Catching Al Capone : What All Accountants Should Know About Computer Forensics.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

Control and Accounting Information Systems
ITAuditing Using GAS & CAATs
Auditing Computer-Based Information Systems
Evidence Collection & Admissibility Computer Forensics BACS 371.
Auditing Computer Systems
Auditing Computer-Based Information Systems
We’ve got what it takes to take what you got! NETWORK FORENSICS.
BACS 371 Computer Forensics
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works
Information Security Policies and Standards
Developing a Records & Information Retention & Disposition Program:
Forensic and Investigative Accounting
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Incidence Response & Computer Forensics, Second Edition
TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
Grover Kearns, PhD, CPA, CFE, CITP Catching Al Capone : What All Accountants Should Know About Computer Forensics.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
By Drudeisha Madhub Data Protection Commissioner Date:
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J w/ T. Scocca.
Internal Auditing and Outsourcing
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
7-Oct-15 System Auditing. AUDITING Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic.
Information Systems Security Operational Control for Information Security.
Computer Forensics Principles and Practices
Auditing Information Systems (AIS)
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Understanding the IT environment of the entity. Session objectives Defining contours of financial accounting in an IT environment and its characteristics.
Lecture 11: Law and Ethics
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
S4: Understanding the IT environment of the entity.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.
By: Megan Guild and Lauren Moore. Concept Map Mountain Stream Co. OS Active wear Computer Security Their Questions Details Examples Computer Forensics.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Chapter 3-Auditing Computer-based Information Systems.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Forensic and Investigative Accounting Chapter 13 Computer Forensics: A Brief Introduction © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago,
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Information Security tools for records managers Frank Rankin.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Computer Forensics 1 1.
Exam Information CSI5107 Network Security.
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Introduction to Digital Forensics
Presentation transcript:

Catching Al Capone : What All Accountants Should Know About Computer Forensics

ScarfaceScarface

Eliot Ness

Catching Al Capone Capone was known to be responsible for a wide array of felonies and violent crimes but evidence was lacking Witnesses tended to disappear Direct evidence was needed Business records provide direct evidence Careful search, analysis, and handling of data are required to produce data that are acceptable as evidence 5

Survey Shows Companies Fear Fraud, But Many Not Prepared Ernst & Young's 9th Global Fraud Survey: Fraud Risk in Emerging Markets 60 percent of multinationals say they believe fraud is more likely to occur in emerging market operations than developed markets Robust internal controls remain the first line of defense against fraud for companies in all markets 6

8 Why Accountants and auditors … are better positioned to detect computer based fraud can assist in maintaining a chain-of-custody for digital evidence can better communicate with IT employees can promote IT-based internal controls can assist in the efficient use of IT resources

9 How Accountants and auditors … participate in setting and evaluating internal controls are trained in digital forensic technique – recovery of data, analysis of data develop an increased level of understanding of networks, databases, and information systems can maintain a chain of custody over digital evidence can interpret transaction logs

10 Caveat Accountants and auditors are not … responsible for IS or the efficient use of IT resources responsible for uncovering all instances of corporate fraud responsible for digital recovery of information

11 AICPA Top 10 Technologies Information Security Management 2. IT Governance 3. Business Continuity Management (BCM) and Disaster Recovery Planning (DRP) 4. Privacy Management 5. Business Process Improvement (BPI), Workflow and Process Exception Alerts 6. Identity and Access Management 7. Conforming to Assurance and Compliance Standards 8. Business Intelligence 9. Mobile and Remote Computing 10. Document, Forms, Content and Knowledge Management

Common Applications of Computer Forensics Employee internet abuse  common, but decreasing Unauthorized disclosure of corporate information and data  accidental and intentional Industrial espionage Damage assessment Criminal fraud and deception cases 12

ISO Standards to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System" "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization". 13

Cardinal Rules of Evidence Handling Only use tools and methods that have been tested and evaluated to validate their accuracy and reliability. Handle the original evidence as little as possible to avoid changing the data. Establish and maintain the chain of custody. Document everything done. Never exceed personal knowledge 14

Types of Audits Public (aka External or Financial) Management Operating Information Technology Compliance Fraud 15

Forensic Accountants are Involved In Criminal Investigations Shareholders' and Partnership Disputes Personal Injury Claims Business Interruption Fraud Investigations Matrimonial Disputes Professional Negligence Mediation and Arbitration 16

Computer forensics can be defined as the collection and analysis of data from computersystems, networks, communication streams (wireless) and storage media in a manner that is admissible in a court of law. -CERT 17

“Computer forensics” can thus not afford solely to concern itself with procedures and methods of handling computers, the hardware from which they are made up and the files they contain. The ultimate aim of forensic investigation is use in legal proceedings [Mandia 01]. The objective in computer forensics is quite straightforward. It is to recover, analyze and present computer based material in such a way that it is useable as evidence in a court of law [Mandia 01].

