...Guide to Computer Forensics and Investigations Fourth Edition Chapter 7 Current Computer Forensics Tools Objectives • Explain how to evaluate needs for computer forensics tools • Describe available computer forensics software tools • List some considerations for computer forensics hardware tools • Describe methods for validating and testing computer forensics tools Guide to Computer Forensics and Investigations 2 Evaluating Computer Forensics Tool Needs • Look for versatility, flexibility, and robustness – – – – – OS File system Script capabilities Automated features Vendor’s reputation • Keep in mind what application files you will be analyzing Guide to Computer Forensics and Investigations 3 Types of Computer Forensics Tools • Hardware forensic tools – Range from single-purpose components to complete computer systems and servers • Software forensic tools – Types • Command-line applications • GUI applications – Commonly used to copy data from a suspect’s disk drive to an image file Guide to Computer Forensics and Investigations 4 Tasks Performed by Computer Forensics Tools • Five major categories: – – – – – Acquisition Validation and discrimination Extraction Reconstruction Reporting Guide to Computer Forensics and Investigations 5 Tasks Performed by Computer Forensics Tools (continued) • Acquisition – Making a copy of the original drive • Acquisition subfunctions: – – – – – – – Physical data copy Logical data copy...
Words: 2076 - Pages: 9
...Casey Anthony Case Dixit and Gothwal (2015) define criminal law as a rule that control the social conduct and prohibits the acts that are harmful to the people and as such, threatening the safety and the welfare of societal members. Morse (2015) contends that criminal laws define the punishment levelled on the people who break the prescribed societal conduct while Holland (2015) asserts that criminal laws refer to the state laws, which make certain actions illegal and punishable by fines or imprisonment. Accordingly, the case of Casey Anthony falls under the criminal and as such, the forensic evidence gathered from the trunk of her car makes her criminally reliable, as the said evidence is admissible in the court of law. The forensic experts from the Federal Bureau of Investigation (FBI) examined a band of hair recovered from her vehicle, which exposed evidence of apparent decomposition. Forensic analysis of the recovered band of hair showed consistence with the band of hair of the deceased. The FBI experts who conducted forensic analysis on the band of hair told the court that the sample had many consistencies in relation to the post-mortem banding. Moreover, microscopic hair examination specialist told the jurors that the root portion of the air was dark and, therefore, consistent with the evidence presented by the FBI. The analyzed evidence showed that the hair was evicted forcibly from the deceased. Further, an investigator of the crime scene testified that that there...
Words: 955 - Pages: 4
...Preperation of the executive summary and legal warrants (10) Documentation (10) Conclusions/recommendations (10) Referencing (10) Evidence identification and preservation (15) Critical analysis and evaluation of the case (15) Q&A session during presentation (30) Total (100) The marking table must be placed on a single page, located as either the second or third page of your final assignment documentation. Contents EXECUTIVE SUMMARY 2 AUTHORIZATION 3 IDENTIFICATION 4 COLLECTION AND PRESERVATION 5 Mr. Mike’s Work-Station 5 TTBANK Server 5 CHAIN OF CUSTODY FORM 7 EXAMINATION AND ANALYSIS 8 EVIDENCES RECOVERED 8 RECONSTRUCTION 11 RELATIONAL ANALYSIS 12 CONCLUSION & RECOMMENDATION 13 EXECUTIVE SUMMARY This is the case involving the staff of TTBANK that was suspected of misuse of company property due to that staff bragging about gaining access to privileged information to his colleagues that he should have otherwise not have gotten access to. The issue first came to the attention of Mr. Ali, the Enterprise Systems Administrator of TT Bank who had investigated silently to discover the identity of the staff and that the person was a member of the Loans Department and his name was Mr. Mike. What became particularly disturbing was that Mike worked in the Loans Department and should not have any access whatsoever to any Human Resources (HR) department files. The Enterprise System Administrator decided that the case should be investigated...
Words: 1635 - Pages: 7
...Background: On October 27, 2016 at approximately 09:30 AM, I, Investigator James Poffel was assigned a case in reference to a sexual assault of a child. The victim is 6-year-old, Madelyn Diamond. The suspect is her 17-year-old step-brother, Justin Hawkins. The reporting party was Justin Markovics with the Muskogee County DHS. Justin stated that the interviews from case 2016-37501, where Justin Hawkins had sexually assaulted his cousin, Lillian Shurson, provided information that Madelyn may also be a victim of Justin’s. A forensic interview of Madelyn was already performed and through that process a disclosure was made. Justin is now filing the police report based off of those disclosures. Madelyn was interviewed at Kids’ Space Child Advocacy Center on October 24, 2016...
