my assgmnt
UNIVERSITI KUALA LUMPUR BUSINESS SCHOOL
FORENSIC ACCOUNTING AND FRAUD EXAMINATION
EAB30603
PREPARED FOR:
MOHD DANIEL AFIQ BIN KHAMAR TAZILAH
PREPARED BY:
NAME ID
NURUL NAJWA BT ISA
SITI SUHAILAH BT MOHD ASHIF
NUR AMIRAH BT TAHIR
SUZILAWATI BT AHMAD MOORTHY
NUR AMNINA BT AMERAI KHAN
SHARIFAH NORHATIQAH BT ABDUL WAHAB 62288113182
62288212286
62288212145
62288212062
62288212350
62288113212
BACHELOR IN ACCOUNTANCY (HONS)
DATE OF SUBMISSION:
29th OCTOBER 2014
TABLE OF CONTENT
CONTENT PAGE NUMBER
Introduction
Definition of Forensic Science
Forensic science are important to forensic accountant
Majors players in forensic investigating actions
Criminalists
Forensic scientists
Crime labs
FBI Labs
4.4.1 Computer Analysis and Responses Team (CART)
4.4.2 Evidence Response Teams (ERTs) 4.4.3 Questioned Documents Unit 4.4.4 Investigative and Prosecutive Graphics Unit 4.4.5 Racketeering Records Unit
Forensic evidence
How it is used to identify suspects and criminals
5.1.1 DNA Fingerprint
5.1.2 Hair
5.1.3 Blood Test
Testimonial Evidence
Investigatory tools in forensic science
Computer science
Major issues in a forensic computer investigation
Issues facing computer forensic
7.1.1 technical issues
7.1.2 legal issues
7.1.3 administrative issues
Step in forensic investigation of computers
Law enforcement databases and networks
National Integrated Ballistics Information Network (NIBIN)
Combined DNA Index System (CODIS)
Automated Fingerprint identification System (IAFIS)
National DNA Index System (NDIS)
National Law Enforcement Telecommunications Systems (NLETS)
National Crime Information Center (NCIC) Network
Reference 1.0 INTRODUCTION
World is the area where human need to live and survive for our life. A technological revolution in communications and information exchange has taken place within business, industry, and our homes. In this information technology age, the needs of law enforcement are changing as well. Some traditional crimes, especially those concerning finance and commerce, continue to be upgraded technologically. Paper trails have become electronic trails. Crimes associated with the theft and manipulations of data are detected daily. Crimes of violence also are not immune to the effects of the information age. By knowing how to solve it by using forensic science and computer forensics are very important.
Fraud Examination Evidence in Forensic Science and Computer Forensics is generally contains Forensic Science and Computer Forensics. Forensics is the term given to an investigation of a crime using scientific means. It is also used as the name of the application of scientific knowledge to legal matters. Forensic science covers many areas of traditional science and melds them together to create an area of science called forensics. Forensic science uses areas of science such as Chemistry, Biology and Physical Science. When a crime is committed and the forensic team is called in, there are many experts who cover their specialized fields. Although all these people could be considered forensic scientists, they have specific areas that they work in.
According to Ryan Purita, “Computer forensics is the application of analytical techniques on digital media after a computer security incident has occurred. Its goal is to identify exactly what happened on a digital system and who was responsible through a structured, investigative approach. Forensic investigations cover all areas of computer misuse, including fraud, Internet and e-mail abuse, entry to pornographic Web sites, and hacking, as well as accidental deletions or alterations of data.” Computer forensics is the practice of collecting, analyzing and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics follows a similar process to other forensic disciplines, and faces similar issues. It also is used to conduct investigations into computer related incidents, whether the incident is an external intrusion into your system, internal fraud, or staff breaching your security policy. The computer forensic method to be used is determined by the company’s management.
There are few areas of crime or dispute where computer forensics cannot be applied. Law enforcement agencies have been among the earliest and heaviest users of computer forensics and consequently have often been at the forefront of developments in the field.
Computers may constitute a ‘scene of a crime’, for example with hacking or denial of service attacks or they may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking. It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’ associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions. More recently, commercial organizations have used computer forensics to their benefit in a variety of cases such as intellectual property theft, industrial espionage, employment disputes, fraud investigations, forgeries and bankruptcy investigations.
