2. What is Forensics for IT? Computer forensics and Digital Forensics Computer Forensics – 80s-90s Unformat, undelete, diagnose and remedy Essentially data retrieval from computers to obtain evidence Digital Forensics Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS) preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS) Applies to all digital sources, i.e not limited to computers
3. What is Forensics for IT? Forensics for IT? Many other IT devices capable of processing and storing data Computer forensics does is no longer an appropriate term It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)
4. What is Forensics for IT? Role and Application Applicable and necessary in 3 types of cases Crimes where IT is incidentally involved Crimes where IT is the enabler Crimes against IT systems to support crime investigations which involve the complexity of information systems (Gottschalk) Presented in “e-discovery”
6. Techniques and Tools IT Forensic Techniques Search Techniques Manual vs. automated Search customization Reconstructive Techniques Log files analysis System files analysis
7. Techniques and Tools IT Forensic Tools and Software Industry standard tools – Encase Specialist tools – FATkit Open source designed tools Software developed to react rather than anticipate Forensics tools for mobile devices and tablets
8. Key Issues The Digital Evidence and the Legal Environment Laws not written with digital evidence and IT crime scene in mind Criminals are creating new ways to conduct IT enabled crime and to attack IT systems Legal rights and privacy laws are sensitive in IT investigations
9. Key Issues Research and Development Rapid development of technology Data and file formats VOIP, P2P, Outsourcing, portable storage, the cloud Lack of direction in development of IT Forensics No guidelines and strategy Need taxonomy, best practices and clear standards
10. Key Issues Anti-forensics and Tools Traditional techniques Artefact wiping Data overwriting Data hiding Advanced techniques Footprint minimization Exploitation of bugs in forensic software Detection of IT forensic tools
11. Forensics for IT and Auditing Integration between the two Audit information can lead to investigation efficiency “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe) Ex. Terminated employee, existence of backups