Open Access. Powered by Scholars. Published by Universities.®
- Keyword
-
- Steganography (2)
- ADSL router; manuals; quick start guide; network security; wireless (1)
- Accounting education (1)
- Accounting information systems (1)
- Afterglow (1)
-
- Audit trails. (1)
- Auditing (1)
- Bluetooth hacking (1)
- Child pornography (1)
- Computer Forensics (1)
- Continuous assurance (1)
- Continuous audit (1)
- Correlation (1)
- Cyber crime (1)
- Cyber law (1)
- Cybercrime (1)
- Data Structures (1)
- Defence in depth (1)
- Digital Examiner (1)
- Digital Forensics (1)
- Enterprise system (1)
- Evidence analysis (1)
- File artifact detection (1)
- Financial reporting. (1)
- Firmware (1)
- Forensic accounting (1)
- Forensic audits (1)
- Forensics (1)
- Forms-based computing (1)
- Fraud detection (1)
Articles 1 - 30 of 32
Full-Text Articles in Law
Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman
Continuous Fraud Detection In Enterprise Systems Through Audit Trail Analysis, Peter J. Best, Pall Rikhardsson, Mark Toleman
Journal of Digital Forensics, Security and Law
Enterprise systems, real time recording and real time reporting pose new and significant challenges to the accounting and auditing professions. This includes developing methods and tools for continuous assurance and fraud detection. In this paper we propose a methodology for continuous fraud detection that exploits security audit logs, changes in master records and accounting audit trails in enterprise systems. The steps in this process are: (1) threat monitoringsurveillance of security audit logs for ‘red flags’, (2) automated extraction and analysis of data from audit trails, and (3) using forensic investigation techniques to determine whether a fraud has actually occurred. We …
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Journal of Digital Forensics, Security and Law
This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.
The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth
The Impact Of Hard Disk Firmware Steganography On Computer Forensics, Iain Sutherland, Gareth Davies, Nick Pringle, Andrew Blyth
Journal of Digital Forensics, Security and Law
The hard disk drive is probably the predominant form of storage media and is a primary data source in a forensic investigation. The majority of available software tools and literature relating to the investigation of the structure and content contained within a hard disk drive concerns the extraction and analysis of evidence from the various file systems which can reside in the user accessible area of the disk. It is known that there are other areas of the hard disk drive which could be used to conceal information, such as the Host Protected Area and the Device Configuration Overlay. There …
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Bluetooth Hacking: A Case Study, Dennis Browning, Gary C. Kessler
Journal of Digital Forensics, Security and Law
This paper describes a student project examining mechanisms with which to attack Bluetooth-enabled devices. The paper briefly describes the protocol architecture of Bluetooth and the Java interface that programmers can use to connect to Bluetooth communication services. Several types of attacks are described, along with a detailed example of two attack tools, Bloover II and BT Info.
Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre
Detection Of Steganography-Producing Software Artifacts On Crime-Related Seized Computers, Asawaree Kulkarni, James Goldman, Brad Nabholz, William Eyre
Journal of Digital Forensics, Security and Law
Steganography is the art and science of hiding information within information so that an observer does not know that communication is taking place. Bad actors passing information using steganography are of concern to the national security establishment and law enforcement. An attempt was made to determine if steganography was being used by criminals to communicate information. Web crawling technology was used and images were downloaded from Web sites that were considered as likely candidates for containing information hidden using steganographic techniques. A detection tool was used to analyze these images. The research failed to demonstrate that steganography was prevalent on …
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Correlating Orphaned Windows Registry Data Structures, Damir Kahvedžić, Tahar Kechadi
Journal of Digital Forensics, Security and Law
Recently, it has been shown that deleted entries of the Microsoft Windows registry (keys) may still reside in the system files once the entries have been deleted from the active database. Investigating the complete keys in context may be extremely important from both a Forensic Investigation point of view and a legal point of view where a lack of context can bring doubt to an argument. In this paper we formalise the registry behaviour and show how a retrieved value may not maintain a relation to the part of the registry it belonged to and hence lose that context. We …
To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
To License Or Not To License Revisited: An Examination Of State Statutes Regarding Private Investigators And Digital Examiners, Thomas Lonardo, Doug White, Alan Rea
Journal of Digital Forensics, Security and Law
In this update to the previous year's study, the authors examine statutes that regulate, license, and enforce investigative functions in each US state. After identification and review of Private Investigator licensing requirements, the authors find that very few state statutes explicitly differentiate between Private Investigators and Digital Examiners. After contacting all state agencies the authors present a distinct grouping organizing state approaches to professional Digital Examiner licensing. The authors conclude that states must differentiate between Private Investigator and Digital Examiner licensing requirements and oversight.
Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler
Book Review: Cyber Security And Global Information Assurance: Threat Analysis And Response Solutions, Gary C. Kessler
Journal of Digital Forensics, Security and Law
I freely admit that this book was sent to me by the publisher for the expressed purpose of my writing a review and that I know several of the chapter authors. With that disclosure out of the way, let me say that the book is well worth the review (and I get to keep my review copy).
The preface to the book cites the 2003 publication of The National Strategy to Secure Cyberspace by the White House, and the acknowledgement by the U.S. government that our economy and national security were fully dependent upon computers, networks, and the telecommunications infrastructure. …
Insecurity By Obscurity: A Review Of Soho Router Literature From A Network Security Perspective, Patryk Szewczyk, Craig Valli
Insecurity By Obscurity: A Review Of Soho Router Literature From A Network Security Perspective, Patryk Szewczyk, Craig Valli
Journal of Digital Forensics, Security and Law
Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.
Electronic Forms-Based Computing For Evidentiary Analysis, Andy Luse, Brian Mennecke, Anthony M. Townsend
Electronic Forms-Based Computing For Evidentiary Analysis, Andy Luse, Brian Mennecke, Anthony M. Townsend
Journal of Digital Forensics, Security and Law
The paperwork associated with evidentiary collection and analysis is a highly repetitive and time-consuming process which often involves duplication of work and can frequently result in documentary errors. Electronic entry of evidencerelated information can facilitate greater accuracy and less time spent on data entry. This manuscript describes a general framework for the implementation of an electronic tablet-based system for evidentiary processing. This framework is then utilized in the design and implementation of an electronic tablet-based evidentiary input prototype system developed for use by forensic laboratories which serves as a verification of the proposed framework. The manuscript concludes with a discussion …
A Synopsis Of Proposed Data Protection Legislation In Sa, Francis S. Cronjé
A Synopsis Of Proposed Data Protection Legislation In Sa, Francis S. Cronjé
Journal of Digital Forensics, Security and Law
Privacy International1 made the following statement regarding South Africa’s financial sector in its 2005 world survey: “South Africa has a well-developed financial system and banking infrastructure. Despite the sophistication of the financial sector, the privacy of financial information is weakly regulated by a code of conduct for banks issued by the Banking Council.” This extract highlights some of the problems South Africa are experiencing with its current status on privacy as viewed from an International perspective. In recent years the International society has stepped up its efforts in creating a global village wherein the individual could be assured of having …
Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick
Prevention Is Better Than Prosecution: Deepening The Defence Against Cyber Crime, Jacqueline Fick
Journal of Digital Forensics, Security and Law
In the paper the author proposes that effectively and efficiently addressing cyber crime requires a shift in paradigm. For businesses and government departments alike the focus should be on prevention, rather than the prosecution of cyber criminals. The Defence in Depth strategy poses a practical solution for achieving Information Assurance in today’s highly networked environments. In a world where “absolute security” is an unachievable goal, the concept of Information Assurance poses significant benefits to securing one of an organization’s most valuable assets: Information. It will be argued that the approach of achieving Information Assurance within an organisation, coupled with the …
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Table Of Contents
Journal of Digital Forensics, Security and Law
No abstract provided.
Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns
Graduate Accounting Students' Perception Of It Forensics: A Multi-Dimensional Analysis, Grover S. Kearns
Journal of Digital Forensics, Security and Law
Forensics and information technology (IT) have become increasingly important to accountants and auditors. Undergraduate accounting students are introduced to general IT topics but discussion of forensic knowledge is limited. A few schools have introduced an undergraduate major in forensic accounting. Some graduate schools offer accounting students an emphasis in forensic or fraud accounting that includes instruction in forensics and information technology. When students do not view the IT topics as being equally important to their careers as traditional accounting topics, these attitudes may reduce the quality of the course. In an effort to assess student attitudes, a survey of 46 …
Defining A Forensic Audit, G. S. Smith, D. L. Crumbley
Defining A Forensic Audit, G. S. Smith, D. L. Crumbley
Journal of Digital Forensics, Security and Law
Disclosures about new financial frauds and scandals are continually appearing in the press. As a consequence, the accounting profession's traditional methods of monitoring corporate financial activities are under intense scrutiny. At the same time, there is recognition that principles-based GAAP from the International Accounting Standards Board will become the recognized standard in the U.S. The authors argue that these two factors will change the practices used to fight corporate malfeasance as investigators adapt the techniques of accounting into a forensic audit engagement model.