2.0 DEFINITION OF FORENSIC ACCOUNTING
Forensic science is the application of science to legal matters. One of the earliest applications of forensic science dates back to the 7th century when fingerprints on loan documents were used to prove debtors identities. Since that time, forensic science has become much more sophisticated, especially with the explosion of scientific knowledge in the 20th century.
Forensic science has numerous branches, has many of which are important to forensic accounting. Some forensic science branches are shown as below.
Forensic science specialist Primary focus
Forensic ballistics Firearms
Computer forensic Computer technology
Criminalistics Collection, processing, and analysis of crime scene evidence
Dactylography Fingerprints
Forensic anthropology Human skeleton
Forensic engineering Material products, structures, and components that either fail to operate or do not operate properly
Forensic entomology Insects as they relate to identifying the time and location of death
Forensic evidence Any physical thing than can be used as evidence in a legal proceeding
Forensic genetics DNA analysis to identify subjects
Forensic identification Object identification from trace evidence
Forensic odontology Dental evidence to identify bite marks and dead bodies
3.0 FORENSIC SCIENCES ARE IMPORTANT TO FORENSIC ACCOUNTANT
The specialty areas of particular interest to forensic accounting include computer forensics, criminalistics, dactylography, forensic evidence, forensic identification, and forensic, forensic psychology/psychiatry, and information forensics. The other specialties are also of interest but apply more to murders, armed robberies and so on, than to forensic accounting.
4.0 MAJOR PLAYERS IN FORENSIC INVESTIGATIONS
Forensic science investigations involve various types of forensic specialists. These include criminalists, forensic scientists and crime labs.
4.1. Criminalists
Criminalists are crime scene technicians or investigators who specialize in finding, collecting and preserving physical evidence at crime scene. The typical criminalist has a college degree with substantial coursework in areas such as biology, chemistry and physics. Some colleges and universities offer specialized degree programs in criminalistics.
Criminalists are especially good at performing certain activities, such as collecting blood, DNA, fingerprints, footprints, trace evidence and so on, in homicide cases. However, these types of evidence are often only peripherally important in financial and computer related crimes, although fingerprints are discussed later.
Some criminalists have special training in computer and information systems, which becoming more important as computer criminals become more sophisticated. In the absence of a specially trained criminalist, law enforcement officer are likely to seize computer using standard search warrant procedures.
In some cases, traditional criminalists and specialist work together at the time crime scene. For example, an arsonist might burn a building to cover up a financial crime in which case both arson investigators and computer specialized criminalists need to work together.
4.2 Forensic Scientists
A forensic scientist tends to work in laboratory rather than at crime scenes. Furthermore, a forensic scientist focuses on interpreting evidence gathered by criminalists although some experienced criminalist develops interpretive skills. Forensic scientist tends to have graduate degrees, and some have doctorate degrees in areas such as genetics, biology, and chemistry. Forensic scientists specializing in information technology may have graduate degrees in computer science.
Criminalists generally work at the beginning of cases, forensic scientists typically work at the end of cases, and they are the individuals who normally give expert testimony in the courtroom.
4.3. Crime Labs
The United States has hundreds of crime labs. Approximately 80 percent of them are affiliated with a police agency. The better labs are accredited by one of the main accrediting organizations such as the American Society of Crime Laboratory Directors or the National Forensic Science Technology Center. Specializes labs can receive additional accreditation.
At the state level, a crime lab typically includes a single parent lab and several regional labs. This ensures that in most cases a nearby crime lab is available for all law enforcement jurisdictions.
The typical crime lab has five divisions or departments: serology, unknown’s substances, trace evidence, ballistics and fingerprints.
4.4 FBI Labs
The FBI lab, which is much more sophisticated than a typical state lab, provides lab and related forensic services in the following areas:
Chemistry
Combined DNA index system (CODIS)
Computer analysis and response team (CART)
DNA analysis
Evidence response team (ERT)
Explosives
Firearms and tool marks
Forensic audio, video and image analysis
Forensic science training.
Hazardous material response
Investigative and prosecutive graphics
Latent prints
Materials analysis
Questioned documents
Racketeering records
Special photographic analysis
Of special interest to the forensic accountant are the computer analysis and response team (CART), evidence response team (ERT), questioned documents unit, investigative and prosecutive graphics, and racketeering records. Each of these is discussed in the following sections.
