/save
dialog-box
Letter_of_Authori
ty_for_Income_Ta
x.188101920.doc
F:\Letter_of_Authority_for_Income_Tax.188
101920.doc
Run .EXE
file
rundll32.exe
C:\Windows\System32\rundll32.exe
Run .EXE
file
rundll32.exe
C:\Windows\System32\rundll32.exe
View
Folder in
Explorer
11.1.17 BAPU
BHAWAN
F:\DIT\certification\Bank ITR\16-17\10
JAN\11.1.17 BAPU BHAWAN
View
Folder in
Explorer
16-17
F:\DIT\certification\Bank ITR\16-17
View
Folder in
Explorer
Bank ITR
F:\DIT\certification\Bank ITR
View
Folder in
Explorer
.01.2017
G:\.01.2017
View
Folder in
Explorer
G:\
View
Folder in
Explorer
BILL
F:\DIT\BILL
Run .EXE
file
SPEECHUXWIZ.E
XE
C:\WINDOWS\SYSTEM32\SPEECH\SPEECH
UX\SPEECHUXWIZ.EXE
Run .EXE
file
DSMUSERTASK.E
XE
XE
11012017
17:32
11012017
17:30
11012017
17:30
11012017
17:19
11012017
17:19
11012017
17:17
11012017
17:17
11012017
17:17
11012017
17:17
11012017
17:17
11012017
17:17
11012017
17:16
1101-
Run .EXE
file
SPEECHUXWIZ.E
XE
C:\WINDOWS\SYSTEM32\SPEECH\SPEECH
UX\SPEECHUXWIZ.EXE
View
Folder in
Explorer
certification
F:\DIT\certification
Run .EXE
file
DSMUSERTASK.E
XE
XE
Run .EXE
file
McUICnt.exe
C:\PROGRAM FILES\COMMON
FILES\McAfee\platform\McUICnt.exe
Run .EXE
file
DELLUPTRAY.EXE
C:\PROGRAM FILES (X86)\DELL

UPDATE\DELLUPTRAY.EXE
Run .EXE
file
cmd.exe
C:\Windows\System32\cmd.exe
Run .EXE
file
SIHOST.EXE
C:\WINDOWS\SYSTEM32\SIHOST.EXE
Run .EXE
file
DFS.COMMON.AG
ENT.EXE
C:\PROGRAM FILES\Dell\DELL
FOUNDATION
SERVICES\DFS.COMMON.AGENT.EXE
User Logon
User Logon
Resumed
from sleep
User
Logof
User Logon
2017
17:16
11012017
17:07
11012017
17:07
11012017
17:06
11012017
17:06
11012017
17:04
11012017
17:04
11012017
17:04
11012017
17:04
11012017
17:04
11012017
17:04
11012017
17:03
11012017
17:01
Run .EXE
file
MpCmdRun.exe
Software
Installation
Setup.exe
C:\ProgramData\Package Cache\
{afe60883-1215-45d9-a7f6ecda5e7fc13c}\Setup.exe
Run .EXE
file
cmd.exe
Run .EXE
file
WWAHost.exe
Run .EXE
file
PICKERHOST.EXE
Run .EXE
file
CREDENTIALUIBR
OKER.EXE
C:\Windows\System32\CREDENTIALUIBRO
KER.EXE
Run .EXE
file
IGFXEM.EXE
C:\WINDOWS\SYSTEM32\IGFXEM.EXE
Windows
Installer
Ended
Windows
Installer
Started
Windows
Installer
Ended
User Logon
Windows
Installer
Started
11012017
17:01
11012017
17:01
11012017
17:01
11012017
17:01
11012017
17:01
11012017
17:01
11012017
17:01
11012017
16:58
11012017
16:58
11012017
16:57
11012017
16:57
11012017
16:57
1101-
Run .EXE
file
cmd.exe
Run .EXE
file
SearchUI.exe
C:\Windows\SYSTEMAPPS\MICROSOFT.WIN
DOWS.CORTANA_CW5N1H2TXYEWY\Searc
hUI.exe
Run .EXE
file
SHELLEXPERIENC
EHOST.EXE
C:\Windows\SYSTEMAPPS\SHELLEXPERIEN
CEHOST_CW5N1H2TXYEWY\SHELLEXPERI
ENCEHOST.EXE
Run .EXE
file
explorer.exe
C:\Windows\explorer.exe
Run .EXE
file
SIHOST.EXE
C:\WINDOWS\SYSTEM32\SIHOST.EXE
User Logon
User Logon
System
Started
User Logon
System
Shutdown
Windows
Installer
Ended
User
Logof
Windows
Installer
2017
16:57
11012017
16:55
11012017
16:55
11012017
16:54
11012017
16:54
11012017
16:52
11012017
16:52
11012017
16:52
11012017
16:50
11012017
16:44
11012017
16:44
11012017
16:42
11012017
16:35
Started
Windows
Installer
Ended
Software
Installation
Windows
Installer
Started
Run .EXE
file
setup.exe
C:\PROGRAMDATA\Adobe\Setup\
{AC76BA86-7AD7-1033-7B44AB0000000001}\setup.exe
Run .EXE
file
MICROSOFTEDGE
.EXE
C:\Windows\SYSTEMAPPS\MICROSOFT.MIC
ROSOFTEDGE_8WEKYB3D8BBWE\MICROS
OFTEDGE.EXE
Run .EXE
file
OpenWith.exe
View
Folder in
Explorer
FORM 2
F:\DIT\LLP\INVICTUS E-NET TRADE

