Elizabeth Sheldon is a director of Evidence Talks, One of the most highly regarded computer forensics consultancies in the UK, Evidence Talks lead the way with unique solutions to some of the problems faced by industry today. More information visit- evidencetalks.com
When faced with staff accused of abusing computer systems, have you got adequate procedures for collecting, preserving and presenting the evidence?
It’s a fairly safe bet that, in the past, you will have had to take action against someone accused of a breach of company policy with respect to their use of the organisations computer systems. There are two idioms that every corporate security officer lives by: "A backup is only as good as the last restore" and "Prevention is better than cure". In a perfect world there would be no computer failures, no lost data and certainly no abuse of computer systems. Unfortunately, we don't live in a perfect world and we have to face the very real prospect that corporate computer systems are woefully vulnerable to misuse and abuse.
"Computer abuse" is a phrase covering a multitude of sins, quite literally, from games playing to fraud, hacking and virus writing through inappropriate downloads and internet activity. The detection of such abuse falls squarely on the shoulders of the audit and security departments of any organisation, supported by adequate policy and procedures.
So, what exactly is "forensic auditing"? There are really two main components of the function, audit and computer forensics, which have the following primary aims:
- Detection of potential abuse
- Protection of the proof
- Adducing qualified evidence
- Presentation of the evidence
It may sound trite but in order to detect abuse within computer systems you must be looking for the right things. This where the audit role comes in. By using appropriate audit tools combined with a strategy to suit the organisation which is backed by well designed policy and procedures, it is remarkable easy to spot abuse of all kinds simply by viewing the audit data in the right way.
Most organisations fail to reap the true benefits of PC audit simply because they are focussed on the two gods of "asset management" and "corporate compliance". Using the right tools, the process of audit can reveal much more about an organisation than that. For example, while performing a PC audit it is possible to collect the contents of the internet browser cache found on all internet ready machines. Using one of the many cache browsers available, it is then a simple task to review the copied data to establish potential transgressions of corporate internet policy.
One such audit on 2000 computers took place with a view to establishing the presence of any "undesirable" image files. The results were shocking. Over 210,000 images were found, of which approximately 25% were questionable. Existing audit data was used, that had been collected during a licence compliance audit and the whole analysis added just 4 man days to the audit project.
From the clients perspective, this was a cost exercise but one which was extremely valuable. In fact, not only image files found, but also a range of undesirable software including copies of PGP (Pretty Good Privacy) where it was not appropriate for encryption to be used, mobile phone cloning software, Sky card cracking software and much, much more!
What was even more surprising was the fact that not only did the above organisation have a reasonable security policy and working set of procedures in place but they also believed that had things under control.
While the above case serves to illustrate the "hidden" power and value of audit data, it also begs the question of what action to take if (or when) you are faced with the knowledge that there is serious abuse within your systems. This is where the forensics part of forensic auditing comes in.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Obtaining Clues by Using Handled Digital Forensics
- Digital Forensics for Private Investigators
- Computer Forensics Expert - An Ideal Career Option
- Dealing With Computer Abuse Without Digging Bigger Holes!
- An Introduction to Computer Forensics
- Divorce and Computer Evidence
- Computer Forensics - a Brief Introduction
- Computer Forensics as a Way of Investigation
Variations Of Sonic Games Available In The Web
By: Gen Wright | 03/12/2009Loyal followers call him the Blue Blur; his creators have named him as Sonic the Hedgehog. But Sonic is forever popular. The interest in this character is only increasing day by day.
A Few Words About The Sonic Team
By: Gen Wright | 02/12/2009The Sonic Team are video game developers based in Tokyo, Japan. They were previously called by the name Sega AM8 but today the Sonic Team division based in Japan is often called G.E. Department Global Entertainment.
Enjoy The Unique Experience Of Playing Sonic Games Online
By: Gen Wright | 02/12/2009And even 18 years after it was first launched Sonic games have managed to maintain their popularity among both youngsters and adults, who even today prefer these games over any other.
A Brief Look At The Future Of Sonic Games
By: Gen Wright | 02/12/2009Sonic games are one of the best games available online. It is a popular games played online. It is liked by almost every one of all age groups.
Exploring The Various Aspects Of Sonic Games
By: Gen Wright | 02/12/2009Sonic games have been ruling the gaming world for over 18 years now and still their appeal is as fresh as it was when they were launched for the first time in 1991. While many aspects of the game have remained unchanged over the years there are features that have undergone significant changes.
The Internet Revolution Of Flash Sonic Games
By: Gen Wright | 02/12/2009Sonic games were introduced by Sega in an 8-bit version but grabbed much publicity and fame when it switched over to 16-bit. Now the dying hard fans of Sonic Games and the blue blur character- Sonic the hedgehog, can enjoy the playing moments online for free.
MLM Marketing Best Way to Find Good MLM Prospects
By: Terry Wg | 24/11/2009Get more tips on how to find good MLM prospects to build your MLM downline for MLM business success.
When a Laptop Adapter Is Not Working
By: Rainco | 23/11/2009If you cannot find a brand and model-specific replacement adapter for your computer, it may be possible to purchase a universal adapter, which includes multiple, interchangeable tips. You will need to find one that matches your original adapter's wattage, and it should also include a matching or switchable voltage output.
Top 10 Ways People Damage Evidence
By: Elizabeth Sheldo | 03/08/2009 | SecurityTurning the computer on affects the swap file and registry as well as the list of most recently used documents. Investigating emails with an email client carries a host of potential dangers. Failing to either make a forensic image of the hard drives of staff when they leave, or replace the hard drive.
Showing Your Hand
By: Elizabeth Sheldo | 10/06/2009 | Computer ForensicsHaving imaged and analysed the suspects computer disks and found the evidence all that remains is the process of presenting that evidence for use in any criminal, civil or disciplinary hearings.
Evidentially Sound Advice
By: Elizabeth Sheldo | 10/06/2009 | Computer ForensicsThe key role of computer forensics is the protection, adducing and presentation of evidence, in that order. In all abuse cases, protection of the evidence is both critical and central to the organisations ability to investigate and take action against the abuser.
Dealing With Computer Abuse Without Digging Bigger Holes!
By: Elizabeth Sheldo | 10/06/2009 | Computer ForensicsExisting audit data was used, that had been collected during a licence compliance audit and the whole analysis added just 4 man days to the audit project.
Customize Your Own T-Shirt From Promopays.Ca
By: Elizabeth Sheldo | 10/06/2009 | Customer ServiceThe screen printed t-shirts available at this company are made using state of the art techniques and break through technologies to deliver the customers promotional t-shirts of their choice.