Words: 416 - Pages: 2
...Forensic Accounting in Practice Twana Bethea BUS 508 May 21, 2013 Dr. Phyllis Praise Abstract Forensic Accounting is the application of the skills and training of a chartered accountant to disputes and investigations. Fraud is usually hidden in the accounting systems of organizations and that’s where forensic accountants play a critical role. Forensic accountants are contacted by companies when they need to figure out where a fraud was committed in their company. The accountants interview witnesses, analyze evidence such as email traffic between all parties involved. They will also freeze bank accounts if needed. They are hired to find out what happen and who was involved. If the case goes to trial they can be called to testify. The key skill of the forensic accountant is communicating complex financial transaction or data in a concise manner using images, graphs and languages that can be easily understood by non-accountants, the judiciary, and juries. With the growing complexity of business related investigations, Forensic Accounting professionals are increasing and the need is as well for investigations of business and financial issues. Forensic Accounting Practices Forensic Accounting has been in exist for many years, today there have been an increase in the need for this type of profession. Forensic accounting is the practice of integration of accounting, auditing and investigative skills. The accountings provide a court with an accounting analysis on the basis...
Words: 1442 - Pages: 6
...“Forensic Accounting” is a term that you do not hear every day so let’s examine its definition. The Strayer University BUS508 textbook defines accounting as, “The process of measuring, interpreting, and communicating financial information to enable people inside and outside the firm to make informed decisions.” Merriam-Webster defines forensic as, “suitable for a court of law.” Our textbook defines forensic accounting as, “Forensic accounting is accounting performed in preparation for legal review.” The textbook also describes it as, "focus on uncovering potential fraud in a variety of organizations.” The Business Dictionary defines it as a, “Criminal investigation practice whereby investigators analyze financial documents and activities to determine if and how a crime, such as fraud, has been committed by an organization. Tactics include tax analysis, financial reporting review and banking activity oversight.” This also includes white collar crimes such as embezzlement, stock market manipulation and price fixing schemes. This can include the financial impact of marketplace events, such as intellectual property infringement, anti-trust actions, financial reporting fraud, asset impairment and business valuation (Neumann, O'Connor, 2008). It also includes matters of family law, such as matrimonial disputes. In short, "Forensic accounting is the use of accounting, auditing, and investigative skills to assist in legal matters.” They use accounting skills following the GAAP (generally...
Words: 4286 - Pages: 18
...Guide to Computer Forensics and Investigations Fourth Edition Chapter 4 Data Acquisition Objectives • List digital evidence storage formats • Explain ways to determine the best acquisition method • Describe contingency planning for data acquisitions • Explain how to use acquisition tools Guide to Computer Forensics and Investigations 2 Objectives (continued) • Explain how to validate data acquisitions • Describe RAID acquisition methods • Explain how to use remote network acquisition tools • List other forensic tools available for data acquisitions Guide to Computer Forensics and Investigations 3 Understanding Storage Formats for Digital Evidence • Three formats – Raw format – Proprietary formats – Advanced Forensics Format (AFF) Guide to Computer Forensics and Investigations 4 Raw Format • Makes it possible to write bit-stream data to files • Advantages – Fast data transfers – Can ignore minor data read errors on source drive – Most computer forensics tools can read raw format • Disadvantages – Requires as much storage as original disk or data – Tools might not collect marginal (bad) sectors Guide to Computer Forensics and Investigations 5 Proprietary Formats • Features offered – Option to compress or not compress image files – Can split an image into smaller segmented files – Can integrate metadata into the image file • Disadvantages – Inability to share an image between different tools – File size limitation for each...
Words: 2803 - Pages: 12
...Forensic science has been around for a long time now. the concept of it is to find evidence to solve a case. I am attracted to this because I like thinking at a new level. I like analyzing things to come up with an explanation. Forensics is a growing industry due to the amount of crimes that are taking place now a day. A forensic technician “…collect, identify, classify, and analyze physical evidence related to criminal investigation.” (Summary." U.S. Bureau of Labor Statistics). they to this in order to find potential suspects in a murder scene or simply to find an explanation on what happened. There’s different fields you can take in forensic science, for example there’s forensic anthropology. Anthropologist have knowledge on the human...
