Professional Documents
Culture Documents
Forensic Accounting
AY 2021/22, Semester 2
Week 6 1
Objectives
The objective of this course is to equip our students with
knowledge of:
1. Digital forensics process
3
6
Expectation of Privacy
1. Anti-fraud policies and procedures include an explicit
statement acknowledged and signed by the employees
that they should not have expectation of privacy over
specified things in their office space or on their person
Report on
evidence,
Convert into analysis &
presentable conclusions
Execute forms
plan with (graphs)
Develop forensic
tests, tools
Create and procedures
authenticate 11
copies (no
alter)
Transport to
forensics lab
Secure
original
Acquire and evidence
authenticate (CoC)
Resolve evidence
privacy
Identify data
Sample Chain of Custody From
Source: Fraud Auditing and Forensic Accounting, Fourth Edition, Tommie W. Singleton, Aaron J. Singleton
12
Challenges and
Solutions in Digital
Forensics
Challenges along the Forensic Process
Data Data
collection reporting
Data
analysis
14
Control Systems Forensic Domain
15
Source: Creating Cyber Forensic Plan for Control Systems, Homeland Security
Challenges Impacting Effective
Forensics in Control Systems
1. Lack of (active) capabilities for the collection of
effective data (e.g. activities logging) for post-incident
security analysis in traditional systems and
technologies
3. Absent/inadequate logging
17
4. Automation – deployment of information resources hinders
the establishment of data retention scheme
19
Source: Creating Cyber Forensic Plan for Control Systems, Homeland Security
Solutions for Effective Forensics
Collection
1. Forensic security-by-design approach to SDLC
Modern/proprietary
25
Non-open source; Contemporary
unique and dead (offline)
proprietary – risk of analysis; vendor
data interaction
misinterpretation essential
Legacy/proprietary
Chief executive Piyush Gupta said on Monday (Feb 14) that two sets of reviews have been carried
out by experts, who have not been able to "replicate the problem" of why the server
malfunctioned….Nevertheless, we've learnt a lot from the reviews and it's principally around our
incidents management and recovery process…It took us some time to figure out what the problem
was and some time to fix it, and frankly, we could have done a lot better in terms of the speed of
recovery,"
27
Essential Forensic Elements
5. Real time forensics (modern/common technologies ->
business critical -> pre-installed live forensic toolkit)
logs)
6. Network analysis
ü Analyse abnormal processes 32
Forensic embedded IR
Our role is to prevent it, failing which we detect, and we examine with forensic technologies
34
Appendix 1:
Reading materials
Prescribed Reading Materials [F = Full reading]
36
Supplementary Reading Materials [O = Overall Understanding]
37