Upload
leduong
View
228
Download
0
Embed Size (px)
Citation preview
Outline
Recent Computer Crime Cases
What is Computer Crime Forensics
Types of Computer Related Crimes
Relevance of Forensic in Organizations
Modalities for Computer Forensic Examination
Challenges in Computer Crime Forensics
End Results of Forensic Reviews
Forensic Reviews & Litigation Support
Combating Computer Crimes
What is Computer Crime Forensics
Computer Crime is any illegal act for which knowledge of
computer technology is essential for its Perpetration,
Investigation, Prosecution.
Prevalent due to increased used and dependency on computers
and other technological gargets to support
business/government/individual processes.
Laptops/Computers/Smartphones/Servers/PDAs/Tablets
Software/Applications – EBS (Oracle/SAP/OS
Networks and internet (GSM)
Data/Information – (Client Data, Financial Data, Cloud)
What is Computer Crime Forensics (cont)
Fraudsters exploits/applies these technologically advance tools
to commit fraud.
Individuals, Governments and Organizations with some of value
are targets
Computer criminals are becoming more organized and
determined
Containment analysis and eradication should be accomplished
immediately computer crime is reported
Types of Computer Related Crimes
Unauthorized access.
Exceeding authorized access.
Intellectual property theft or misuse of information.
Pornography.
Theft of services.
Forgery.
Property theft (e.g., computer hardware and chips).
Invasion of privacy.
Denial of services.
Manipulation of software applications.
Viruses.
Sabotage (i.e., data alteration or malicious destruction).
Extortion.
Embezzlement.
Espionage.
Terrorism.
Relevance of Forensic in Organizations
1. Increased dependency on IT to support business
government processes
2. Ineffective IT Governance (PPPs/SODs/DOAs)
3. Regulatory Requirements (Banks etc.)
4. Security/Control/Compliance not at same pace with
Technological advancement and development
5. Determination of computer criminals
6. Potential losses or Reputational Damage
Modalities for Computer Forensics (1)
Planning the forensic Examination
• Scoping & Scope Limitation
• Identify IT resource or systems being reviewed
• Determine period of relevance
• Decide specialist help required
• Identify all person possibly involved
• Identify standards/policies/framework applicable
• Objective
• Recommendation to improve process/strengthen controls
• Determine loss or damage suffered
• Evidence Handling and retention
• Chain of evidence - accountability and protection
• Evidence life cycle (identify, collect, store, preserve, transport, present in court and
return to owner)
Modalities for Computer Forensics (2)
Execution
• Literature review of the incident
• Interviewing (obtain written statements & also record)
• Confessions
• Evidence gathering
• Involves Data Analysis, Data Mining, Tracing, Simulation,
texts, confirmations, extracts, imaging, copying,
reconstruction.
• Could be Direct, real, documentary, and demonstrative
• Documentation of modus operation
• Perform root cause analysis – to identify
control/process weaknesses/absence
Modalities for Computer Forensics (3)
Reporting
2 Types of Forensic Reports
• Preliminary report
• Long form or detail report
Content of Forensic Long Form Report
• Distribution List
• Executive summary
• Introduction and Background
• Objective and Scope
• Scope Limitation and Subsequent Events
• Procedures Performed
• Detailed findings
• presentation of interview statement
• Presentation of evidence obtained
• Professional opinion from contrasting
• hjkk
Modalities for Computer Forensics (4)
Content of Forensic Long Form Report (cont.)
• Modus operandi
• Root Causes
• Recommendations
• Conclusion
• Acknowledgement
• Recommendation Implementation Plan
Challenges in Computer Crime Forensics
Lack of traditional paper audit trail
Require understanding of the technology used in
committing the crime
May require use of more than one specialist to assist
the forensic examiner
Legal developments lags behind technological
advancement
Lack of experts and specialist
End Results of Forensic Reviews
Produce forensic report to management
• Determination of loss suffered or recoveries made
• HR disciplinary action
• Recommendations for Control/Process Improvement
Articulate evidence to support criminal prosecution
• Modus operandi
• Evidence of compromised IT resources (unauthorized access)
• Articulate losses/damages suffered
• Expert witness testimony
Forensic Reviews & Litigation Support
Criminal law identifies a crime as being a wrong against society
Prosecution aims at punishing the offender to serve as a deterrent
against future crime
Judge must believe beyond reasonable doubt, that the offender is
guilty of the offense under a law
Forensic examination must articulate demonstrative evidence to
prove guilt of the offender
Litigation Support
• Coaching/prepping by prosecuting legal team
• Expert witness
• Simple testimony in laymen's terms
• Good knowledge of sections of criminal code/relevant laws applicable under the
circumstances
Combating Computer Crimes
Preventive Approaches
• Fraud Awareness Training
• Tone at the top – (shared Ethics & Values)
• Whistleblower/Hotlines
• Staff background checks
• SODs
• Tools & techniques (Encryption, Customer Validation, internal network security,
firewalls)
Detective Approaches • Fraud Risk Assessment to improve controls (show framework)
• Surprise & Periodic audits
Combating Computer Crimes
Recent Development in Ghana to Combat computer
crimes
• Legal framework – e.g. AML Act, Data Protection Act)
• Specialized Units in the Security Agencies
• Immergence of Anti-Fraud Units in Organization
• Regulatory Requirements (Basel 3, SOX, King III)