LLP\FORM 2
View
Folder in
Explorer
F:\
User Logon
User Logon
Run .EXE
file
WWAHost.exe
Run .EXE
file
OpenWith.exe
11012017
16:35
11012017
16:35
11012017
16:35
11012017
16:34
11012017
16:34
11012017
16:34
11012017
16:29
11012017
16:29
11012017
16:28
11012017
16:28
11012017
16:28
11012017
16:27
1101-
Software
Installation
Uninstall.exe
C:\Program Files (x86)\Mozilla

Maintenance Service\Uninstall.exe
Run .EXE
file
MAINTENANCESE
RVICE_INSTALLER
.EXE
C:\PROGRAM FILES (X86)\MOZILLA

FIREFOX\MAINTENANCESERVICE_INSTALLE
R.EXE
Software
Installation
firefox.exe
C:\Program Files (x86)\Mozilla

Firefox\firefox.exe
Run .EXE
file
SETUP-STUB.EXE
C:\USERS\DELL
PC\APPDATA\LOCAL\TEMP\7ZS1FC7.TMP\S
ETUP-STUB.EXE
Run .EXE
file
SETUP-STUB.EXE
C:\USERS\DELL
PC\APPDATA\LOCAL\TEMP\7ZS1FC7.TMP\S
ETUP-STUB.EXE
Run .EXE
file
FIREFOX SETUP
STUB 50.1.0.EXE
C:\Users\dell pc\DOWNLOADS\FIREFOX
SETUP STUB 50.1.0.EXE
Run .EXE
file
OpenWith.exe
Run .EXE
file
MAINTENANCESE
RVICE_INSTALLER
.EXE
C:\PROGRAM FILES (X86)\MOZILLA