4.4.1 Computer Analysis and Response Team (CART)
CART consists of a group of individuals who are highly trained in information technology and networking. Included in the group are forensic computer examiners with expertise in nine areas:
Content- determining the content of computer files
Comparison- comparing the content of computer files to known reference files and or documents.
Transaction- determining the exact time and sequence in which files were created or modified.
Extraction- extracting data from computer storage.
Detection- recovering deleted data files.
Format conversion- covering data from one format to another.
Keyword searching- finding data (possibly in deleted data files) that contain keywords or phrases of interest.
Password recovery- finding or recovering passwords that have been used to encrypt files or that limit investigators access to important IT resources.
Limited sources code- studying computer programs to identify processing steps that can be of interest to investigators.
4.4.2 Evidence Response Teams (ERTs)
ERTs are groups of FBI special agents who focus on evidence recovery. They are experts in the latest techniques for finding and collecting evidence. ERTs normally include a team leader and six additional support specialists, including an evidence custodian, sketch preparer, photographer, evidence log recorder, evidence collector/processor, and specialist such as bomb, technician or forensic anthropologist.
4.4.3 Questioned Documents Unit
The questioned documents unit examines paper documents, surface impressions on paper document, and other type of surface impressions such as shoeprints and tire tread impressions. Documents examination typically involves comparing questioned documents with other types of evidentiary materials. Examiners also evaluate the characteristics of the documents themselves, including watermark and safety fibers. The unit is capable of evaluating many types of paper surface impressions, including those originating from handwriting, typewriting, printing and hand printing. The unit also analyzes typewriter/ printer ribbons, photocopiers, faxes, graphic arts and plastic bags. Various databases are maintained within the unit, including the anonymous letter file, bank robbery note file, national fraudulent check file, watermark file, and shoeprint file.
4.4.4 Investigative and Prosecutive Graphics Unit
This unit specializes in crime scene survey and documentation, forensic facial imaging, and demonstrative evidence. Demonstrative evidence is generally of the most interest to financial investigations. In regard to this evidence, the unit provides charts, maps, diagrams, link analyses flow and check kite charts, time lines and technical renderings, of course accountant are also very skilled in providing graphics.
4.4.5 Racketeering Records Unit
This unit contains four subunits: gambling, drug, money laundering, and cryptanalysis. Each of which specializes in the examination of financial, property, taxation, real estate and other types of records relating to specific types of crimes. The gambling subunit focuses not only on gambling records but also on the examination of records relating to support bookmaking, loan, sharking; prostitution, illegal lottery, video gambling machines, and internet gambling. The drug subunit examines record relating to illegal drug trafficking operations. The money laundering subunit examines financial records relating to all areas including international terrorism. Finally, the cryptanalysis subunit ‘breaks’ coded message found in the letter, email message, diaries and financial records often used by organizes crime and gang members, prison inmates and terrorist groups.
5.0 FORENSIC EVIDENCE
Evidence usable in a court, specially the one obtained by scientific methods such as ballistic, blood test, and DNA test.Evidence is crucial for ruling out suspects, finding criminals and proving their guilt. Many criminals go to great lengths to cover up their crime and leave no feasible trace of evidence, but major advances in forensics and investigation practices have made it possible to dig up various types of evidence that are admissible in court and bring police closer to catching criminals.
5.1 How it is used to identify suspects and criminals
We can identify the evidence by using DNA fingerprints, hair or blood test.
5.1.1 DNA fingerprints
This process is used as one means of identification when an attacker or assailant has left some kind of bodily fluid or blood at the scene of crime and when no visual identification is possible. Fingerprints are the most incriminating types of evidence used in criminal cases because it’s one of the most reliable forms of identification.
5.1.2 Hair
This kind of evidence that can bring police near to the criminal. Forensic scientists may have better chance at testing the DNA if the hair follicle and still intact.
5.1.3 Blood test
Blood is an incriminating type of evidence for various reasons. DNA can be extracted from blood to find a criminal and blood type can be analyzed to help rule out suspects.
