ACC 626 - Forensics for IT
Upcoming SlideShare
Loading in...5

ACC 626 - Forensics for IT






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

ACC 626 - Forensics for IT ACC 626 - Forensics for IT Presentation Transcript

  • Concepts on Forensics for Information Technology
    ACC 626 Slidecast
  • What is Forensics for IT?
    Computer forensics and Digital Forensics
    Computer Forensics – 80s-90s
    Unformat, undelete, diagnose and remedy
    Essentially data retrieval from computers to obtain evidence
    Digital Forensics
    Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS)
    preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS)
    Applies to all digital sources, i.e not limited to computers
  • What is Forensics for IT?
    Forensics for IT?
    Many other IT devices capable of processing and storing data
    Computer forensics does is no longer an appropriate term
    It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)
  • What is Forensics for IT?
    Role and Application
    Applicable and necessary in 3 types of cases
    Crimes where IT is incidentally involved
    Crimes where IT is the enabler
    Crimes against IT systems
    to support crime investigations which involve the complexity of information systems (Gottschalk)
    Presented in “e-discovery”
  • What is Forensics for IT?
    Process and Steps
  • Techniques and Tools
    IT Forensic Techniques
    Search Techniques
    Manual vs. automated
    Search customization
    Reconstructive Techniques
    Log files analysis
    System files analysis
  • Techniques and Tools
    IT Forensic Tools and Software
    Industry standard tools – Encase
    Specialist tools – FATkit
    Open source designed tools
    Software developed to react rather than anticipate
    Forensics tools for mobile devices and tablets
  • Key Issues
    The Digital Evidence and the Legal Environment
    Laws not written with digital evidence and IT crime scene in mind
    Criminals are creating new ways to conduct IT enabled crime and to attack IT systems
    Legal rights and privacy laws are sensitive in IT investigations
  • Key Issues
    Research and Development
    Rapid development of technology
    Data and file formats
    VOIP, P2P, Outsourcing, portable storage, the cloud
    Lack of direction in development of IT Forensics
    No guidelines and strategy
    Need taxonomy, best practices and clear standards
  • Key Issues
    Anti-forensics and Tools
    Traditional techniques
    Artefact wiping
    Data overwriting
    Data hiding
    Advanced techniques
    Footprint minimization
    Exploitation of bugs in forensic software
    Detection of IT forensic tools
  • Forensics for IT and Auditing
    Integration between the two
    Audit information can lead to investigation efficiency
    “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe)
    Ex. Terminated employee, existence of backups
  • Thank You