Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.

Slides:



Advertisements
Similar presentations
Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Advertisements

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
FRAUD EXAMINATION ALBRECHT, ALBRECHT & ALBRECHT
Fraud Examination, 3E Chapter 7: Investigating Theft Acts
Chapter © 2014 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a.
COEN 252 Computer Forensics
Effective Discovery Techniques In Computer Crime Cases.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Zimbelman, Albrecht, Albrecht, Albrecht © 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
FORENSIC ACCOUNTING - BA124 - Fall 2008Slide 7-1 Today’s Topics n Methods for Investigating Fraud n Theft Investigation Methods n Concealment Investigation.
Albrecht, Albrecht, Albrecht, Zimbelman Chapter 14: Fraud Against Organizations © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned,
Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.
FORENSIC ACCOUNTING - BA124 - Fall 2011Slide 7-1 Today’s Topics n Methods for Investigating Fraud n Theft Investigation Methods.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
© 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Chapter 3 – Electronic Business (E-Business) Systems
Concepts of Database Management Eighth Edition
Zimbelman, Albrecht, Albrecht, Albrecht © 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Computer Forensics Principles and Practices
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Welcome to Unit 3 Proactive and Reactive Investigations SURVEILLANCE.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
World Trade Equilibrium CHAPTER 20 © 2016 CENGAGE LEARNING. ALL RIGHTS RESERVED. MAY NOT BE COPIED, SCANNED, OR DUPLICATED, IN WHOLE OR IN PART, EXCEPT.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Elasticity: Demand and Supply CHAPTER 6 © 2016 CENGAGE LEARNING. ALL RIGHTS RESERVED. MAY NOT BE COPIED, SCANNED, OR DUPLICATED, IN WHOLE OR IN PART, EXCEPT.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
© 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Fraud Investigation FRAUD EXAMINATION ALBRECHT & ALBRECHT Theft and Concealment Investigation Methods CHAPTER 7.
© 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
© 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
The Jon Benet Ramsey Case Catalyst: What were the issues with the original investigation? What went wrong?
© 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
© 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
© 2017 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Chapter 8: Investigating Concealment © 2016 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible.
Zimbelman, Albrecht, Albrecht, Albrecht © 2012 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
CIT 180 Security Fundamentals Computer Forensics.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
1 New Perspectives on Access 2016 Module 8: Sharing, Integrating, and Analyzing Data.
The Jon Benet Ramsey Case
Chapter 7: Investigating Theft Acts
Using Apps to Get and Share Information
Guide to Computer Forensics and Investigations Fifth Edition
Chapter 3: Fighting Fraud: An Overview
Fraud Examination Chapter 8
CHAPTER 1 Introduction to International Macroeconomics
Forensic Accounting Chapter 16
Presentation transcript:

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Fraud Examination, 4E Chapter 7: Investigating Theft Acts

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Learning Objectives  Discuss theft investigation methods and how they are used to investigate suspected fraud.  Understand how to coordinate an investigation, using a vulnerability chart.  Describe the nature of surveillance and covert operations.  Understand the effectiveness of invigilation to investigate fraud.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Learning Objectives  Explain how to obtain physical evidence and how it can be used in a fraud investigation.  Understand how to seize and analyze electronic information from cell phones, hard drives, , and other sources.  Use trash and other social engineering methods to investigate fraud.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. When Should You Investigate Fraud? Consider the following:  strength of the predication  cost of the investigation  exposure or amount that could have been taken  the signal that investigation or noninvestigation will send to others in the organization

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. When Should You Investigate Fraud?  risks of investigating and not investigating  public exposure or loss of reputation from investigating and not investigating  nature of the possible fraud

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Fraud Investigation Methods  Once there is predication, determine the:  Who?  How?  How much? Questions of the fraud.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Fraud Investigation Methods

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Methods that directly investigate the fraud act  Surveillance and covert operations  Invigilation  Obtaining physical evidence  Gathering electronic evidence

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  When beginning a fraud investigation it is often useful to develop theories  One way to develop such theories is to use a vulnerability chart

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Surveillance and Covert Operations  Rely on the senses— especially hearing and seeing

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  The three types of surveillance:  stationary or fixed point  Record events occurring at a scene  Log includes time, place, and events  moving or tailing  Following the suspect  Should only be done by professionals  electronic surveillance  Video camera

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods Invigilation Involves close supervision of suspects during an examination period Strict temporary controls are implemented so that committing fraud is almost impossible

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Invigilation Diagram

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Physical Evidence  Involves analyzing objects such as:  inventory, assets, and broken locks  substances such as grease and fluids  traces such as paints and stains  impressions such as cutting marks, tire tracks, and fingerprints or searching computers

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Steps for gathering electronic evidence  Caution: The gathering of electronic evidence is a highly technical task that must be performed correctly. You may want to include a computer forensics specialist on your team.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Step 1: Secure the Device and Perform Initial Tasks  Need to have the legal right to seize the hardware  Exercise care with respect to chain of custody, evidence marking, etc.  Take pictures of the seizure site and have neutral witnesses on the scene

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods After the preliminary steps of securing the Device and performing initial tasks:  Turn the computer off by cutting power to the machine (or by removing the battery on laptops)  DO NOT TURN THE COMPUTER OFF NORMALLY

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Step 2: Clone the Device & Calculate CRC Checksum  Perform a bit-for-bit copy of the entire hard drive  Calculate the CRC checksum  Seal away the original disk  Perform investigation on the cloned copy

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Cyclic redundancy check (CRC) number: a calculation based on the contents of a disk or file  Create the CRC immediately after the bit-for-bit copy You can prove later that:  Your cloned hard drive exactly matched the original drive  You have not modified data since the hard was seized.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods The two primary checksum methods used today are the MD5 and SHA-1 algorithms

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods Step 3: Search the Device Manually Common areas to search include:  Computer logs such as Web activity, recent files on the Start menu, Web favorites, and the browser history.  The “My Documents” folder—most applications save data to this location.  The trash can or recycle bin.  USB keys, CDs, or disks found around the computer.

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Recently loaded files listed in the “File” menu of many applications  Chat logs and client caches

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Step 4: Search the Device Using Automated Procedures  Forensic Software Packages  Guidance Software’s Encase Forensic Edition  AccessData’s The Forensic Toolkit (FTK)  Open Source Packages  e-fence Inc.’s Helix  Remote-Exploit.org’s Backtrack

Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Theft Act Investigative Methods  Systems  Many copies may exist (sender, receiver, server)  Includes text messaging in certain countries  Web-based (Hotmail, GMail, Yahoo! Mail) is more difficult to search

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.