Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ACC 626 - Forensics for IT

467 views

Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

ACC 626 - Forensics for IT

  1. 1. Concepts on Forensics for Information Technology<br />ACC 626 Slidecast<br />
  2. 2. What is Forensics for IT?<br />Computer forensics and Digital Forensics<br />Computer Forensics – 80s-90s <br />Unformat, undelete, diagnose and remedy<br />Essentially data retrieval from computers to obtain evidence<br />Digital Forensics<br />Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS)<br />preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS)<br />Applies to all digital sources, i.e not limited to computers<br />
  3. 3. What is Forensics for IT?<br />Forensics for IT?<br />Many other IT devices capable of processing and storing data<br />Computer forensics does is no longer an appropriate term<br />It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)<br />
  4. 4. What is Forensics for IT?<br />Role and Application<br />Applicable and necessary in 3 types of cases<br />Crimes where IT is incidentally involved<br />Crimes where IT is the enabler<br />Crimes against IT systems<br />to support crime investigations which involve the complexity of information systems (Gottschalk)<br />Presented in “e-discovery”<br />
  5. 5. What is Forensics for IT?<br />Process and Steps<br />
  6. 6. Techniques and Tools<br />IT Forensic Techniques<br />Search Techniques<br />Manual vs. automated<br />Search customization<br />Reconstructive Techniques<br />Log files analysis<br />System files analysis<br />
  7. 7. Techniques and Tools<br />IT Forensic Tools and Software<br />Industry standard tools – Encase<br />Specialist tools – FATkit<br />Open source designed tools<br />Software developed to react rather than anticipate<br />Forensics tools for mobile devices and tablets<br />
  8. 8. Key Issues<br />The Digital Evidence and the Legal Environment<br />Laws not written with digital evidence and IT crime scene in mind<br />Criminals are creating new ways to conduct IT enabled crime and to attack IT systems<br />Legal rights and privacy laws are sensitive in IT investigations<br />
  9. 9. Key Issues<br />Research and Development<br />Rapid development of technology <br />Data and file formats<br />VOIP, P2P, Outsourcing, portable storage, the cloud<br />Lack of direction in development of IT Forensics<br />No guidelines and strategy<br />Need taxonomy, best practices and clear standards<br />
  10. 10. Key Issues<br />Anti-forensics and Tools<br />Traditional techniques<br />Artefact wiping<br />Data overwriting<br />Data hiding<br />Advanced techniques<br />Footprint minimization<br />Exploitation of bugs in forensic software<br />Detection of IT forensic tools<br />
  11. 11. Forensics for IT and Auditing<br />Integration between the two<br />Audit information can lead to investigation efficiency<br /> “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe)<br />Ex. Terminated employee, existence of backups<br />
  12. 12. Thank You<br />

×