Class 10 Grover Kearns, PhD, CPA, CFE 1

Class 10
Grover Kearns, PhD, CPA, CFE
1
What is Forensic Accounting?


Forensic accounting is accounting that is
suitable for legal review, offering the
highest level of assurance, and including
the now generally accepted connotation
of having been arrived at in a scientific
fashion.
Encompasses investigation, dispute
resolution and litigation support.
2
Forensic Accounting Specialist




A forensic accountant combines accountancy and
computer forensics to analyze financial data and find
evidence that would be legally valid during a court
proceeding.
Is engaged in electronic discovery investigating
digital evidence from computers and other devices.
Can acquire, analyze and report on digital evidence.
Conducts special audits aka a review, a due diligence,
an investigative audit, or a forensic audit. Each label
has its own connotations.
3
Essential MS Security



Malicious Software Removal Tool
Microsoft Security Essentials
Update Adobe, Flash, Java




Uninstall old Java
Avira Anti-Virus Free
Update Security Patches Weekly
Update Anti-Virus at Least Weekly
4
Trust everyone
… but always cut the cards.
5
6
Passware Kit Forensic 9.5
http://www.lostpassword.com/kit-forensic.htm
7
Paraben Sticks
8
What are Hidden Files?


A file with a special hidden attribute
turned on, so that the file is not
normally visible to users.
Hidden files mainly serve to hide
important operating system-related
files and user preferences.
9
Find Hidden Files

Turn on Windows
operating system
preference to show
hidden files.


In Explorer > Tools >
Folder options… > View >
Select “Show hidden files,
folders, and drives” > OK
Use software to search
for hidden files.
10
Oops! Your comments are showing.
The purchasing agent is a boob…



Click the Microsoft
Office Button , point to
Prepare, and then click
Inspect Document.
In the Document
Inspector dialog box,
click Inspect.
Review the inspection
results. If Document
Inspector finds
comments and tracked
changes, you are
prompted to click
Remove All next to
Comments, Revisions,
Versions, and
Annotations.
Don’t send the annotations with the document!
12
Remove personal
information from file
before distribution.
Alternatives:
*Send as .pdf
*Save as .rtf and
then reconvert to
.doc
Properties
can provide
information
on file
name, final
author and
company (is
this the
company
that you
expected?).
Note
dates,
last
saved by,
and total
editing
time.
Other Methods to Conceal

Change the file extension


Change font color to background



Data.xls becomes Data.jpg
In a Word document change font color to
white, etc.
Hide rows and columns in spreadsheets
Use steganography
16
Steganography




Steganography comes from the Greek words
Steganós (Covered) and Graptos (Writing).
The goal is to hide messages inside other
harmless messages in such a way that no one
apart from the sender and intended recipient
even realizes there is a hidden message
Hide any type of binary file in any other binary
file
Security through obscurity
17
Steganography


The Good
 Watermarks (Copyright Protection)
 Unique Hash Value
 Tag Notes
 Confidentiality
 Encryption
 Anonymity
 Private Communication
The Bad
 Industrial Espionage
 Terrorism
 Pornography
 Malware
18
Digital Steganography

Text in media files




Pictures in media files




Audio files
Picture files
Video files
Other picture files
Video files
Files archived in other pictures
Popular data formats (carriers)







.bmp
.doc
.gif
.jpeg
.mp3
.txt
.wav
This image contains hidden text
19
Picture in Picture
Can you see any differences? (the one on the left is meaner)
20
File Size Comparisons
21
QuickCrypto
Type secret
message
here.
22
What is a Virtual Machine?

A virtual machine is a tightly isolated
software container that can run its own
operating systems and applications as if it
were a physical computer. A virtual machine
behaves exactly like a physical computer
and contains it own virtual (ie, softwarebased) CPU, RAM hard disk and network
interface card (NIC).
23
What is a Virtual Machine?

An operating system can’t tell the
difference between a virtual machine and a
physical machine, nor can applications or
other computers on a network. A virtual
machine is composed entirely of software
and contains no hardware components
whatsoever.
24
Creating a USB Boot

The easiest way
to turn a USB
flash drive into a
bootable
Windows 7
installer is by
using the tool
Microsoft offers
25
Q. If I already have the hashes (produced by hash.exe) of my
operating system, how difficult is it to compare the current hashes
of the same files to make certain none have been altered?
A. It is a simple 3 line batch file using hash.exe and compare.exe. It
should take approximately 10 minutes to complete.
26
Q. How do I dump the contents of RAM on a Windows
machine?
A. Use the nifty freeware WinDump!
27
Q. What is a packet sniffer?
A. It sniffs packets! It actually captures certain packets
or headers to ascertain network quality. It can also be
used in a nefarious fashion.
WireShark
aka Ethereal
is a popular
freeware
packet
sniffer.
Do you know
what a
packet is?
28
What is a Honeypot?

In computer terminology, a honeypot is a
trap set to detect, deflect, or in some manner
counteract attempts at unauthorized use of
information systems. Generally it consists of a
computer, data, or a network site that
appears to be part of a network, but is
actually isolated and monitored, and which
seems to contain information or a resource of
value to attackers.
29
Brief E-mail Header
30
Full Header
31
32
Email Servers and Clients
33
Horizontal & Vertical Analysis of Income Stmt
Horizontal: Pct change from prior period
Vertical: Divide each item by Sales Revenues
34
Horizontal & Vertical Anal. of Balance Sheet
Horizontal: Pct change from prior period
Vertical: Divide each item by Total Assets
35
Extract / Filter
Use Data / Filter
36
Extract / Filter
Filters on any field
and can use “if” and
“where” type
operators. Save new
set in a worksheet or
file.
37