There is more of evidence that we can use to prove the suspects and criminals have involve in criminal scene. The ways they solve evidence must be real and have been approve to take the evidence to the court.
6.0 TESTIMONIAL EVIDENCE
A witness who is qualified as an expert by knowledge, skill, experience, training, or education may testify in the form of an opinion or otherwise if there are
The expert’s scientific, technical, or other specialized knowledge will help the Trier of fact to understand the evidence or to determine a fact in issue. The testimony is based on sufficient facts or data.
The testimony is the product of reliable principles and methods.
The expert has reliably applied the principles and methods to the facts of the case.
The specific requirements for a technique or theory to be considered scientific such the technique or theory has been subjected to scientific testing, has been published in peer-reviewed scientific journals, the error rate for the technique is reasonably estimated or known and also the theory is accepted in the relevant scientific community. It a lies only in federal courts and in those states that have adopted. Some court may rigorously apply the entire requirement to prevent possible problem with appeals
Such as case the Supreme Court Kumho Rire Co. V. Carmicheal, the court made mandatory a Daubert determination in all cases involving expert testimony and refine the flexible requirement by indicating that they should not necessarily be applied to all forms of expert testimony with the same but should applied strictly only to forms for which their strict application is possible.
So Daubert determination is normally in a “mini-trial” held before judge but outside the presence of the jury. The judge rules on whether the witness qualifies as an expert and can represent a given body of evidence as being scientific and who is not permitted to present the evidence as being scientific may still be permitted to introduced it as personal expect opinion.
The court will accept as scientific evidence is an ongoing open question but some courts accept a given method while others reject it. Besides that, they can reverse themselves at any time because scientific knowledge and method are constantly changing and new arguments can be made and witness is prepared to argue that the method employed meet the Daubert test. Use the combination of the Daubert and Frye test; others use some version of the Frye test.
6.1 Investigatory tools in forensic science
Forensic science can be used not only to collect court-admissible evidence but also as an investigatory tool. Some investigatory tools:
Brain printing
Monitors the pattern of the subject’s brain activity with special instruments while showing her a photo. The pattern of brain activity is then used to determine whether the subject is familiar with the content of the photo.
Biometrics
Identifying persons by physical characteristics is under development. Computers are being used to identify people by the irises in their eyes, the shapes of their ears, their “voice prints,” and so on. Video biometrics is becoming especially important as police continue to place video cameras in more and more public locations.
Profiling
Being developed and used today. Organized crime groups could be identified by mathematical, structural analyses of social networks. Profiles of criminals including their age, marital status, education, living community, income, personality factors, and so on there are being developed and used to solve various crimes.
Data mining
Using artificial intelligence to analyze large volumes of data by considering the relationships between individual data items.6.2 Computer Forensic
The computer forensics involves applying computer science techniques to assist in investigations relating to a wide range of legal matters.
Computer forensic specialists are typically called on to study computers and computer networks to discover and preserve computer-related evidence and to achieve objectives in the following three areas: Identify the perpetrator(s) of a crime or other type of malfeasance, locate and recover data, files, or e-mail messages relating to a crime or civil matter and reconstruct damaged databases and files.
7.0 MAJOR ISSUES IN A FORENSIC COMPUTER INVESTIGATION
A Computer Forensic Investigation generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorized access or not.
7.1 Issues facing computer forensics
The issues facing computer forensics examiners can be broken down into three broad categories: technical, legal and administrative.
7.1.1 Technical issues
Encryption
Encrypted data can be impossible to view without the correct key or password. Examiners should consider that the key or password may be stored elsewhere on the computer or on another computer which the suspect has had access to. It could also reside in the volatile memory of a computer which is usually lost on computer shut-down, another reason to consider using live acquisition techniques, as outlined above.
Increasing storage space
Storage media hold ever greater amounts of data, which for the examiner means that their analysis computers need to have sufficient processing power and available storage capacity to efficiently deal with searching and analyzing large amounts of data.
New technologies
Computing is a continually evolving field, with new hardware, software and operating systems emerging constantly. No single computer forensic examiner can be an expert on all areas, though they may frequently be expected to analyze something which they haven’t previously encountered. In order to deal with this situation, the examiner should be prepared and able to test and experiment with the behavior of new technologies. Networking and sharing knowledge with other computer forensic examiners is very useful in this respect as it’s likely someone else has already come across the same issue.
