ACC 427 4-2 Short Paper- Forensic Computer Evidence
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
427
Subject
Accounting
Date
Nov 24, 2024
Type
docx
Pages
6
Uploaded by Barbara8289
1
Forensic Computer Evidence
Harriet Creyer
4-2 Short Paper: Forensic Computer Evidence
Southern New Hampshire University
ACC 427 Investigating with Computers
2
Forensic Computer Evidence
Forensic Computer Evidence
Based on the material from the "U.S. Department of Justice Forensic Examination of Digital Evidence: A Guide for Law Enforcement" document, explain some important parts of the computer forensic process.
Digital Forensics or computer forensics is important as it helps within investigations and to assist in solving crimes that involve technology. Parts of this process involve the collections, preservation, analysts, and presentation of any digital evidence that would be used in court. What are some of the key considerations for an "on-site" examiner, also known as a "first responder"?
The on-site examiner also known as a ‘first responder’ is responsible for ensuring the crime screen is correctly secured both before and during the gathering of evidence. They also need to be able to consider the safety of the personal at the scene during this time. Some of the key considerations of the first responders to the scene would be to Identify the number, the types of computers and possibly the network in which the computers use. “Identify and document the types and volume of media, including removable media. Document the location
from which the media was removed.” (
Forensic Examination of Digital Evidence: A
Guide for Law Enforcement
2004). It is also essential that they identify any offsite storage and any potential remote locations for both computers and storage of these devices. These steps as well as a few others are essential in starting each investigation, while securing the crime scene it allows no questions that
3
Forensic Computer Evidence
the evidence was moved or tampered with at the start and correct procedures were followed to allow this. If anyone feels that the crime scene wasn’t correctly secured it could potentially throw the entire case out. (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004)
What are two attributes of a timestamp that could be located on a computer system? (List and explain.)
Time frame analysis can be useful when it comes to determining when certain events occurred within a computer system. It “can be used as a part of associating usage of the computer to an individual(s) at the time the events occurred.” (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004). These two methods associated with Time frame analysis are:
1.
Reviewing the time and date stamps within the system will include the date the file was last modified, the date it was last accessed, when it was created and if there was any change to the status; this is known as the metadata of a file. This can enable us to link all the files of interest and relevant to the case together. (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004)
2.
Reviewing the system and application logs to identify any time or date stamps that might be present, these could include “error logs, installation logs, connection logs, security logs, etc.” (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004). For example, when a password and or
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Forensic Computer Evidence
username was changed within a system, or when a user last logged on. When documenting and reporting a computer forensic examination (investigation), what are some common notes that should be maintained? (List and explain.)
When the examiner processes evidence it is essential that they make notes along the way to categories their thoughts about what they are seeing and potentially uncovering. Some
of these notes must be detailed enough to potentially be duplicated by another person and allow them to get the same results. They must also include the date, time, and full descriptions of what occurred during this process, this allows for a ‘play by play’ to be ‘visualized’ when it comes to their findings. There needs to be significant information regarding the processes used as well as any network or software changes used within the examination, along with any changes there needs to be detailed reasons as to why the changes
were made. All of this whilst maintaining proper chain of custody and any information pertaining to the acquisition of evidence. (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004). Not only will detailed and meticulous notes help the examiner stay organised, but it will also ensure a thorough investigation, and allow for little questionability regarding the evidence and the information found.
What are the four major steps to completing the processing of digital evidence?
1.
Assessment: Digital evidence should be thoroughly assessed to determine the “course
of action to take” (
Forensic Examination of Digital Evidence: A Guide for
Law Enforcement
2004).
5
Forensic Computer Evidence
2.
Acquisition: “Digital evidence, by its very nature, is fragile and can
be altered, damaged, or destroyed by improper handling or examination” (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004). Duplicates are the best course of action, and the original evidence needs to be preserved. 3.
Examination:
To be able to “extract and analyse digital evidence” (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004). The ‘removal’ and explanation of the data allows it to be put into a useable form for all. Only persons trained in
digital forensics should be conducting examinations on this evidence. 4.
Documenting and Reporting: Actions and thoughts must be documents throughout the entire process. Documentation and reporting of all information found during an investigation is ongoing and will only really stop when the case is closed. It is important to record the steps taken. (
Forensic Examination of Digital Evidence: A Guide for Law Enforcement
2004).
