Breaches of data, attacks through hacking, viruses, as well as insider threats, are some of the main security concerns that a majority of organizations has to face regularly. Though most of these organizations have implemented many of the standard security measures, such as firewalls and software to detect any unauthorized intrusion, the use of computer forensics has been growing in popularity, especially in regards to the internal audit industry. Yet, despite the growing popularity that exists, a significant amount of internal auditors are not aware of the benefits that the use of computer forensics can bring in terms of audit investigations. In order to understand its benefits, one has to adhere to certain evidence-gathering standards, as well as to deal with many of the issues that define most Fraud Investigation cases.
Computer forensics itself is based upon applying various analytical techniques on digital media, usually when a computer security incident has been detected. The goal of computer forensics is to determine the scope of the security breach, and who the perpetrator was through an investigation, just as in a real, physical crime scene. The actual forensic investigation encompasses a multitude of areas of computer security, including internet abuse, pornographic websites, hacking, and fraud schemes. In addition, it also includes data alterations, both intentional and accidental.
There are many ways in which evidence during the forensic investigation can be gathered. These include through search warrants, affidavits, expert testimony, and depositions. The important aspect though is that the computer device is examined thoroughly without accidentally destroying any evidence. Just as during a crime scene, forensic investigators are careful not to destroy any physical evidence, so too must the same mentality exist in computer forensics. This is necessary in order to preserve the credibility of the evidence and the data alterations that were discovered.
If fraud is suspected by the internal auditor, then the first step is to make sure that an "incident detection" form is filled out in which the suspected fraud is stated. This document has to be very detailed. As it must include the date and time of the incident, the person reporting it, the actual nature of it, and what hardware and software was compromised. After filling out and submitting the proper form, the security consultant/IT auditor needs to make sure that the appropriate department heads, including the director of IT and human resources, are fully briefed about the situation. However, one aspect to note is that this process is often determined by the company's laid-out process for this situation. In order to ensure efficiency, a company must make sure that their policies and procedures are both clear and detailed. This preparation will allow for the reporting of the breach of security to be done both efficiently and rapidly, with a clear chain of command.
Gathering the Evidence
There are three main parts in a forensic analysis, which are gathering the evidence, analyzing it, and reporting of the results of the investigation. The first part, gathering the evidence, is defined as being the process through which evidence is secured or obtained through previewing the data contained in the computer's hard drive. In order to make sure that all of the data is properly obtained, the actual hard drive must be exactly copied. All of the information contained in it, no matter how mundane it may seem, must be copied. What determines how long this process takes is the size of hard drive and the speed of the network which the organization utilizes. Oftentimes, a second hard drive is used when the first one isn't completely secured. This allows for the forensic investigator to make sure that the data isn't still being altered.
After assurances that the data isn't still being comprised and...
Please join StudyMode to read the full document