A professional office often doesn’t have separation of duties. Often the office is run by an office manager, a part time bookkeeper and someone who manages insurance claims. When one goes on vacation another employee is likely to have control of cash as well as the accounting system.
This situation is difficult to investigate without the help of a forensic accountant and computer forensic experts.
The investigation was proceeding with an examination of the office accounting system by a sharp forensic accountant. When it was time for a deeper look at computers we were called in. Somebody was stealing money; the office manager was the suspect.
In the process of producing forensic images we noticed that the names for computers were printed on each machine (that’s OK). The big problem here was that the usernames and passwords for each machine were identical to the computer names (not OK). This saved lots of time for the medical staff, and probably also the janitor, but it meant that non-repudiation was ruined.
Non-repudiation is a technical term for knowing who is responsible for an action in the network.
If “real” logins are used with unique passwords it is possible to infer the identity of the person who used the machine at a particular time. In an office where all logins are known it is not practical to determine who was at the keyboard.
This discovery caused the termination of the investigation. We have caught embezzlers, but not this day.