19 Digital Crime Scene Investigation Digital Forensic Investigation A process that uses science and technology to examine digital objects and that develops and tests theories, which can be entered into a court of law, to answer questions about events that occurred. IT Forensic Techniques are used to capture and analyze electronic data and develop theories.

20 Audit Goals of a Forensic Investigation Uncover fraudulent or criminal cyber activity Isolate evidentiary matter (freeze scene) Document the scene Create a chain-of-custody for evidence Reconstruct events and analyze digital information Communicate results

21 Audit Goals of a Forensic Investigation Immediate Response Shut down computer (pull plug) Bit-stream mirror-image of data Begin a traceback to identify possible log locations Contact system administrators on intermediate sites to request log preservation Contain damage and stop loss Collect local logs Begin documentation

22 Audit Goals of a Forensic Investigation Continuing Investigation Implement measures to stop further loss Communicate to management and audit committee regularly Analyze copy of digital files Ascertain level and nature of loss Identify perpetrator(s) Develop theories about motives Maintain chain-of-custody

23 Digital Crime Scene Investigation Scene Preservation & Documentation Goal: Preserve the state of as many digital objects as possible and document the crime scene. Methods:  Shut system down  Unplug (best)  Do nothing Bag and tag

24 Audit Goals of a Forensic Investigation Requirements for Evidence Computer logs … Must not be modifiable Must be complete Appropriate retention rules

25 Digital Crime Scene Investigation Problems with Digital Investigation Timing essential – electronic evidence volatile Auditor may violate rules of evidence NEVER work directly on the evidence Skills needed to recover deleted data or encrypted data

26 Digital Crime Scene Investigation Extract, process, interpret Work on the imaged data or “safe copy” Data extracted may be in binary form Process data to convert it to understandable form  Reverse-engineer to extract disk partition information, file systems, directories, files, etc  Software available for this purpose Interpret the data – search for key words, phrases, etc.

27 Digital Crime Scene Investigation Technology Magnetic disks contain data after deletion Overwritten data may still be salvaged Memory still contains data after switch-off Swap files and temporary files store data Most OS’s perform extensive logging (so do network routers)

Role of a First Responder Essentially the first person notified and reacting to the security incident Responsibilities: Determine the severity of the incident Collect as much information about the incident as possible Document all findings Share this collected information to determine the root cause 28

Importance of Computer Forensics to Accountants First Responder IT Auditor Member of CERT Maintain Chain-of-Evidence Document Scene Develop Investigatory Process Manage Investigatory Process Advanced Certifications (CISA etc) 29

30 A PDF file opened in a Hex Editor

31 A PDF file opened in NotePad

32 A BMP file opened in a Hex Editor

33 A JPG file opened in a Hex Editor

An Introduction to Computer Auditing “There is nothing more difficult to plan, more doubtful of success, nor more dangerous to manage than the creation of a new system” ~ Machievelli. 34

Project Management The basic principles of good project management are: clearly defined management responsibility clear objectives and scope effective planning and control clear lines of accountability 35

Project Management Triad: Scope, Cost, Timeline Must have top management sponsor Reports to a steering committee Timeline contains milestones Project team includes accountants End-user support critical Buy or develop software decision Must have project methodology 36

Items of Audit Interest Design methodology System controls  Close backdoors Adequate user training Steering committee to monitor progress 37

Controls General Controls Security Change Management Disaster Recovery Application Controls Data Input Controls Processing Controls Output Controls 38

Controls (cont.) Access Controls Encryption (Private and Public Key Systems) Network Firewalls and Intrusion Detection Systems 39

Audit Tools Computer Assisted Audit Tools (CAATs) AKA Generalized Audit Software (GAS) ACL and IDEA (Analytical Tools) Excel Interrogation Tools ProDiscover (Acquisition and Investigate) EnCase (Acquisition and Investigate) Hex Editors (Investigate) 40

End Class 2 Lecture Questions? 41

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.