Words: 487 - Pages: 2
...Forensic Accounting Name: Institution: Forensic accounting, also referred to as investigative accounting involves in the utilization of accounting concepts as well as techniques in solving legal problems. It is the work of forensic accountants to investigate and document fraud (financial) as well as white collar crimes like embezzlement. They also assist attorneys in litigation support and law enforcement agents in investigating and solving financial inconsistencies (Silverstone, 2012). Corporations and Legal firms consult forensic accountants to aid in allegations of fraud. It is therefore important for forensic consultants to be very good at their work considering their clients. To be an excellent forensic attorney one needs to possess certain skills. Important Skills that a Forensic Accountant needs to possess: Firstly, a good forensic accountant must be competent in accounting. One must initially be a certified public accountant before considering working a career in forensic accounting. This is because one need to be familiar with basic as well as complex accounting in order to perform the necessary tasks that forensic accountants are contracted to do. CPAs are evaluated by the Certified Financial Forensics (CFFs) credential which is exclusively issued to CPAs who demonstrate expert ability in forensic accounting through their education, experience and skills (Singleton, 2010). ...
Words: 1764 - Pages: 8
...Computer Forensics? System forensics is the process of systematically examining computer media as well as network components, software, and memory for evidence. System forensics involves collecting, preserving, analyzing, and documenting evidence to reconstruct user activities. Appropriately collected evidence is often presented in court to solve criminal cases and prosecute criminals. 2. How has technology improved the way criminal investigators perform their job? Technology improved the way criminal investigators perform their jobs by making it easier to track things, there is different types of software out there today to help them with these issues, and make the jobs easier, when you have different technology to help. 3. Why would a company report or not report a compromise case? The reason a company may or may not report a compromise because if it’s not in their favor and they may report it if it’s in their favor and vice versa. They wouldn’t want to look incompetent. 4. Who is in charge of labeling and securing sensitive information? The one in charge of labeling and securing sensitive information is the forensic specialist. 5. What is the Daubert standard? The Daubert Standard provides a rule of evidence regarding the admissibility of expert witnesses' testimony during United States federal legal proceedings. 6. Why would someone use a hex editor in a forensic investigation? The reason someone would use a hex editor in a forensic investigation is if the...
Words: 898 - Pages: 4
...Forensic Pathology: The Art of Human Dissection Sean J. Ainsworth University of Maryland University College Forensic Pathology: The Art of Human Dissection Criminal investigators gather information, evidence and intelligence regarding criminal offenses to accurately provide justice. With this in mind, what happens when factors are present outside their control? For example, a deceased body is discovered with absolutely no evidence or investigative leads. This is a task not for the criminal investigator, but for a Forensic Pathologist. Forensic Pathology is the study, dissection and examination of deceased bodies; furthermore, is arguably the most challenging and difficult occupation within criminal investigations. Forensic Pathologist are the last line of support when determining cause of death, with this in mind, extensive training, education and experience is required to fulfill the most gut-wrenching unattractive occupation. By definition, Forensic Pathology is the determination of the cause of death by examining a corpse. With this in mind, Forensic Pathologist dissect corpses, examine, remove and obtain samples of organs to determine how that individual died. Also, Forensic Pathologists expose photographs of the deceased body, obtain fingerprints, weigh each organ and document such findings in an investigation of their own. Forensic Pathologist even go as far as determining how close the individual was shot, the position of the weapon, direction the bullets entered...
Words: 734 - Pages: 3
...Abstract. The purpose of this paper is three-fold. First, it is to highlight corporate scandals that have happened in Malaysia. Second, it is to discuss some major causes of these corporate scandals; and third, it is to recommend the possible actions and preventive measures to curb these scandals. 1. Introduction In the recent years, the public and business community have been surprised with the exposure of many corporate scandals and accounting fraud by the managers of the company. It disappoints many stakeholders as after the financial crisis in 1997, many efforts have been initiated and implemented to strengthen the business control and foundation of the company. One of the important lessons learned from the financial crisis in 1997 is the weaknesses in the governance of the company such as too much power is given to a single person in managing the company, weak internal control and poor work of the directors that leads to the failure of the company. Due to this, a total regulatory and governance were embarked all over the world. Just to name a few, in the US, the Sarbanese Oxley Act was established, while in the UK the Code of Corporate Governance was extensively revised to stop all these corporate diseases from spreading and becoming a cancer for the global business community. However, all this effort has seemed fruitless as after the heavy debate and discussion and huge struggle by the regulator and market administrator, these corporate scandals are still returning...
