Module 5 Assignment

.docx

School

Florida Memorial University *

*We aren’t endorsed by this school

Course

508

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

7

Uploaded by diondreanixon04

Report
Diondrea Nixon St. Thomas University Professor Beyene November 19, 2023 Module 5 Assignment Chapter 13 Exercises 1. Define computer forensics. Computer forensics is the specialized field of forensic science that involves analyzing electronic data to recover, preserve, and present information for solving technology-based crimes. It plays a crucial role in investigating financial fraud and other illicit activities involving computers. In the context provided, it emphasizes the shift from traditional paper-based evidence to electronic evidence and highlights the importance of understanding how computer evidence is collected and analyzed in forensic investigations. The example involving Harry Towns illustrates the practical application of computer forensics in uncovering the true perpetrator of financial fraud through the analysis of digital evidence. 3. List where some electronic evidence may be found of a crime. Electronic evidence of a crime may be found in the following locations: 1. Employer-owned Personal Computers (PCs) and Mainframes: These are likely to contain evidence if they are the target of a criminal attack or used as tools to commit a crime. 2. Employees' Personal Laptops: Personal laptops belonging to employees may contain evidence if they are used in connection with criminal activities. 3. Company's Network: The overall network infrastructure of the company, including servers and connected devices, may store electronic evidence. 4. Personal Data Assistants (PDAs): Portable electronic devices like PDAs may contain relevant evidence. 5. Blackberries, Digital Cameras, Pagers, iPads: Various electronic devices owned or used by employees within the organization could potentially store evidence. 6. External Drives, Dongles, Memory Sticks: External storage devices and security devices connected to computers may contain evidence. 7. Scanners, Floppy Disks, Smart Cards: Various electronic peripherals and storage media may hold relevant data. 8. Cell Phones: Personal and company-issued cell phones may store evidence related to criminal activities.
9. Web Servers in External Networks: Servers located in external networks that are part of the company's infrastructure may contain electronic evidence. 4. Summarize the guidelines SAS No. 31 provides for auditors. SAS No. 31 focuses on providing guidance for audits involving significant electronic information, addressing the need for testing controls, the definition of evidential matter encompassing electronic information, and the consideration of time sensitivity in handling electronic evidence. The additional guidance in ITA further enhances the auditor's approach to electronic evidence in the context of entries processing, maintenance, or access. 6. Discuss any three of the technical skills needed for working with digital evidence collection. Understanding of Various Operating Systems: The auditor or accountant involved in digital evidence collection must have a basic familiarity with different operating systems (OSs) such as Windows 8 or 10, Android, or iOS. This knowledge is essential for conducting a preliminary review of electronic financial data across different platforms. The ability to navigate various OSs and understand their network file architecture is crucial for locating pertinent files during an investigation. Quickly Identifying Pertinent Digital Data: In the event of an expanded investigation or fraud suspicions, the investigator must know how to perform a read-only search that does not alter the data. Time constraints may require the prioritization of the most volatile data, such as cached data, which needs to be collected first. The investigator should be aware of the rapid changes in technology, such as increasing RAM sizes, and adapt their strategies for efficiently identifying and collecting relevant electronic evidence. Properly Preserving Data: Preservation of date and timestamps within files is essential for analyzing potential financial fraud. The investigator needs to have a basic familiarity with OS timestamp and data protocols. Understanding how to preserve this information is crucial, as it shows when changes to files were made, aiding in the identification of those responsible for the changes. The skill set includes the ability to ensure the integrity of the data and prevent unintentional alterations during the investigation. 7. From the Internet, determine the use of these software tools: a. Nmap. b. John the Ripper. c. TCPDump. d. Tripwire. e. THC – Scan
a. Nmap (Network Mapper): Nmap is a versatile open-source tool primarily used for network discovery and security auditing. Security professionals deploy Nmap to map a network, identify open ports, discover services running on those ports, and determine the operating system of target systems. Its capabilities make it an essential tool for vulnerability assessment and penetration testing. b. John the Ripper: John the Ripper is a password cracking tool widely employed to test the strength of passwords by attempting to crack password hashes. Security experts use it for both offline and online password cracking, helping assess the vulnerability of systems to password- related attacks and encouraging the implementation of robust password policies. c. TCPDump: TCPDump is a packet analyzer utilized for capturing and displaying TCP/IP packets in a network. It serves as a valuable tool for network troubleshooting, analysis, and debugging. Security professionals leverage TCPDump to capture network traffic, enabling them to identify potential security threats, detect malicious activities, and assess overall network health. d. Tripwire: Tripwire is an integrity checking and intrusion detection system that monitors changes to specified files and directories on a system. It plays a crucial role in maintaining system integrity by alerting administrators to unauthorized modifications, helping detect security breaches or potential threats to the system's stability. e. THC-Scan (The Hacker's Choice Scan): THC-Scan is a network security assessment tool designed for scanning networks and uncovering vulnerabilities. Security professionals use it to detect service versions, perform banner grabbing, and conduct vulnerability scanning. THC-Scan aids in identifying potential weaknesses in a network, assisting organizations in strengthening their security posture against potential cyber threats. 11. Describe COBIT’s goals. COBIT, or Control Objectives for Information and Related Technologies, has several key goals. It aims to establish effective IT control practices, align IT controls with regulatory requirements like Sarbanes-Oxley, reduce high-tech fraud risks in networked environments, provide a framework for IT audits, and emphasize the continuous monitoring of internal control effectiveness, particularly in the context of financial reporting. COBIT's overarching objective is to ensure that information technology supports organizational goals and contributes to robust governance and risk management. 13. Can deleted files always be recovered? Explain your answer. Deleted files can often be recovered using forensic tools like Encase. When a file is deleted, it is not immediately removed from the storage device; instead, the space it occupies is marked as available for new data. Until that space is overwritten by new information, the deleted file's content remains recoverable. Forensic software, such as Encase, captures a read-only image of the entire hard drive, including deleted files. This process allows investigators to reconstruct the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help