acc 626 slidecast - forensics for it
Post on 22-Oct-2014
924 views
DESCRIPTION
First i will be defining the term Forensics for Information technology and explain the process and steps. I will discuss the techniques and tools used and also the key issues faced by the industry. Finally I will explain how an audit can benefit an IT investigation.TRANSCRIPT
Concepts on Forensics for Information Technology
ACC 626 Slidecast
What is Forensics for IT? Computer forensics and Digital Forensics
Computer Forensics – 80s-90s Unformat, undelete, diagnose and remedy
Essentially data retrieval from computers to obtain evidence
Digital Forensics Scientific methods to reconstruct events or anticipate
unauthorized actions (DFRWS)
preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS)
Applies to all digital sources, i.e not limited to computers
What is Forensics for IT? Forensics for IT?
Many other IT devices capable of processing and storing data
Computer forensics does is no longer an appropriate term
It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)
What is Forensics for IT? Role and Application
Applicable and necessary in 3 types of cases
1. Crimes where IT is incidentally involved
2. Crimes where IT is the enabler
3. Crimes against IT systems
to support crime investigations which involve the complexity of information systems (Gottschalk)
Presented in “e-discovery”
What is Forensics for IT? Process and Steps
Acquire Data
Collect
Preserve
Verify Accuracy
Analyze Data
Analysis
Interpret
Reporting Findings
Document
Present
Techniques and Tools IT Forensic Techniques
Search Techniques Manual vs. automated
Search customization
Reconstructive Techniques Log files analysis
System files analysis
Techniques and Tools
IT Forensic Tools and Software Industry standard tools – Encase Specialist tools – FATkit Open source designed tools Software developed to react rather than
anticipate Forensics tools for mobile devices and
tablets
Key Issues The Digital Evidence and the Legal
Environment Laws not written with digital evidence and
IT crime scene in mind Criminals are creating new ways to
conduct IT enabled crime and to attack IT systems
Legal rights and privacy laws are sensitive in IT investigations
Key Issues Research and Development
Rapid development of technology Data and file formats
VOIP, P2P, Outsourcing, portable storage, the cloud
Lack of direction in development of IT Forensics No guidelines and strategy
Need taxonomy, best practices and clear standards
Key Issues Anti-forensics and Tools
Traditional techniques Artefact wiping Data overwriting Data hiding
Advanced techniques Footprint minimization Exploitation of bugs in forensic software Detection of IT forensic tools
Forensics for IT and Auditing Integration between the two Audit information can lead to
investigation efficiency “IT audit procedures can help facilitate
an understanding of both the computing environment and corresponding controls” (Lombe)
Ex. Terminated employee, existence of backups
Thank You