FIREFOX\MAINTENANCESERVICE_INSTALLE
R.EXE
Run .EXE
file
SETUP.EXE
C:\USERS\DELL
PC\APPDATA\LOCAL\TEMP\7ZS4BF0.TMP\S
ETUP.EXE
Run .EXE
file
SETUP.EXE
C:\USERS\DELL
PC\APPDATA\LOCAL\TEMP\7ZS4BF0.TMP\S
ETUP.EXE
Run .EXE
file
FIREFOX SETUP
16.0B1.EXE
F:\Software\BROWSERS_IE_CROME_FIRFO
X\FIREFOX SETUP 16.0B1.EXE
View
Folder in
Explorer
browsers_ie_cro
me_firfox
F:\Software\browsers_ie_crome_firfox
New folder
E:\wallpapers\home\shriya\New folder
View
Folder in
2017
16:20
11012017
16:20
11012017
16:20
11012017
16:20
11012017
16:20
11012017
16:20
11012017
16:14
11012017
16:14
11012017
16:14
11012017
16:13
11012017
16:11
11012017
16:07
11012017
15:45
Explorer
View
Folder in
Explorer
shriya
E:\wallpapers\home\shriya
Run .EXE
file
WinRAR.exe
C:\PROGRAM FILES\WinRAR\WinRAR.exe
View
Folder in
Explorer
WinRAR
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\WinRAR
Run .EXE
file
UNINSTALL.EXE
C:\PROGRAM
FILES\WinRAR\UNINSTALL.EXE
Run .EXE
file
WINRAR-X6450B8.EXE
F:\Software\WINRAR-X64-50B8.EXE
View
Folder in
Explorer
-17 F:\DIT\certification\t Wealth\hul\-17
View
Folder in
Explorer
hul
F:\DIT\certification\t Wealth\hul
View
Folder in
Explorer
t Wealth
F:\DIT\certification\t Wealth
View
Folder in
Explorer
VIJAY GUPTA
F:\z Other Rishabh files\ICAI\forencic audit

& FRAUD DETECTION
(FAFD)\RESEARCH\VIJAY GUPTA
View
Folder in
Explorer
.01.2017
.01.2017
Run .EXE
file
OHUB.EXE
C:\PROGRAM
FILES\WINDOWSAPPS\MICROSOFT.MICROS
OFTOFFICEHUB_17.6801.23751.0_X64__8
WEKYB3D8BBWE\OHUB.EXE
Run .EXE
file
POWERPNT.EXE
C:\PROGRAM FILES (X86)\MICROSOFT

OFFICE\root\Office16\POWERPNT.EXE
11012017
15:30
11012017
15:30
11012017
15:24
11012017
15:23
11012017
15:11
11012017
14:28
11012017
14:22
11012017
14:21
11012017
14:20
11012017
14:19
11012017
14:18
11012017
14:18
1101-
View
Folder in
Explorer
allahabad
audit\allahabad
View
Folder in
Explorer
BANK AUDIT
F:\DIT\BANK AUDIT
Run .EXE
file
LockApp.exe
C:\Windows\SYSTEMAPPS\MICROSOFT.LOC
KAPP_CW5N1H2TXYEWY\LockApp.exe
View
Folder in
Explorer
RIYA
RIYA
Run .EXE
file
POWERPNT.EXE

