Modalities for Forensic Review of Computer Related Frauds for... · Modalities for Forensic Review of Computer Related Frauds ... Modalities for Computer Forensic Examination ...

Modalities for Forensic Review of

Computer Related Frauds

Neneh Addico

(CFE, CA), MTN Ghana

Outline

Recent Computer Crime Cases

What is Computer Crime Forensics

Types of Computer Related Crimes

Relevance of Forensic in Organizations

Modalities for Computer Forensic Examination

Challenges in Computer Crime Forensics

End Results of Forensic Reviews

Forensic Reviews & Litigation Support

Combating Computer Crimes

Recent Computer Crime Cases

What is Computer Crime Forensics

Computer Crime is any illegal act for which knowledge of

computer technology is essential for its Perpetration,

Investigation, Prosecution.

Prevalent due to increased used and dependency on computers

and other technological gargets to support

business/government/individual processes.

Laptops/Computers/Smartphones/Servers/PDAs/Tablets

Software/Applications – EBS (Oracle/SAP/OS

Networks and internet (GSM)

Data/Information – (Client Data, Financial Data, Cloud)

What is Computer Crime Forensics (cont)

Fraudsters exploits/applies these technologically advance tools

to commit fraud.

Individuals, Governments and Organizations with some of value

are targets

Computer criminals are becoming more organized and

determined

Containment analysis and eradication should be accomplished

immediately computer crime is reported

Types of Computer Related Crimes

Unauthorized access.

Exceeding authorized access.

Intellectual property theft or misuse of information.

Pornography.

Theft of services.

Forgery.

Property theft (e.g., computer hardware and chips).

Invasion of privacy.

Denial of services.

Manipulation of software applications.

Viruses.

Sabotage (i.e., data alteration or malicious destruction).

Extortion.

Embezzlement.

Espionage.

Terrorism.

Relevance of Forensic in Organizations

1. Increased dependency on IT to support business

government processes

2. Ineffective IT Governance (PPPs/SODs/DOAs)

3. Regulatory Requirements (Banks etc.)

4. Security/Control/Compliance not at same pace with

Technological advancement and development

5. Determination of computer criminals

6. Potential losses or Reputational Damage

Modalities for Computer Forensics (1)

Planning the forensic Examination

• Scoping & Scope Limitation

• Identify IT resource or systems being reviewed

• Determine period of relevance

• Decide specialist help required

• Identify all person possibly involved

• Identify standards/policies/framework applicable

• Objective

• Recommendation to improve process/strengthen controls

• Determine loss or damage suffered

• Evidence Handling and retention

• Chain of evidence - accountability and protection

• Evidence life cycle (identify, collect, store, preserve, transport, present in court and

return to owner)

Modalities for Computer Forensics (2)

Execution

• Literature review of the incident

• Interviewing (obtain written statements & also record)

• Confessions

• Evidence gathering

• Involves Data Analysis, Data Mining, Tracing, Simulation,

texts, confirmations, extracts, imaging, copying,

reconstruction.

• Could be Direct, real, documentary, and demonstrative

• Documentation of modus operation

• Perform root cause analysis – to identify

control/process weaknesses/absence

Modalities for Computer Forensics (3)

Reporting

2 Types of Forensic Reports

• Preliminary report

• Long form or detail report

Content of Forensic Long Form Report

• Distribution List

• Executive summary

• Introduction and Background

• Objective and Scope

• Scope Limitation and Subsequent Events

• Procedures Performed

• Detailed findings

• presentation of interview statement

• Presentation of evidence obtained

• Professional opinion from contrasting

• hjkk

Modalities for Computer Forensics (4)

Content of Forensic Long Form Report (cont.)

• Modus operandi

• Root Causes

• Recommendations

• Conclusion

• Acknowledgement

• Recommendation Implementation Plan

Challenges in Computer Crime Forensics

Lack of traditional paper audit trail

Require understanding of the technology used in

committing the crime

May require use of more than one specialist to assist

the forensic examiner

Legal developments lags behind technological

advancement

Lack of experts and specialist

End Results of Forensic Reviews

Produce forensic report to management

• Determination of loss suffered or recoveries made

• HR disciplinary action

• Recommendations for Control/Process Improvement

Articulate evidence to support criminal prosecution

• Modus operandi

• Evidence of compromised IT resources (unauthorized access)

• Articulate losses/damages suffered

• Expert witness testimony

Forensic Reviews & Litigation Support

Criminal law identifies a crime as being a wrong against society

Prosecution aims at punishing the offender to serve as a deterrent

against future crime

Judge must believe beyond reasonable doubt, that the offender is

guilty of the offense under a law

Forensic examination must articulate demonstrative evidence to

prove guilt of the offender

Litigation Support

• Coaching/prepping by prosecuting legal team

• Expert witness

• Simple testimony in laymen's terms

• Good knowledge of sections of criminal code/relevant laws applicable under the

circumstances

Combating Computer Crimes

Preventive Approaches

• Fraud Awareness Training

• Tone at the top – (shared Ethics & Values)

• Whistleblower/Hotlines

• Staff background checks

• SODs

• Tools & techniques (Encryption, Customer Validation, internal network security,

firewalls)

Detective Approaches • Fraud Risk Assessment to improve controls (show framework)

• Surprise & Periodic audits

Combating Computer Crimes

Recent Development in Ghana to Combat computer

crimes

• Legal framework – e.g. AML Act, Data Protection Act)

• Specialized Units in the Security Agencies

• Immergence of Anti-Fraud Units in Organization

• Regulatory Requirements (Basel 3, SOX, King III)