Anti-forensics
Anti-forensics is the practice of attempting to thwart computer forensic analysis. This may include encryption, the over-writing of data to make it unrecoverable, the modification of files’ metadata and file obfuscation (disguising files). As with encryption, the evidence that such methods have been used may be stored elsewhere on the computer or on another computer which the suspect has had access to. In our experience, it is very rare to see anti-forensics tools used correctly and frequently enough to totally obscure either their presence or the presence of the evidence that they were used to hide.
7.1.2 Legal issues
Legal issues may confuse or distract from a computer examiner’s findings. An example here would be the ‘Trojan Defence’. A Trojan is a piece of computer code disguised as something benign but which carries a hidden and malicious purpose. Trojans have many uses, and include key-logging), uploading and downloading of files and installation of viruses. A lawyer may be able to argue that actions on a computer were not carried out by a user but were automated by a Trojan without the user’s knowledge; such a Trojan Defence has been successfully used even when no trace of a Trojan or other malicious code was found on the suspect’s computer. In such cases, a competent opposing lawyer, supplied with evidence from a competent computer forensic analyst, should be able to dismiss such an argument. A good examiner will have identified and addressed possible arguments from the “opposition” while carrying out the analysis and in writing their report.
7.1.3 Administrative issues
Accepted standards
There are a plethora of standards and guidelines in computer forensics, few of which appear to be universally accepted. The reasons for this include: standard-setting bodies being tied to particular legislations; standards being aimed either at law enforcement or commercial forensics but not at both; the authors of such standards not being accepted by their peers; or high joining fees for professional bodies dissuading practitioners from participating.
Fit to practice
In many jurisdictions there is no qualifying body to check the competence and integrity of computer forensics professionals. In such cases anyone may present themselves as a computer forensic expert, which may result in computer forensic examinations of questionable quality and a negative view of the profession as a whole.
8.0 STEP IN FORENSIC INVESTIGATION OF COMPUTERS
There are eight steps in order to do forensic investigation of computers. The forensic professional must follow this procedure in dealing with computer that can gather evidence.
The first step is size up the situation. In order to size up the situation, the forensic professional firstly must ask some questions to solve the problems. For example, “What type of incident is being investigated? Who are likely perpetrators, and how sophisticated are they?” The way is answered will affect how the investigator proceeds. The perpetrators will have the largest impact on the approach taken based on the seriousness of the matter. If the matter already known to be serious, consideration should be given to immediately restricting access to the suspected computers and relevant areas, and the issue should be discussed with law enforcement authorities, who could bring in criminalists to process the crime scene.
The second step is logging every detail. The forensic professional should keep an accurate log of every step followed. It should contain precise details, including names, dates, times, and computer serial numbers.
The third step is conducting the initial survey. Anything that relevant to the investigation, the forensic professional must immediately secure the site. For example, any offices and computers need to be secure in conducting the initial survey. They also need to secure any computer servers, videos security camera recordings, computerized phone records, centralized email databases and others. This action is to restrict access to it to those participating in the investigation. All investigators need to wear plastic gloves during the investigation to avoid damaging possible evidence. Items that already been collected should be placed in tamper-proof evidence bags.
The fourth step is access the possibility of ongoing undesirable activity. The forensic professional can also install a packet sniffer if there still involved some crime during the investigation. According to Andy O'Donnell stated that “Packet sniffer is tools that are commonly used by network technicians to diagnose network-related problems. Packet sniffers can also be used by hackers for less than noble purposes such as spying on network user traffic and collecting passwords.” Another alternative is remote keyboard logging or monitoring software. This software can record and sent to a private web site all internet activity on a surveilled computer which includes incoming and outgoing email, chat sessions and web browser activity. The computer could contain some type of active Trojan horse, worm, virus, spyware or others that involved in sending out spam or spreading itself to other computers even they have already install the software. Therefore, the investigator can be we need to immediately unplug or disconnect the computer from the network to avoid the virus spread and hackers can access the information without we realized.
