1 / 13

OUG Scotland 2013

Crime Scene Investigation: eBusiness Suite. OUG Scotland 2013. By: Arian Stijf Arven arian@arven.nl. Prologue. Accounts Payable Departments, how may I help you?. Hi, this is N.O. Pence from FraudFighters . Calling about invoice FF001of

lynton
Download Presentation

OUG Scotland 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Crime Scene Investigation: eBusiness Suite OUG Scotland 2013 By: Arian Stijf Arven arian@arven.nl

  2. Prologue Accounts Payable Departments, how may I help you? Hi, this is N.O. Pence from FraudFighters. Calling about invoice FF001of EUR 100,-. We did not receive a payment yet, can you check why? According to the system, we have paid the invoice in amount of EUR 250,- on June 12th. We didn’t receive any payment. Which bank account did you pay in to? Did you say EUR 250,-? The invoice is only EUR 100,-?

  3. Crime Scene! • An invoice was paid, but payment was never received • The invoice amount has increased • What happened? • Who did it?

  4. Secure the scene • WHOIS information is overwritten on every update. • Current status of the transactions may change • People trying to ‘fix’ the issue

  5. The clues: Transaction Trail • Invoice entered • Invoice validated (/ approved) • Payment entered • Bank statement reconciliation

  6. Invoice • About this Record: • Created by • Created at • Last updated by • Last updated • Hidden information: • Last_update_login

  7. Invoice information • Created by: CWHITE on 09-JUN-2013 17:41:40 • Last updated by: PGREEN on 12-JUN-2013 09:06:29 • Last update is the payment status

  8. Intermediate • Invoice has been changed after entry. • But only the last change is recorded. • What is the history of the Invoice? • eBS Audit Trail • RDBMS Auditing • Flashback query • Logminer

  9. Audit Trailing • eBS Audit trail • Based on eBS Transactions • Shows eBS users • RDBMS Audit trail • Based on RDBMS Transactions • All updates by APPS user • Flashback queries

  10. How about the payment? • PGREEN created the payment but has an alibi • Somebody hacked the account? • What options do we have?

  11. Who is behind the logon? Client Middle Tier Data base eBusiness Suite IP-Address + Time Stamp or MAC Address WS Session ID IP-Address RDBMS Session WHOIS Session Data

  12. From Middle Tier to Client • Apache / WL access logs • Find the login time • Find the user_id • Locate the history

  13. Your speaker • Arian Stijf • Arian@arven.nl • www.stijf.com

More Related