Running head: FORENSIC CASES
Forensic Cases
Stephanie Rudolph
Kaplan University
IT 550
Computer Forensic and Investigation
Prof: Bhanu Kapoor
November 26, 2013
Abstract
People are the most difficult creatures on earth to understand. Some have the mind set of doing some the off the wall and unacceptable things using technology. In this paper I have discussed location and the type of data you will find in in the case of a financial fraud and a child pornography case. Later in the paper discusses the procedures that and investigator might take to collect data from a suspect system. I will also provide a simple tool that can be used to collect all type of data from different location, making the investigator job much easier and help maintain the integrity of the evidence collected to be presented in court.
.
Forensic Cases There are many location that and investigator search to obtain data using computer forensic tools in a case on financial fraud and child pornography cases. In the case of a financial fraud emails can provide investigators with information not only the text but also the headers. The email headers can provide investigators with the information of who created the email, what software they used and the IP addressed that sent it. The email header also provide a date and time was sent. Credit card data shows the activity of charges. It show the location a person used a card as well as the time and date and what the purchase. From a personal experience I bank with USAA. The bank knows when I leave the country because of the direct deposit have a code of were a soldier is currently located and plus I always inform them when I leave the country. One day the bank calls me and asks me have I or have I been to Australia in the past week. They had detected some had trying using a duplicate of me card to book at a book store in Australia. Log files can provide the investigator with information such as the last person who logs on to a system the date /time and what they were doing. There is several other places that can provide investigators with evidence such as: Quicken files database, calendars, address books, notes, and spread sheets. In the case of investigating child pornography case there are also a couple places that need to be check. The media and graphic files can provide store videos and picture that the suspect stored after downloading. Cookies are another place to search. Cookies are created when the user uses their browser to visit a website that uses cookies to keep track of your movements within the site. The cookie the user to resume where they left off, and it remembers the user registered login, theme selection, preferences, and other customization functions. The website stores a corresponding file(with same ID tag)to the one they set in your browser and in this file they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address (What is a cookie?, n.d.). The data that cookies provide is the url of the website, duration of its abilities and effects. The cookie web server can recognized a person when they return because they either uses one of the common type of cookies web session cookie and that is temporary and there is the persistent cookie which is a site that you visits often so the webserver of that cookie can easily recognized you. Web query also can provide what a person is always searching on the internet. Steganography is the hiding of a secret message within an ordinary message and the extraction of it at its destination (Rouse, 2007). Image can be change to appear to be a message so no one can suspect that the image exists. Thanks to tools like Paraben P2 commander investigators can easily collect all the data they need to a criminal away. Paraben P2 commander is a certified, top of the line software that’s acceptable by many courts today. P2 can provide investigators with everything they need. P2 Commander was built on Paraben's trusted email examination tools for unparalleled network email and personal email archive analysis. Advanced features like Data Triage analysis, pornography detection, and file sorting along with comprehensive reporting and a case audit trail give investigators everything they need to present their findings in a repeatable and visually pleasing way (Paraben.com, 2012). The procedure for collecting in a case is to have a search warrant if necessary. Document everything from the time/date arriving on the scene to the finding of the very first piece of evidence. There are three steps in collecting data in a financial fraud. First is by secure and collect all tangible and oral evidence in a manner consistent with the rules of evidence to ensure admissibility. The second step is to analyze the evidence, and then the third step is to present the evidence in an understandable manner in a venue of the client's choosing (Deloitte, n.d.).
Computer forensics allows fraud investigators to uncover more of the facts and typically the group would search and analyze emails, documents and files that may be hidden or password protected, database of all user input activity and activity, recent opened, accessed, created or deleted files as well as online activities and banking transactions (Deloitte, n.d.). The investigation doesn’t just included system at the office but the offsite computer files and servers. Conclusion In the first part of this paper I have identified area of location and the data in the location that is helpful to investigator in a financial fraud case the second part of the paper I have provided the location and data that can found in a child pornography case. Following these two step is a forensic tool to assist investigator in the process of collecting evidence in these cases. The last part of the paper is the proper procedures to take when collecting data in a case.
References
Deloitte (n.d.). How to conduct an appropriate fraud investigation. Retrieve from http://www.deloitte.com/view/en_CA/ca/services/financialadvisory/forensicand disputeservices/726e9b58992fb110VgnVCM100000ba42f00aRCRD.htm
Paraben.com (2012). P2 Commander. Retrieve December 3, 2013 from http://www.paraben.com/p2-commander.html
Rouse, M. (2007). Steganography. Retrieve from http://searchsecurity.techtarget.com/definition/steganography
What is a cookie? (n.d.). All about cookies Retrieve December 3, 2013 from http://www.allaboutcookies.org/cookies/