Words: 3562 - Pages: 15
...U.S. Department of Justice Office of Justice Programs National Institute of Justice APR. 04 Special REPORT Forensic Examination of Digital Evidence: A Guide for Law Enforcement U.S. Department of Justice Office of Justice Programs 810 Seventh Street N.W. Washington, DC 20531 John Ashcroft Attorney General Deborah J. Daniels Assistant Attorney General Sarah V. Hart Director, National Institute of Justice This and other publications and products of the U.S. Department of Justice, Office of Justice Programs, National Institute of Justice can be found on the World Wide Web at the following site: Office of Justice Programs National Institute of Justice http://www.ojp.usdoj.gov/nij APR. 04 Forensic Examination of Digital Evidence: A Guide for Law Enforcement NCJ 199408 Sarah V. Hart Director This document is not intended to create, does not create, and may not be relied upon to create any rights, substantive or procedural, enforceable at law by any party in any matter civil or criminal. Opinions or points of view expressed in this document represent a consensus of the authors and do not represent the official position or policies of the U.S. Department of Justice. The products, manufacturers, and organizations discussed in this document are presented for informational purposes only and do not constitute product approval or endorsement by the U.S. Department of Justice. This document was prepared under Interagency Agreement #1999–IJ–R–094 between...
Words: 22743 - Pages: 91
...FORENSIC AUDITING As stated by Gordon Brown, the former Prime Mister of the United Kingdom, “what the use of fingerprints was to the 19th century and DNA analysis was to the 20th century, forensic accounting will be to the 21st century”. When people first see the word “forensic”, they naturally categorize it into a science-related field. According to Webster’s Dictionary, the term “forensic” is defined as “belonging to, used in, or suitable to courts of judicature or to public discussions and debate”. Therefore, forensic accounting is generally defined as relating and applying financial facts to legal problems (Singleton and Singleton 12). Forensic accounting consists of a combination of the techniques that are used in accounting, auditing, and investigative work. The focus of this paper is on the concept of forensic auditing; however, forensic auditing cannot be fully understood without incorporating all of the facts about forensic accounting. Most situations that involve forensic auditing will deal with proposed fraudulent activities, but there are some cases that may deal with non-fraudulent activities, such as settlements of monetary disputes (“Student Accountant”). Throughout this paper, we will discuss, in detail, the profession of forensic auditing and forensic accounting in relation to fraudulent activities. What is Forensic Auditing? Forensic auditing and financial auditing are not related in any way; rather, they have their own distinct objectives that are set...
Words: 3839 - Pages: 16
...skills that a forensic accountant needs to possess and evaluate the need for each skill. A forensic accountant assists organizations and individuals chiefly to provide management support in the form of reviews for fraud detection and litigation support, especially through expert witness testimony. In conducting an investigation, a forensic accountant applies specialized skills and technical abilities including: Understanding of law and rules of evidence—A forensic accountant is familiar with criminal and civil law and understands courtroom procedures and expectations. Understanding rules of evidence ensures that all the findings and related documentation is admissible in court. A forensic accountant possesses a basic understanding of the legal process and legal issues. Critical and analytical investigative skills—"An auditor may be a watchdog, but a forensic accountant is a bloodhound!" A forensic accountant must possess a high level of skepticism and the "tenacity of a detective" to thoroughly examine situations for red flags suggesting fraud. Understanding theories, methods, and patterns of fraud abuse—A forensic accountant thinks creatively in order to consider and understand the tactics a fraud perpetrator may use to commit and conceal fraudulent acts. A forensic accountant thinks like the individual who would manipulate accounting records or misrepresent circumstances to defraud the company. Well developed interpersonal and communication skills—A forensic accountant clearly...
Words: 1616 - Pages: 7
