Acc 626 slidecast - Forensics for IT
Upcoming SlideShare
Loading in...5

Acc 626 slidecast - Forensics for IT






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Acc 626 slidecast - Forensics for IT Acc 626 slidecast - Forensics for IT Presentation Transcript

    • Concepts on Forensics for Information Technology
      ACC 626 Slidecast
    • What is Forensics for IT?
      Computer forensics and Digital Forensics
      Computer Forensics – 80s-90s
      Unformat, undelete, diagnose and remedy
      Essentially data retrieval from computers to obtain evidence
      Digital Forensics
      Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS)
      preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS)
      Applies to all digital sources, i.e not limited to computers
    • What is Forensics for IT?
      Forensics for IT?
      Many other IT devices capable of processing and storing data
      Computer forensics does is no longer an appropriate term
      It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)
    • What is Forensics for IT?
      Role and Application
      Applicable and necessary in 3 types of cases
      Crimes where IT is incidentally involved
      Crimes where IT is the enabler
      Crimes against IT systems
      to support crime investigations which involve the complexity of information systems (Gottschalk)
      Presented in “e-discovery”
    • What is Forensics for IT?
      Process and Steps
    • Techniques and Tools
      IT Forensic Techniques
      Search Techniques
      Manual vs. automated
      Search customization
      Reconstructive Techniques
      Log files analysis
      System files analysis
    • Techniques and Tools
      IT Forensic Tools and Software
      Industry standard tools – Encase
      Specialist tools – FATkit
      Open source designed tools
      Software developed to react rather than anticipate
      Forensics tools for mobile devices and tablets
    • Key Issues
      The Digital Evidence and the Legal Environment
      Laws not written with digital evidence and IT crime scene in mind
      Criminals are creating new ways to conduct IT enabled crime and to attack IT systems
      Legal rights and privacy laws are sensitive in IT investigations
    • Key Issues
      Research and Development
      Rapid development of technology
      Data and file formats
      VOIP, P2P, Outsourcing, portable storage, the cloud
      Lack of direction in development of IT Forensics
      No guidelines and strategy
      Need taxonomy, best practices and clear standards
    • Key Issues
      Anti-forensics and Tools
      Traditional techniques
      Artefact wiping
      Data overwriting
      Data hiding
      Advanced techniques
      Footprint minimization
      Exploitation of bugs in forensic software
      Detection of IT forensic tools
    • Forensics for IT and Auditing
      Integration between the two
      Audit information can lead to investigation efficiency
      “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe)
      Ex. Terminated employee, existence of backups
    • Thank You