The fifth step is power down. If the subject computer is already off, it should not be turned on. If it is on, some minimal work must be done before shutting down the machine. It is much safer if shut down a machine than to do any work on it. There is a situation when we just need to unplug the internet itself and unplug the computer. If the computer already unplug, it is better for forensic investigator from touch it and switch on back because the possibility of data damage is high because he can be charged into it. Once the professional forensic starts working on the machine, data can be lost, and the investigator becomes responsible for the machine’s status. The forensic professional must carefully logged about the information such as list of all processes that running on the system, the locations of their related programs, and any characteristic information available about them like priority, memory size, related processes, and CPU utilization. After investigator list down all the programs in the computer, then he can shut down the machine down. This is because it will applicable when they use late-version system, majority is stored on RAM therefore they need to do a backup first.
The sixth step is check for booby traps. The forensic professional must consider the possibility that the system may has booby traps once it is opened. The booby trap is a device that can destroy the internal system of the computer. Therefore, the forensic professional should use a fiber optic probe to examine the computer’s internal contents.
The seventh step is the investigator must duplicate the hard drive or other permanent unit. The investigator should photograph its inside and remove the hard drive and log its make, model and serial number, when the computer is open. It should be placed in a sealed evidence bag. The next following step is the hard drive’s serial number should be documented in the notes. The forensic investigator must duplicate the hard drive using a system guaranteed. The duplication system should independently generate a checksum for both original and duplicate disk.
The last step that should be taken by the forensic professional is analyzing the hard drive. The drive can be placed in a machine and then booted. Booting is to explore it without concern for changing its contents and to verify any findings using second duplicate copy that was not booted. There are some alternative sources for data recovery. It is a good practice to consider checking out computers belonging to individuals in the perpetrator’s email address book. Some files or documents actually have already secure with password done by the forensic professional; eventually the sophisticated perpetrators are possible to have encrypted files with elaborate encryption techniques. The examiner should investigate the system and individual program log files for example who accessed the computer, when, what software are used in order to secure the system. Secondly, identify individuals in a network environment. One of the best ways to track the hacker is through his IP address or known as Internet Protocol address. Margeret Rouse defined the Internet Protocol (IP) is “the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.” When the subject’s IP address has been identified, investigator can identify the hacker’s information. Unfortunately, majority of the hackers used a fake IP address so that they are not able detected. They hide their IPs by communicating through proxy server.
9.0 LAW ENFORCEMENT DATABASES AND NETWORKS
In order to help the investigations, some of the professionals’ law enforcement can access too many databases.
National Integrated Ballistics Information Network (NIBIN)
NIBIN Program automates ballistics evaluations and provides actionable investigative leads in a timely manner. NIBIN is the only interstate automated ballistic imaging network in operation in the United States and is available to most major population centers in the United States. Prior to the NIBIN Program, firearms examiners performed this process manually which was extremely labor intensive. To use NIBIN, firearms examiners or technicians enter cartridge casing evidence into the Integrated Ballistic Identification System. These images are correlated against the database. Law enforcement can search against evidence from their jurisdiction, neighboring ones, and others across the country. This program is one investigative tool accessed by law enforcement that allows each of us to share information and cooperation easily making all of us more effective in closing cases.
Combined DNA Index System (CODIS)
CODIS are the FBI program that allowed forensic DNA laboratories to create and search databases of DNA profiles. The Federal DNA Identification Act of 1994 authorized the FBI to create CODIS and set national standards for forensic DNA testing. CODIS became fully operational in 1998. CODIS databases exist at the local (LDIS), STATE (SDID), and national levels (NDIS). This tiered architecture allows crime laboratories to control their own data, enabling each laboratory to decide which profiles it will share with the rest of the country. CODIS contain an index of convicted offender and arrestee profiles. These profiles are developed from biological samples submitted when an individual is arrested for or convicted of statutorily specified crimes. Each state has different qualifying offences, and there are requirements for entering the profiles into the local, state or national database. When biological evidence is collected from a crime scene or victim, a DNA profile of a suspect may be developed. This “forensic unknown profile” can be compared to profiles in the convicted offender and arrestee index.
Automated Fingerprint identification System (IAFIS)
IAFIS is a national automated fingerprint identification and criminal history system maintained by the FBI. IAFIS provides automated fingerprints and responses. IAFIS is the largest biometric database in the world. Employment background checks and legitimate firearms purchases cause citizens to be permanently recorded in the system. For instance, the State of Washington mandates that all applicants seeking employment in an inpatient setting that houses vulnerable minors are fingerprinted and entered in to IAFIS as part of their background check in order to determine if the applicant has any record of criminal behavior. Law enforcement agencies then can request a search in IAFIS to identify crime scene fingerprints obtained during criminal investigations.