6
Forensic Computer Evidence
References
Forensic Examination of Digital Evidence: A Guide for Law Enforcement. (2004, April). https://www.ojp.gov/pdffiles1/nij/199408.pdf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Related Documents
Related Questions
Question #66: Lamar LLC is in the process of updating its revenues and receivables systems with the implementation of new accounting software. James Loden, Inc. is an independent information technology consultant who is assisting Tamar with the project. James has developed the following checklist containing internal control points that the company should consider in this new implementation:
Will all data entry clerks and accounting personnel have their own PCs with log‐in IDs and password protection?
Will different system access levels for different users be incorporated?
Will customer orders be received via the Internet?
Has the company identified an off‐site alternative computer processing location?
Does the project budget include line items for an upgraded, uninterrupted power source and firewall?
Required: In a two (2) page response, describe the control purpose for each point presented in the case.
arrow_forward
Discussion Question 37: Explain why Benford's Law is useful to auditors in the detection of fraud. (write a one page response for each question):
arrow_forward
Identify the differences between paper-based and digital evidence.
Do you believe that digital evidence can be destroyed? Support your opinion with case references.
Can recreated files, pulled from other sources than the original laptop in this case, hold as evidence in a courtroom case?
arrow_forward
Overview
The story of FTX is another "open and shut" fraud case, this time taking place in the digital world. Completing this activity allows you to continue building your knowledge of how fraud is detected, how evidence is collected, how fraudsters are prosecuted, and how fraud affects those involved.
Prepare
Review the video, The Trial Against Same Bankman-Friend: How Did We Get Here?
Read the following brief case overview:
A federal grand jury in Manhattan returned an indictment charging Samuel Bankman-Fried, aka SBF, 30, of Stanford, California, with wire fraud, conspiracy to commit wire fraud, conspiracy to commit commodities fraud, conspiracy to commit securities fraud, conspiracy to commit money laundering, and conspiracy to defraud the Federal Election Commission and commit campaign finance violations.
In March 2024, FTX co-founder and CEO Sam Bankman-Fried was convicted of 2 counts of wire fraud and five counts of conspiracy after his crypto empire collapsed, defrauding…
arrow_forward
5
Which of the following creates an audit trail that protects both consumers and businesses from fraud, serving as a solution to digital fraud and privacy breaches in various
industries?
Oa. Predictive analytics
Ob. Blockchain
OC. Cookies
d. Big data
Oe. Technology disruption
arrow_forward
Preventing Cybercrime and Identity Theft
Cybercrime and identity theft have become a growing problem in all aspects of society in recent years. Locate an article about cybercrime or identity theft in an organization from one of the types we have discussed in the course (government, not-for-profit organization, healthcare organization, or college or university). Summarize the case of cybercrime or identity theft in your article. What are the risks of these types of crimes to their organization? How can auditing and internal controls help prevent a company from falling prey to cybercrime?
Then, review the examples shared by your peers. What strategies related to auditing and internal controls could you suggest for the organizations they shared?
arrow_forward
AIS James Hall 10th edition chapter 5. What is the answer for internal control cases number 5 the Generators R US (centralized system with distributed terminals)?
arrow_forward
2
arrow_forward
The major objectives of control are
guard against frauds in data entry/processing
check clerical handling of data before it enters a computer
to provide a method to trace the steps and find where error has occurred
automatically correct errors in data entry/processing
Question 17Answer
a.
i and iii
b.
i,ii, iii, iv
c.
i, ii and iv
d.
i, ii, and iii
e.
i only
arrow_forward
Your boss knows that you are taking a fraud examina- tion course at a local university. He is interested in learning more about data-driven fraud detection and asks you to prepare a short memo briefly explaining data-driven fraud detection methods and techniques. 1. List three data analysis methods and techniques and briefly explain them.
arrow_forward
A
arrow_forward
Answer the following from Chapter 7 of the textbook (write a one page response for each question):
Discussion Question 27: Explain how an audit trail might get “lost” within a computerized system.
Discussion Question 37: Explain why Benford's Law is useful to auditors in the detection of fraud.