Run .EXE
file
POWERPNT.EXE

Run .EXE
file
POWERPNT.EXE

Run .EXE
file
MODEMAPPLICAT
ION.EXE
C:\PROGRAM FILES (X86)\HSPA USB

MODEM\MODEMAPPLICATION.EXE
Run .EXE
file
SearchUI.exe
hUI.exe
Run .EXE
file
McUICnt.exe
C:\PROGRAM FILES\COMMON
FILES\McAfee\platform\McUICnt.exe
User Logon
Resumed
from sleep
Resumed
from sleep
2017
14:18
11012017
14:18
11012017
11:32
11012017
11:32
11012017
11:11
11012017
11:11
11012017
11:11
11012017
11:11
11012017
10:51
11012017
10:51
11012017
10:40
11012017
10:38
11012017
10:38
User Logon
User
Logof
User Logon
Run .EXE
file
SearchUI.exe
hUI.exe
Run .EXE
file
IGFXEM.EXE
MpCmdRun.exe
Resumed
from sleep
User Logon
User
Logof
User Logon
Run .EXE
file
Windows
Installer
Ended
Windows
Installer
Started
11012017
10:35
11012017
10:35
11012017
10:35
11012017
10:34
11012017
10:33
11012017
10:33
11012017
10:32
11012017
10:32
11012017
10:32
11012017
10:32
11012017
10:32
Run .EXE
file
SearchUI.exe
hUI.exe
Run .EXE
file
SHELLEXPERIENC
EHOST.EXE
C:\Windows\SYSTEMAPPS\SHELLEXPERIEN
CEHOST_CW5N1H2TXYEWY\SHELLEXPERI
ENCEHOST.EXE
Run .EXE
file
IGFXEM.EXE
Run .EXE
file
schtasks.exe
C:\Windows\SysWOW64\schtasks.exe
Run .EXE
file
MSI20B7.TMP
C:\WINDOWS\INSTALLER\MSI20B7.TMP
Run .EXE
file
schtasks.exe
C:\Windows\SysWOW64\schtasks.exe
User Logon
System
Started
User Logon
Windows
Installer
Ended
User Logon
DATA RECOVERY
During the data recovery phase we have found that file in folder
F:\MULTIMIDIA\FILMS\PORN\1\LL\XXX.VOB was exist in the PC of Mr. MMM, CFO but
deleted from the PC
OBSERVATION:
1. As per the list of the devices which was connected in the Mr. MMM, CFO PC it
has been found that the pen drive hp v220w USB Device containing serial
no AA00000000003722 was connected at 11-01-2017 19:58 .
2. As per the comparison of hash function of hp v220w USB Device we found
it exactly match with the pen drive and no changes occur in the pen drive
after that.
3. As per the User Actions and Events List it has been found that file XXX.VOB
(A porn film) existed at address F:\MULTIMIDIA\FILMS\PORN\1\LL\XXX.VOB in
the PC of Mr. MMM, CFO was copied at the same time.
4. During the data recovery we have observed that the same file was existed in
the same location in the PC Of Mr. MMM but deleted permanently.
FEES OF OUR SERVICE:

As decided between us and Mr. ABC (on behalf of XYZ Ltd), fees for our service of
Rs. 1,00,000 (Rs. One Lac Only) plus Service Tax @ 15% (as applicable) of Rs.
15,000 is due to be paid on or before January 20, 2017. Additional interest and
penalty for any delay caused in payment is to be paid @ 24% p.a. over and above
the actual total sum due to be paid.

3.forensic Audit Report - 1

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

3.forensic Audit Report - 1

Încărcat de

Drepturi de autor:

Formate disponibile

January 14, 2017

Dear Mr. ABC,

For VKG ASSOCIATES

(A)The objective of the engagement was to conduct a forensic audit/investigation of

Eleven (11) current employees;

COMPUTER SYSTEM REVIEW:

MTP USB Device

USB Input Device

USB Video Device

Following is the calculation of HP Pen Drive Message Digest

C:\PROGRAM FILES (X86)\Adobe\READER

C:\PROGRAM FILES (X86)\DELL

C:\PROGRAM FILES (X86)\DELL

F:\DIT\LLP\INVICTUS E-NET TRADE

C:\Program Files (x86)\Mozilla

C:\PROGRAM FILES (X86)\MOZILLA

C:\Program Files (x86)\Mozilla

C:\PROGRAM FILES (X86)\MOZILLA

-17 F:\DIT\certification\t Wealth\hul\-17

F:\z Other Rishabh files\ICAI\forencic audit

C:\PROGRAM FILES (X86)\MICROSOFT

C:\PROGRAM FILES (X86)\MICROSOFT

C:\PROGRAM FILES (X86)\MICROSOFT

C:\PROGRAM FILES (X86)\MICROSOFT

C:\PROGRAM FILES (X86)\HSPA USB

FEES OF OUR SERVICE:

S-ar putea să vă placă și