This document discusses the concepts of forensics for information technology. It defines forensics for IT as the process of acquiring, analyzing, and reporting digital evidence from IT devices like computers, phones, and networks. The document outlines the role of forensics for IT in supporting crime investigations involving complex information systems. It also describes the common process and steps, techniques and tools, and key issues in forensics for IT like developing laws and guidelines for new technologies and anti-forensics methods. Finally, it discusses the integration of forensics for IT with auditing to improve investigation efficiency.

1. Concepts on Forensics for Information Technology ACC 626 Slidecast

2. What is Forensics for IT? Computer forensics and Digital Forensics Computer Forensics – 80s-90s Unformat, undelete, diagnose and remedy Essentially data retrieval from computers to obtain evidence Digital Forensics Scientific methods to reconstruct events or anticipate unauthorized actions (DFRWS) preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence(DFRWS) Applies to all digital sources, i.e not limited to computers

3. What is Forensics for IT? Forensics for IT? Many other IT devices capable of processing and storing data Computer forensics does is no longer an appropriate term It is the “process of acquiring, analyzing and reporting digital evidence” from information technology devices, this such as: computers, cellular phones, storage devices, networks, etc..(Lewis 2008)

4. What is Forensics for IT? Role and Application Applicable and necessary in 3 types of cases Crimes where IT is incidentally involved Crimes where IT is the enabler Crimes against IT systems to support crime investigations which involve the complexity of information systems (Gottschalk) Presented in “e-discovery”

5. What is Forensics for IT? Process and Steps

6. Techniques and Tools IT Forensic Techniques Search Techniques Manual vs. automated Search customization Reconstructive Techniques Log files analysis System files analysis

7. Techniques and Tools IT Forensic Tools and Software Industry standard tools – Encase Specialist tools – FATkit Open source designed tools Software developed to react rather than anticipate Forensics tools for mobile devices and tablets

8. Key Issues The Digital Evidence and the Legal Environment Laws not written with digital evidence and IT crime scene in mind Criminals are creating new ways to conduct IT enabled crime and to attack IT systems Legal rights and privacy laws are sensitive in IT investigations

9. Key Issues Research and Development Rapid development of technology Data and file formats VOIP, P2P, Outsourcing, portable storage, the cloud Lack of direction in development of IT Forensics No guidelines and strategy Need taxonomy, best practices and clear standards

10. Key Issues Anti-forensics and Tools Traditional techniques Artefact wiping Data overwriting Data hiding Advanced techniques Footprint minimization Exploitation of bugs in forensic software Detection of IT forensic tools

11. Forensics for IT and Auditing Integration between the two Audit information can lead to investigation efficiency “IT audit procedures can help facilitate an understanding of both the computing environment and corresponding controls” (Lombe) Ex. Terminated employee, existence of backups

12. Thank You