1 / 21

Education Across the Nation 1 st Quarter 2005

Education Across the Nation 1 st Quarter 2005. Business Computing Forensics. Jo Stewart-Rattray. Education Across the Nation. The EdXN seminar series provides topical issues quarterly, in free to Member Forums. This presentation will be available on the ACS website

Olivia
Download Presentation

Education Across the Nation 1 st Quarter 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Education Across the Nation 1st Quarter 2005 Business Computing Forensics Jo Stewart-Rattray

  2. Education Across the Nation • The EdXN seminar series provides topical issues quarterly, in free to Member Forums. • This presentation will be available on the ACS website • Members earn Practising Computer Professional (PCP) points for attending EdxN.

  3. Defining Computer Forensics • Forensic means to use in court. • Computer forensics is the collection, preservation, analysis and in some cases, the court presentation of computer-related evidence which has either been generated by a computer or has been stored on computer media.

  4. What’s it all about then? • “…Computer forensics is not solely about computers. It is about the rules of evidence, legal processes, the integrity and continuity of evidence, the clear and concise reporting of factual information to a court of law, and the provision of expert information concerning the provenance of that evidence. “ Marcella & Greenfield

  5. Why do we need Forensics? • Computer crime is escalating! • Australia is becoming a more litigious society • Employment issues • Contract disputes • Management decisions are challenged by shareholders

  6. Computer Forensics – the Beginning • In 1984 in the FBI laboratory where programs were developed to assist in examining computer evidence. • Soon after the FBI established the Computer Analysis Response Team (CART) • By 1995 48% of US Government law enforcement agencies had computer forensics labs

  7. Some other Startling Stats • Companies will generate 17.5 trillion electronic documents this year • The worldwide internet population is 349 million • 12 Gb of printed text would create a stack of paper 24 stories high!

  8. The Dimension of the Problem • 85% of respondents to Computer Security Institute Computer Crime Survey detected security breaches in the past 12 months • 64% of respondents reported financial losses including theft of information, financial fraud, system penetration, data or network sabotage and denial of service attacks.

  9. What Constitutes Digital Evidence? • Digital evidence is any information whether subject to human intervention or not, that can be extracted from a computer. • Digital evidence must be in human-readable format or able to be interpreted by a person who is skilled in the area. Computer programs may be used to assist in gathering the information.

  10. Computer-assisted Crimes Computer assisted crime includes a range of activities including: • Theft • Extortion • Fraud: telephone, securities, government • Industrial espionage • Intellectual property breaches • Unauthorised use of personal information

  11. Workplace Issues that may require Forensic Capability • The spy and the typewriter ribbon • The old porn in the proposal trick • Selling company bandwidth • Wrongful dismissal claims • Defending corporate decision making processes

  12. Handling Digital Evidence • “IT evidence is a tool to confirm or deny the reality of a given set of purported facts and under Australia’s adversarial system of law, it allows organisations to protect themselves by: • Taking action against those causing or facilitating damage; • Referring such action to the relevant authorities; or • Protecting themselves from litigation.”

  13. Handling Evidence Images • Investigators take an image of the information in question regardless of the kind of device that it may be stored on. Investigators rarely use the actual machine and information in order to preserve it as even logging into a system can be enough to change or destroy certain vital information such as date stamps etc.

  14. Handling Originals • “In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and implications of their actions.” Association of Chief Police Officers, UK

  15. Handling Evidence • If evidence is not handled according to best practice guidelines it is possible for its evidentiary weight to be changed therefore making it less valuable or perhaps even unusable in a court proceeding.

  16. Chain of Custody • “Organisations must be able to identify who has access to a particular electronic record at any given time from collection, to creation of an evidence image to presentation as evidence.” Standards Australia HB 171

  17. In summary… • The moral of this story and indeed to forensic evidence collection, analyses and presentation is ‘when in doubt, call in an expert’ in order to preserve and protect the validity of the evidence which in turn may preserve the reputation of your organisation.

  18. Question Time • Facilitated by Branch Contact

  19. EdxN • Business Computer Forensics, as discussed in this Education Across the Nation session, is included in the ACS Certification Program. • To learn more call 1800 671 003 and discuss: • Technology Trends • Business, Legal and Ethical Issues

  20. Vote of Thanks • Facilitated by Branch Contact

  21. Evaluation Form Now • Please complete your evaluation forms. Your response will assist in planning future forums and tell ACS what topical issues are relevant to Members. • Thank you.

More Related