exploring forensic analysis Flashcards
Forensic analysis:
Forensic analysis is the process of detecting, investigating, and documenting the reason, course, and consequences of a security incident or violation against state and organisation laws.
Part of digital forensics, forensic data analysis examines structured data and often uses statistical modelling to uncover fraudulent activities.
Steps for conducting a forensic analysis:
Developing Policy and Procedures
Assess the evidence
Acquire evidence
Examine the evidence
Documenting and reporting
Tools for forensic analysis:
Autopsy
Wireshark
Encrypted disk detector
Magnet RAM Capture
Forensic analysis in accounting:
The field of accounting operates with many specialisations, and auditing and forensic accounting are two of the most common.
Forensic accountants search specifically for fraudulent activity within organizations; auditors verify that companies are compliant with federal regulations and organizational policies.
Forensic accounting utilizes accounting, auditing, and investigative skills to conduct an examination into the finances of an individual or business.
Uses of forensic accounting:
Forensic Accounting for Litigation Support
Forensic Accounting for Criminal Investigation
Forensic Accounting in the Insurance Industry
Computer Forensics:
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.
Autopsy
It is an open-source GUI-based tool that analyses smart
phones and hard drives. It is used worldwide for investigating what happened
in a computer
Wireshark
It is a network capture and analyser software tool that sees
what happens in the network
Encrypted Disk Detector
It helps in checking encrypted physical drives
and supports Bitlocker, TrueCrypt, and Safeboot.
Magnet RAM Capture
t is used to capture physical memory of a
computer to analyse memory artifacts
Network Miner
It is a network forensic analyser for Linux, Windows,
and Mac OS X for detecting operating systems, hostname, open ports and
sessions by PCAP file or through packet sniffing
Importance of forensic analysis for the security of your infrastructure
- Prevents hacking
- Prevents malware
- retrieving deleted information
- Identifying vulnerabilities
Performing digital forensics:
Collection: identifying, labelling, recording, and acquiring data from the
possible sources of relevant data, while following procedures that preserve
the integrity of the data.
* Examination: forensically processing collected data using a combination of
automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data.
* Analysis: analysing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination.
* Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities,
improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic
process.
Forensic Tools and Techniques:
Operational Troubleshooting
log monitoring
data recovery
data acquisition
due diligence/regulatory compliance
forensic accounting for litigation support
Forensic accounting is utilized in litigation when quantification of damages is
needed. Parties involved in legal disputes use the quantifications to assist in
resolving disputes via settlements or court decisions. For example, this may arise
due to compensation and benefit disputes. The forensic accountant may be utilized
as an expert witness if the dispute escalates to a court decision
