1 IT Investigative Tools Tools and Services for the Forensic Auditor.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

1 Grover Kearns, PhD, CPA Information Technology Audit & Forensic Techniques ACG 6936 Summer 2007.
Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Computer Forensics.
Effective Discovery Techniques In Computer Crime Cases.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Computer & Network Forensics
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Introduction to Computers Essential Understanding of Computers and Computer Operations.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Maintaining Windows Server 2008 File Services
Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.
Capturing Computer Evidence Extracting Information.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
IMonitor Software About IMonitorSoft Since the year of 2002, coming with EAM Security Series born, IMonitor Security Company stepped into the field of.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Grover Kearns, PhD, CPA, CFE Computer Forensics for Accountants Class 2 Summer 2013.
Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.
Internet Standard Grade Computing. Internet a wide area network spanning the globe. consists of many smaller networks linked together. Service a way of.
Guide to Computer Forensics and Investigations, Second Edition
Forensic and Investigative Accounting
The Office Procedures and Technology
Viruses.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
Digital Crime Scene Investigative Process
Suntisak Thammavongsa Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
Guide to Computer Forensics and Investigations Fourth Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
© Prentice Hall, 2005Excellence in Business, Revised Edition Chapter Fundamentals of Information Management, the Internet, and E-Commerce.
Using Computer Assisted Audit Tools and Techniques (CAATTs)
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Network Security & Accounting
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Web Forensics Matthew M. Kimball.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 24 Computer Crime and Forensics.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
SOFTWARE. Software… Instructions that are stored electronically that tell the computer what to do.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Anti-Forensics Hidden Evidence. Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Catching Al Capone : What All Accountants Should Know About Computer Forensics.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Maintaining Windows Server 2008 File Services
Application Software EIT, © Author Gay Robertson, 2016.
Digital Forensics CJ
Presentation transcript:

1 IT Investigative Tools Tools and Services for the Forensic Auditor

2 Digital Crime Scene Investigation Problems with Digital Investigation Timing essential – electronic evidence volatile Auditor may violate rules of evidence NEVER work directly on the evidence Skills needed to recover deleted data or encrypted data

3 Digital Crime Scene Investigation Extract, process, interpret Work on the imaged data or “safe copy” Data extracted may be in binary form Process data to convert it to understandable form  Reverse-engineer to extract disk partition information, file systems, directories, files, etc  Software available for this purpose Interpret the data – search for key words, phrases, etc.

4 Digital Crime Scene Investigation Technology Magnetic disks contain data after deletion Overwritten data may still be salvaged Memory still contains data after switch-off Swap files and temporary files store data Most OS’s perform extensive logging (so do network routers)

5 Disk Geometry Track Sector Cylinder (Clusters are groups of Sectors)

6 Slack Space End of File Slack Space Last Cluster in a File

7 Illustration of Forensic Tools Forensic Software Tools are used for … Data imaging Data recovery Data integrity Data extraction Forensic Analysis Monitoring

8 Data Imaging EnCase Reduces internal investigation costs Platform independent Automated analysis saves time Supports electronic records audit Creates logical evidence files — eliminating need to capture entire hard drives

9 Data Recovery File Recovery with PC Inspector

10 Data Eradication Securely Erasing Files

11 Data Integrity MD5 Message Digest – a hashing algorithm used to generate a checksum Available online as freeware Any changes to file will change the checksum Use: Generate MD5 of system or critical files regularly Keep checksums in a secure place to compare against later if integrity is questioned

12 Data Integrity MD5 Using HashCalc

13 Data Integrity HandyBits EasyCrypto

14 Data Integrity Private Disk

15 Data Monitoring Tracking Log Files

16 Data Monitoring PC System Log

17 Security Software Log Entries

18

19 Free Log Tools

20 Audit Command Language (ACL) ACL is the market leader in computer- assisted audit technology and is an established forensics tool. Clientele includes … 70 percent of the Fortune 500 companies over two-thirds of the Global 500 the Big Four public accounting firms

21 Forensic Tools Audit Command Language ACL is a computer data extraction and analytical audit tool with audit capabilities … Statistics Duplicates and Gaps Stratify and Classify Sampling Benford Analysis

23

24

25

26

27 Forensic Tools: ACL Benford Analysis States that the leading digit in some numerical series follows an exponential distribution Applies to a wide variety of figures: financial results, electricity bills, street addresses, stock prices, population numbers, death rates, lengths of rivers

28

29

30

31 Data Monitoring Employee Internet Activity Spector captures employee web activity including keystrokes, , and snapshots to answer questions like: Which employees are spending the most time surfing web sites? Which employees chat the most? Who is sending the most s with attachments? Who is arriving to work late and leaving early? What are my employees searching for on the Internet?

32 Data Monitoring : Spector Recorded

33 Data Monitoring : Spector Recorded Web Surfing

34 Data Monitoring : Spector Recording Keystrokes

35 Data Monitoring : Spector Recorded Snapshots

36

37 Data Capture : Key Log Hardware KeyKatcher  Records chat, , internet & more  Is easier to use than parental control software  Identifies internet addresses  Uses no system resources  Works on all PC operating systems  Undetectable by software

38 index.dat files Contain all of the Web sites that you have ever visited. Every URL, every Web page, all of the that has been sent or received through Outlook or Outlook Express. On Windows 2000 and Windows XP there are several "index.dat" files in these locations: \Documents and Settings\ \Cookies\index.dat \Documents and Settings\ \Local Settings\History\History.IE5\index.dat \Documents and Settings\ \Local Settings\History\History.IE5\MSHist \index.dat \Documents and Settings\ \Local Settings\History\History.IE5\MSHist \index.dat \Documents and Settings\ \Local Internet Files\Content.IE5\index.dat These files cannot be deleted without special software!

39

40 Background Checks

41

42

43

44

45 ipconfig /all

46 ipconfig /displaydns

47 netstat -a

48

49 Eraser Private Disk HashCalc PC Inspector VeriSign HandyBits Encryption EnCase

50 Spector Stolen ID Search Abika Background Check Guide to Log Management ACFE Fraud Prevention Checkup NetWitness GASP Std V 7.0 Free Software Federal Guidelines for Searches

51 Florida Criminal Database Federal Bureau of Prisons

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.