Embed Size (px)
Citation preview
Computer Forensics Computer Forensics andand
Information Systems AuditingInformation Systems Auditing
A presentation to ISACA Kampala ChapterA presentation to ISACA Kampala ChapterBy Isaac Kayemba, CISA, By Isaac Kayemba, CISA, EnCEEnCE
Presentation outlinePresentation outline
Computer Forensics DefinedComputer Forensics DefinedApplication of Computer ForensicsApplication of Computer ForensicsComputer Forensics RequirementsComputer Forensics RequirementsLegal Framework impacting on Legal Framework impacting on
Computer Forensics in Uganda.Computer Forensics in Uganda.Link between Computer Forensic and Link between Computer Forensic and
IT/IS AuditingIT/IS Auditing
Computer Forensics DefinitionComputer Forensics Definition
ComputerComputer forensicsforensics isis thethe processprocess ofofextractingextracting informationinformation andand datadata fromfrom digitaldigitalstoragestorage mediamedia usingusing courtcourt validatedvalidated toolstoolsandand technologytechnology andand provenproven forensicforensic bestbestpracticespractices toto establishestablish itsits accuracyaccuracy andandreliabilityreliability forfor thethe purposepurpose ofof reportingreporting onon thethesamesame asas evidenceevidence.. (ISACA(ISACA guidelines)guidelines)
Definition (cont)Definition (cont)What Constitutes Digital Evidence?What Constitutes Digital Evidence?
•• Any information being subject to human Any information being subject to human intervention or not, that can be extracted intervention or not, that can be extracted from a computer.from a computer.
•• Must be in humanMust be in human--readable format or readable format or capable of being interpreted by a person capable of being interpreted by a person with expertise in the subject.with expertise in the subject.
Definition (cont)Definition (cont)•• Computer Forensics ExamplesComputer Forensics ExamplesRecovering thousands of deleted Recovering thousands of deleted
emailsemailsPerforming investigation post Performing investigation post
employment employment terminationterminationRecovering evidence post formatting Recovering evidence post formatting
hard drive hard drive Performing investigation after multiple Performing investigation after multiple
users had taken over the systemusers had taken over the system
Who Uses Computer Forensics?Who Uses Computer Forensics?•• Criminal ProsecutorsCriminal ProsecutorsRely on evidence obtained from a computer to Rely on evidence obtained from a computer to
prosecute suspects and use as evidence.prosecute suspects and use as evidence.•• Civil LitigationsCivil LitigationsPersonal and business data discovered on a Personal and business data discovered on a
computer can be used in fraud, divorce, computer can be used in fraud, divorce, harassment, or discrimination cases.harassment, or discrimination cases.
•• Private CorporationsPrivate CorporationsObtained evidence from employee computers Obtained evidence from employee computers
can be used as evidence in harassment, fraud, can be used as evidence in harassment, fraud, and embezzlement casesand embezzlement cases
Who Uses Computer Forensics? (cont)Who Uses Computer Forensics? (cont)
•• Law Enforcement OfficialsLaw Enforcement OfficialsRely on computer forensics to backup Rely on computer forensics to backup
search warrants and postsearch warrants and post--seizure handlingseizure handling
•• Individual/Private CitizensIndividual/Private CitizensObtain the services of professional Obtain the services of professional
computer forensic specialists to support computer forensic specialists to support claims of harassment, abuse, or wrongful claims of harassment, abuse, or wrongful termination from employmenttermination from employment
Computer Forensic RequirementsComputer Forensic Requirements•• HardwareHardwareFamiliarity with all internal and external Familiarity with all internal and external
devices/components of a computerdevices/components of a computerThorough understanding of hard drives Thorough understanding of hard drives
and settingsand settingsUnderstanding motherboards and the Understanding motherboards and the
various chipsets usedvarious chipsets usedPower connectionsPower connectionsMemoryMemory
Computer Forensic Requirements (cont)Computer Forensic Requirements (cont)•• BIOSBIOS
oo Understanding how the BIOS worksUnderstanding how the BIOS worksoo Familiarity with the various settings and Familiarity with the various settings and
limitations of the BIOSlimitations of the BIOS
•• Operation SystemsOperation SystemsooWindows,95/98/ME/NT/2000/2003/XP/VISTA/7Windows,95/98/ME/NT/2000/2003/XP/VISTA/7ooDOSDOSoo UNIX,LINUXUNIX,LINUXooMACMAC
Computer Forensic Requirements (cont)Computer Forensic Requirements (cont)
•• SoftwareSoftwareoo Familiarity with most popular software Familiarity with most popular software
packages such as Office.packages such as Office.•• Forensic ToolsForensic Tools
oo Familiarity with computer forensic Familiarity with computer forensic techniques and the software packages techniques and the software packages that could be usedthat could be used
Legal Frame work Legal Frame work Uganda's Parliament passed into law the following bills.Uganda's Parliament passed into law the following bills.•• electronic transactions bills electronic transactions bills •• electronic signature bills.electronic signature bills.•• The computer miss use billThe computer miss use bill
ImplicationsImplications•• There is now going to be legal recognition for some of There is now going to be legal recognition for some of
the things we already do electronically,the things we already do electronically,•• the new laws will allow prosecution of the new laws will allow prosecution of
cyber/computer related crimes cyber/computer related crimes •• Computer Forensic Investigations shall gain Computer Forensic Investigations shall gain
prominenceprominence
Computer Forensics and IT/IS AuditingComputer Forensics and IT/IS Auditing
•• ISACA recognises the area of computer ISACA recognises the area of computer forensics and thus provides for it in its forensics and thus provides for it in its guidance for the performance of IT Auditsguidance for the performance of IT Audits
Refer to:Refer to:The ISACA The ISACA ‘IT Standards, Guidelines, and ‘IT Standards, Guidelines, and Tools and Techniques for Audit and Tools and Techniques for Audit and Assurance and Control Professionals’ Assurance and Control Professionals’ (G28 , (G28 , Computer Forensics)Computer Forensics)
Thank you......
....very Much