Discussion Question 41: Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems.
arrow_forward
SEE MORE QUESTIONS
Recommended textbooks for you
Pkg Acc Infor Systems MS VISIO CD
Finance
ISBN:9781133935940
Author:Ulric J. Gelinas
Publisher:CENGAGE L
Related Questions
- Question #66: Lamar LLC is in the process of updating its revenues and receivables systems with the implementation of new accounting software. James Loden, Inc. is an independent information technology consultant who is assisting Tamar with the project. James has developed the following checklist containing internal control points that the company should consider in this new implementation: Will all data entry clerks and accounting personnel have their own PCs with log‐in IDs and password protection? Will different system access levels for different users be incorporated? Will customer orders be received via the Internet? Has the company identified an off‐site alternative computer processing location? Does the project budget include line items for an upgraded, uninterrupted power source and firewall? Required: In a two (2) page response, describe the control purpose for each point presented in the case.arrow_forwardDiscussion Question 37: Explain why Benford's Law is useful to auditors in the detection of fraud. (write a one page response for each question):arrow_forwardIdentify the differences between paper-based and digital evidence. Do you believe that digital evidence can be destroyed? Support your opinion with case references. Can recreated files, pulled from other sources than the original laptop in this case, hold as evidence in a courtroom case?arrow_forward
- Overview The story of FTX is another "open and shut" fraud case, this time taking place in the digital world. Completing this activity allows you to continue building your knowledge of how fraud is detected, how evidence is collected, how fraudsters are prosecuted, and how fraud affects those involved. Prepare Review the video, The Trial Against Same Bankman-Friend: How Did We Get Here? Read the following brief case overview: A federal grand jury in Manhattan returned an indictment charging Samuel Bankman-Fried, aka SBF, 30, of Stanford, California, with wire fraud, conspiracy to commit wire fraud, conspiracy to commit commodities fraud, conspiracy to commit securities fraud, conspiracy to commit money laundering, and conspiracy to defraud the Federal Election Commission and commit campaign finance violations. In March 2024, FTX co-founder and CEO Sam Bankman-Fried was convicted of 2 counts of wire fraud and five counts of conspiracy after his crypto empire collapsed, defrauding…arrow_forward5 Which of the following creates an audit trail that protects both consumers and businesses from fraud, serving as a solution to digital fraud and privacy breaches in various industries? Oa. Predictive analytics Ob. Blockchain OC. Cookies d. Big data Oe. Technology disruptionarrow_forwardPreventing Cybercrime and Identity Theft Cybercrime and identity theft have become a growing problem in all aspects of society in recent years. Locate an article about cybercrime or identity theft in an organization from one of the types we have discussed in the course (government, not-for-profit organization, healthcare organization, or college or university). Summarize the case of cybercrime or identity theft in your article. What are the risks of these types of crimes to their organization? How can auditing and internal controls help prevent a company from falling prey to cybercrime? Then, review the examples shared by your peers. What strategies related to auditing and internal controls could you suggest for the organizations they shared?arrow_forward
- AIS James Hall 10th edition chapter 5. What is the answer for internal control cases number 5 the Generators R US (centralized system with distributed terminals)?arrow_forward2arrow_forwardThe major objectives of control are guard against frauds in data entry/processing check clerical handling of data before it enters a computer to provide a method to trace the steps and find where error has occurred automatically correct errors in data entry/processing Question 17Answer a. i and iii b. i,ii, iii, iv c. i, ii and iv d. i, ii, and iii e. i onlyarrow_forward
- Your boss knows that you are taking a fraud examina- tion course at a local university. He is interested in learning more about data-driven fraud detection and asks you to prepare a short memo briefly explaining data-driven fraud detection methods and techniques. 1. List three data analysis methods and techniques and briefly explain them.arrow_forwardAarrow_forwardAnswer the following from Chapter 7 of the textbook (write a one page response for each question): Discussion Question 27: Explain how an audit trail might get “lost” within a computerized system. Discussion Question 37: Explain why Benford's Law is useful to auditors in the detection of fraud. Discussion Question 41: Explain the necessity for performing substantive testing even for audit clients with strong internal controls and sophisticated IT systems.arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
- Pkg Acc Infor Systems MS VISIO CDFinanceISBN:9781133935940Author:Ulric J. GelinasPublisher:CENGAGE L
Pkg Acc Infor Systems MS VISIO CD
Finance
ISBN:9781133935940
Author:Ulric J. Gelinas
Publisher:CENGAGE L