Presentation on theme: "Grover Kearns, PhD, CPA, CFE Class 10 1. What is Forensic Accounting? Forensic accounting is accounting that is suitable for legal review, offering the."— Presentation transcript:
Grover Kearns, PhD, CPA, CFE Class 10 1
What is Forensic Accounting? Forensic accounting is accounting that is suitable for legal review, offering the highest level of assurance, and including the now generally accepted connotation of having been arrived at in a scientific fashion. Encompasses investigation, dispute resolution and litigation support. 2
Forensic Accounting Specialist A forensic accountant combines accountancy and computer forensics to analyze financial data and find evidence that would be legally valid during a court proceeding. Is engaged in electronic discovery investigating digital evidence from computers and other devices. Can acquire, analyze and report on digital evidence. Conducts special audits aka a review, a due diligence, an investigative audit, or a forensic audit. Each label has its own connotations. 3
Essential MS Security Malicious Software Removal Tool Microsoft Security Essentials Update Adobe, Flash, Java Uninstall old Java Avira Anti-Virus Free Update Security Patches Weekly Update Anti-Virus at Least Weekly 4
Trust everyone … but always cut the cards. 5
Passware Kit Forensic
Paraben Sticks 8
What are Hidden Files? A file with a special hidden attribute turned on, so that the file is not normally visible to users. Hidden files mainly serve to hide important operating system-related files and user preferences. 9
Find Hidden Files Turn on Windows operating system preference to show hidden files. In Explorer > Tools > Folder options… > View > Select “Show hidden files, folders, and drives” > OK Use software to search for hidden files. 10
Click the Microsoft Office Button, point to Prepare, and then click Inspect Document. In the Document Inspector dialog box, click Inspect. Review the inspection results. If Document Inspector finds comments and tracked changes, you are prompted to click Remove All next to Comments, Revisions, Versions, and Annotations. Oops! Your comments are showing.
12 Don’t send the annotations with the document!
Remove personal information from file before distribution. Alternatives: *Send as.pdf *Save as.rtf and then reconvert to.doc
Properties can provide information on file name, final author and company (is this the company that you expected?).
Note dates, last saved by, and total editing time.
Other Methods to Conceal Change the file extension Data.xls becomes Data.jpg Change font color to background In a Word document change font color to white, etc. Hide rows and columns in spreadsheets Use steganography 16
Steganography Steganography comes from the Greek words Steganós (Covered) and Graptos (Writing). The goal is to hide messages inside other harmless messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message Hide any type of binary file in any other binary file Security through obscurity 17
The Good Watermarks (Copyright Protection) Unique Hash Value Tag Notes Confidentiality Encryption Anonymity Private Communication The Bad Industrial Espionage Terrorism Pornography Malware Steganography 18
Digital Steganography Text in media files Audio files Picture files Video files Pictures in media files Other picture files Video files Files archived in other pictures Popular data formats (carriers).bmp.doc.gif.jpeg.mp3.txt.wav This image contains hidden text 19
Picture in Picture Can you see any differences? (the one on the left is meaner) 20
File Size Comparisons 21
QuickCrypto Type secret message here. 22
What is a Virtual Machine? A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual machine behaves exactly like a physical computer and contains it own virtual (ie, software- based) CPU, RAM hard disk and network interface card (NIC). 23
What is a Virtual Machine? An operating system can’t tell the difference between a virtual machine and a physical machine, nor can applications or other computers on a network. A virtual machine is composed entirely of software and contains no hardware components whatsoever. 24
Creating a USB Boot The easiest way to turn a USB flash drive into a bootable Windows 7 installer is by using the tool Microsoft offers 25
Q. If I already have the hashes (produced by hash.exe) of my operating system, how difficult is it to compare the current hashes of the same files to make certain none have been altered? A. It is a simple 3 line batch file using hash.exe and compare.exe. It should take approximately 10 minutes to complete. 26
Q. How do I dump the contents of RAM on a Windows machine? A. Use the nifty freeware WinDump! 27
28 Q. What is a packet sniffer? A. It sniffs packets! It actually captures certain packets or headers to ascertain network quality. It can also be used in a nefarious fashion. WireShark aka Ethereal is a popular freeware packet sniffer. Do you know what a packet is?
What is a Honeypot? In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. trap information systems computernetwork 29
Brief Header 30
31 Full Header
Servers and Clients 33
Horizontal & Vertical Analysis of Income Stmt 34 Horizontal: Pct change from prior period Vertical: Divide each item by Sales Revenues
35 Horizontal & Vertical Anal. of Balance Sheet Horizontal: Pct change from prior period Vertical: Divide each item by Total Assets
Extract / Filter 36 Use Data / Filter
Extract / Filter 37 Filters on any field and can use “if” and “where” type operators. Save new set in a worksheet or file.