Acc 626 slidecast - Forensics for IT


Published on

First i will be defining the term Forensics for Information technology and explain the process and steps. I will discuss the techniques and tools used and also the key issues faced by the industry. Finally I will explain how an audit can benefit an IT investigation.

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Acc 626 slidecast - Forensics for IT

  1. 1. Concepts on Forensics for Information Technology<br />ACC 626 Slidecast<br />
  2. 2. What is Forensics for IT?<br />Computer forensics and Digital Forensics<br />Computer Forensics – 80s-90s <br />Unformat, undelete, diagnose and remedy<br />Essentially data retrieval from computers to obtain evidence<br />Digital Forensics<br />Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS)<br />preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS)<br />Applies to all digital sources, i.e not limited to computers<br />
  3. 3. What is Forensics for IT?<br />Forensics for IT?<br />Many other IT devices capable of processing and storing data<br />Computer forensics does is no longer an appropriate term<br />It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)<br />
  4. 4. What is Forensics for IT?<br />Role and Application<br />Applicable and necessary in 3 types of cases<br />Crimes where IT is incidentally involved<br />Crimes where IT is the enabler<br />Crimes against IT systems<br />to support crime investigations which involve the complexity of information systems (Gottschalk)<br />Presented in “e-discovery”<br />
  5. 5. What is Forensics for IT?<br />Process and Steps<br />
  6. 6. Techniques and Tools<br />IT Forensic Techniques<br />Search Techniques<br />Manual vs. automated<br />Search customization<br />Reconstructive Techniques<br />Log files analysis<br />System files analysis<br />
  7. 7. Techniques and Tools<br />IT Forensic Tools and Software<br />Industry standard tools – Encase<br />Specialist tools – FATkit<br />Open source designed tools<br />Software developed to react rather than anticipate<br />Forensics tools for mobile devices and tablets<br />
  8. 8. Key Issues<br />The Digital Evidence and the Legal Environment<br />Laws not written with digital evidence and IT crime scene in mind<br />Criminals are creating new ways to conduct IT enabled crime and to attack IT systems<br />Legal rights and privacy laws are sensitive in IT investigations<br />
  9. 9. Key Issues<br />Research and Development<br />Rapid development of technology <br />Data and file formats<br />VOIP, P2P, Outsourcing, portable storage, the cloud<br />Lack of direction in development of IT Forensics<br />No guidelines and strategy<br />Need taxonomy, best practices and clear standards<br />
  10. 10. Key Issues<br />Anti-forensics and Tools<br />Traditional techniques<br />Artefact wiping<br />Data overwriting<br />Data hiding<br />Advanced techniques<br />Footprint minimization<br />Exploitation of bugs in forensic software<br />Detection of IT forensic tools<br />
  11. 11. Forensics for IT and Auditing<br />Integration between the two<br />Audit information can lead to investigation efficiency<br /> “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe)<br />Ex. Terminated employee, existence of backups<br />
  12. 12. Thank You<br />