Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IT Investigative Tools Tools and Services for the Forensic Auditor.

Published byClara Burns Modified over 8 years ago

Similar presentations

Presentation on theme: "1 IT Investigative Tools Tools and Services for the Forensic Auditor."— Presentation transcript:

1 1 IT Investigative Tools Tools and Services for the Forensic Auditor

2 2 Digital Crime Scene Investigation Problems with Digital Investigation Timing essential – electronic evidence volatile Auditor may violate rules of evidence NEVER work directly on the evidence Skills needed to recover deleted data or encrypted data

3 3 Digital Crime Scene Investigation Extract, process, interpret Work on the imaged data or “safe copy” Data extracted may be in binary form Process data to convert it to understandable form  Reverse-engineer to extract disk partition information, file systems, directories, files, etc  Software available for this purpose Interpret the data – search for key words, phrases, etc.

4 4 Digital Crime Scene Investigation Technology Magnetic disks contain data after deletion Overwritten data may still be salvaged Memory still contains data after switch-off Swap files and temporary files store data Most OS’s perform extensive logging (so do network routers)

5 5 Disk Geometry Track Sector Cylinder (Clusters are groups of Sectors)

6 6 Slack Space End of File Slack Space Last Cluster in a File

7 7 Illustration of Forensic Tools Forensic Software Tools are used for … Data imaging Data recovery Data integrity Data extraction Forensic Analysis Monitoring

8 8 Data Imaging EnCase Reduces internal investigation costs Platform independent Automated analysis saves time Supports electronic records audit Creates logical evidence files — eliminating need to capture entire hard drives

9 9 Data Recovery File Recovery with PC Inspector

10 10 Data Eradication Securely Erasing Files

11 11 Data Integrity MD5 Message Digest – a hashing algorithm used to generate a checksum Available online as freeware Any changes to file will change the checksum Use: Generate MD5 of system or critical files regularly Keep checksums in a secure place to compare against later if integrity is questioned

12 12 Data Integrity MD5 Using HashCalc

13 13 Data Integrity HandyBits EasyCrypto

14 14 Data Integrity Private Disk

15 15 Data Monitoring Tracking Log Files

16 16 Data Monitoring PC System Log

17 17 Security Software Log Entries

18 18

19 19 Free Log Tools

20 20 Audit Command Language (ACL) ACL is the market leader in computer- assisted audit technology and is an established forensics tool. Clientele includes … 70 percent of the Fortune 500 companies over two-thirds of the Global 500 the Big Four public accounting firms

21 21 Forensic Tools Audit Command Language ACL is a computer data extraction and analytical audit tool with audit capabilities … Statistics Duplicates and Gaps Stratify and Classify Sampling Benford Analysis

22

23 23

24 24

25 25

26 26

27 27 Forensic Tools: ACL Benford Analysis States that the leading digit in some numerical series follows an exponential distribution Applies to a wide variety of figures: financial results, electricity bills, street addresses, stock prices, population numbers, death rates, lengths of rivers

28 28

29 29

30 30

31 31 Data Monitoring Employee Internet Activity Spector captures employee web activity including keystrokes, email, and snapshots to answer questions like: Which employees are spending the most time surfing web sites? Which employees chat the most? Who is sending the most emails with attachments? Who is arriving to work late and leaving early? What are my employees searching for on the Internet?

32 32 Data Monitoring : Spector Recorded Email

33 33 Data Monitoring : Spector Recorded Web Surfing

34 34 Data Monitoring : Spector Recording Keystrokes

35 35 Data Monitoring : Spector Recorded Snapshots

36 36

37 37 Data Capture : Key Log Hardware KeyKatcher  Records chat, e-mail, internet & more  Is easier to use than parental control software  Identifies internet addresses  Uses no system resources  Works on all PC operating systems  Undetectable by software www.lakeshoretechnology.com

38 38 index.dat files Contain all of the Web sites that you have ever visited. Every URL, every Web page, all of the email that has been sent or received through Outlook or Outlook Express. On Windows 2000 and Windows XP there are several "index.dat" files in these locations: \Documents and Settings\ \Cookies\index.dat \Documents and Settings\ \Local Settings\History\History.IE5\index.dat \Documents and Settings\ \Local Settings\History\History.IE5\MSHist012001123120020101\index.dat \Documents and Settings\ \Local Settings\History\History.IE5\MSHist012002010720020114\index.dat \Documents and Settings\ \Local Internet Files\Content.IE5\index.dat These files cannot be deleted without special software!

39 39

40 40 Background Checks

41 41

42 42

43 43 http://www.expressmetrix.com/solutions/

44 44

45 45 ipconfig /all

46 46 ipconfig /displaydns

47 47 netstat -a

48 48

49 49 Eraser http://www.heidi.ie/eraser/ Private Disk http://www.private-disk.net/ HashCalc http://www.slavasoft.com/hashcalc/index.htm PC Inspector http://www.download.com/3000-2242-10066144.html VeriSign http://www.verisign.com HandyBits Encryption http://www.handybits.com/ EnCase http://www.handybits.com/

50 50 Spector http://www.spectorsoft.com/ Stolen ID Search https://www.stolenidsearch.com/ Abika Background Check http://www.abika.com/ Guide to Log Management http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf ACFE Fraud Prevention Checkup http://www.acfe.com/documents/Fraud_Prev_Checkup_IA.pdf NetWitness http://www.netwitness.com/ GASP Std V 7.0 Free Software http://www.bsa.org/usa/antipiracy/Free-Software-Audit-Tools.cfm Federal Guidelines for Searches http://www.cybercrime.gov/searchmanual.htm

51 51 Florida Criminal Database http://www.fdle.state.fl.us/CriminalHistory/ Federal Bureau of Prisons http://www.bop.gov/

Download ppt "1 IT Investigative Tools Tools and Services for the Forensic Auditor."

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
1 Grover Kearns, PhD, CPA Information Technology Audit & Forensic Techniques ACG 6936 Summer 2007.

1 Grover Kearns, PhD, CPA Information Technology Audit & Forensic Techniques ACG 6936 Summer 2007.
Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.

Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Computer Forensics.

Computer Forensics.
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Computer & Network Forensics

Computer & Network Forensics
X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.

X-Ways Trace Prepared By: Leen F. Arikat Supervisor: Dr. Lo’ai Tawalbeh.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Introduction to Computers Essential Understanding of Computers and Computer Operations.

Introduction to Computers Essential Understanding of Computers and Computer Operations.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.

Similar presentations

Ads by Google