As a lawyer, I would want evidence of those emails--what website they went to, etcetera. I would also request information on the encryption process of passwords and firewalls to show the defenses the bank had in place. It would also be useful to demonstrate how quickly the intrusion was detected and by whom. Activity logs of data showing what packets were sent and to what IPs would potentially be helpful in limiting the damages and tracking down the hacker.
This is what I have so far:
PROOF OF THE (PHISHING) HACKER
- Temp file of document on hacker's hard drive
- Document sent through the email server
- IP transmission of packets from the sender, through the nodes, and to the receiver
- IP transmission (through a proxy) from the hacker to the bank creating bank accounts
- Frozen RAM with associated tasks running
- Hard drive tools associated with hacker tools
- Sandboxed trojan found on hard drive
PROOF ON THE RECIPIENT
- Trojan found installed with the same application data as found on the hacker's computer
- Emails found on the hard drive and recipients email server
- Matching email header details from the hacker's email server
- IP of the recipient from the email server
- Matching packet data from sender to recipient
- Fraudulent acitivities on the victim's account
- Several wire transfers going outside of several states and to foreign countries.
Yes, and I would advise making a forensic copy of the bank system from the time of the fraud/discovery to prevent accusations of data tampering; also, if it were at all possible to have proof that the hacker not only received the money, but spent it, your case would be strengthened even more.
Content will be erased after question is completed.