Class 10 Grover Kearns, PhD, CPA, CFE 1 What is Forensic Accounting? Forensic accounting is accounting that is suitable for legal review, offering the highest level of assurance, and including the now generally accepted connotation of having been arrived at in a scientific fashion. Encompasses investigation, dispute resolution and litigation support. 2 Forensic Accounting Specialist A forensic accountant combines accountancy and computer forensics to analyze financial data and find evidence that would be legally valid during a court proceeding. Is engaged in electronic discovery investigating digital evidence from computers and other devices. Can acquire, analyze and report on digital evidence. Conducts special audits aka a review, a due diligence, an investigative audit, or a forensic audit. Each label has its own connotations. 3 Essential MS Security Malicious Software Removal Tool Microsoft Security Essentials Update Adobe, Flash, Java Uninstall old Java Avira Anti-Virus Free Update Security Patches Weekly Update Anti-Virus at Least Weekly 4 Trust everyone … but always cut the cards. 5 6 Passware Kit Forensic 9.5 http://www.lostpassword.com/kit-forensic.htm 7 Paraben Sticks 8 What are Hidden Files? A file with a special hidden attribute turned on, so that the file is not normally visible to users. Hidden files mainly serve to hide important operating system-related files and user preferences. 9 Find Hidden Files Turn on Windows operating system preference to show hidden files. In Explorer > Tools > Folder options… > View > Select “Show hidden files, folders, and drives” > OK Use software to search for hidden files. 10 Oops! Your comments are showing. The purchasing agent is a boob… Click the Microsoft Office Button , point to Prepare, and then click Inspect Document. In the Document Inspector dialog box, click Inspect. Review the inspection results. If Document Inspector finds comments and tracked changes, you are prompted to click Remove All next to Comments, Revisions, Versions, and Annotations. Don’t send the annotations with the document! 12 Remove personal information from file before distribution. Alternatives: *Send as .pdf *Save as .rtf and then reconvert to .doc Properties can provide information on file name, final author and company (is this the company that you expected?). Note dates, last saved by, and total editing time. Other Methods to Conceal Change the file extension Change font color to background Data.xls becomes Data.jpg In a Word document change font color to white, etc. Hide rows and columns in spreadsheets Use steganography 16 Steganography Steganography comes from the Greek words Steganós (Covered) and Graptos (Writing). The goal is to hide messages inside other harmless messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message Hide any type of binary file in any other binary file Security through obscurity 17 Steganography The Good Watermarks (Copyright Protection) Unique Hash Value Tag Notes Confidentiality Encryption Anonymity Private Communication The Bad Industrial Espionage Terrorism Pornography Malware 18 Digital Steganography Text in media files Pictures in media files Audio files Picture files Video files Other picture files Video files Files archived in other pictures Popular data formats (carriers) .bmp .doc .gif .jpeg .mp3 .txt .wav This image contains hidden text 19 Picture in Picture Can you see any differences? (the one on the left is meaner) 20 File Size Comparisons 21 QuickCrypto Type secret message here. 22 What is a Virtual Machine? A virtual machine is a tightly isolated software container that can run its own operating systems and applications as if it were a physical computer. A virtual machine behaves exactly like a physical computer and contains it own virtual (ie, softwarebased) CPU, RAM hard disk and network interface card (NIC). 23 What is a Virtual Machine? An operating system can’t tell the difference between a virtual machine and a physical machine, nor can applications or other computers on a network. A virtual machine is composed entirely of software and contains no hardware components whatsoever. 24 Creating a USB Boot The easiest way to turn a USB flash drive into a bootable Windows 7 installer is by using the tool Microsoft offers 25 Q. If I already have the hashes (produced by hash.exe) of my operating system, how difficult is it to compare the current hashes of the same files to make certain none have been altered? A. It is a simple 3 line batch file using hash.exe and compare.exe. It should take approximately 10 minutes to complete. 26 Q. How do I dump the contents of RAM on a Windows machine? A. Use the nifty freeware WinDump! 27 Q. What is a packet sniffer? A. It sniffs packets! It actually captures certain packets or headers to ascertain network quality. It can also be used in a nefarious fashion. WireShark aka Ethereal is a popular freeware packet sniffer. Do you know what a packet is? 28 What is a Honeypot? In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. 29 Brief E-mail Header 30 Full Header 31 32 Email Servers and Clients 33 Horizontal & Vertical Analysis of Income Stmt Horizontal: Pct change from prior period Vertical: Divide each item by Sales Revenues 34 Horizontal & Vertical Anal. of Balance Sheet Horizontal: Pct change from prior period Vertical: Divide each item by Total Assets 35 Extract / Filter Use Data / Filter 36 Extract / Filter Filters on any field and can use “if” and “where” type operators. Save new set in a worksheet or file. 37
© Copyright 2024