National DNA Index System (NDIS)
NDIS is one part of CODIS that containing the DNA profiles contributed by federal, state and local participating forensic laboratories. NDIS was implemented in October 1998. The DNA Identification Act of 1994 authorized the establishment of this DNA index. The Act specifies the categories of data that may be maintained in NDIS as well as requirements for participating laboratories relating to quality assurance, privacy and expungements
National Law Enforcement Telecommunications Systems (NLETS)
NLETS is an information sharing network. It is an interface to search each state’s criminal and driver records and the License Plate Reader (LPR) records going back one year maintained by the US Customs and Border Protection (CBP). The NLETS helps a law enforcement agency in one state to search for someone’s criminal and driver records in another state. NLETS potentially serves as a better tool to search for minor misdemeanors and traffic violations that would not be in the National Crime Information Center.
National Crime Information Center (NCIC) Network
NCIC is a computerized database of documented criminal justice information available to virtually every law enforcement agency nationwide throughout the year. NCIC start operating on 1967 with the goal of assisting law enforcement in apprehending fugitives and locating stolen property. This goal has expanded to include locating missing persons and further protecting law enforcement personnel and the public. The NCIC database currently consists of 21 files: 7 files containing records of stolen articles and another 14 files containing person files.
10.0 REFERENCE
William S. Hopwood, Jay J. Leiner, George R. Young, Forensic Accounting and Fraud Examination “Fraud Examination Evidence 3; Forensic Science and Computer Forensic”, Books, page 325-348.
Forensic Computer Investigation. (2014). Issue in Computer Forensic (Sonia). Retrieved 23 October 2014 from http://www.cse.scu.edu.
Forensic Computer Investigation. (2014). The Challenges Facing Computer Forensics Investigators (David W. Bennett). Retrieved 23 October 14 from http://articles.forensicfocus.comWord count : 4993
FORENSIC ACCOUNTING AND FRAUD EXAMINATION
EAB30603
PREPARED FOR:
MOHD DANIEL AFIQ BIN KHAMAR TAZILAH
PREPARED BY:
NAME ID
NURUL NAJWA BT ISA
SITI SUHAILAH BT MOHD ASHIF
NUR AMIRAH BT TAHIR
SUZILAWATI BT AHMAD MOORTHY
NUR AMNINA BT AMERAI KHAN
SHARIFAH NORHATIQAH BT ABDUL WAHAB 62288113182
62288212286
62288212145
62288212062
62288212350
62288113212
BACHELOR IN ACCOUNTANCY (HONS)
DATE OF SUBMISSION:
29th OCTOBER 2014
TABLE OF CONTENT
CONTENT PAGE NUMBER
Introduction
Definition of Forensic Science
Forensic science are important to forensic accountant
Majors players in forensic investigating actions
Criminalists
Forensic scientists
Crime labs
FBI Labs
4.4.1 Computer Analysis and Responses Team (CART)
4.4.2 Evidence Response Teams (ERTs) 4.4.3 Questioned Documents Unit 4.4.4 Investigative and Prosecutive Graphics Unit 4.4.5 Racketeering Records Unit
Forensic evidence
How it is used to identify suspects and criminals
5.1.1 DNA Fingerprint
5.1.2 Hair
5.1.3 Blood Test
Testimonial Evidence
Investigatory tools in forensic science
Computer science
Major issues in a forensic computer investigation
Issues facing computer forensic
7.1.1 technical issues
7.1.2 legal issues
7.1.3 administrative issues
Step in forensic investigation of computers
Law enforcement databases and networks
National Integrated Ballistics Information Network (NIBIN)
Combined DNA Index System (CODIS)
Automated Fingerprint identification System (IAFIS)
National DNA Index System (NDIS)
National Law Enforcement Telecommunications Systems (NLETS)
National Crime Information Center (NCIC) Network
Reference 1.0 INTRODUCTION
World is the area where human need to live and survive for our life. A technological revolution in communications and information exchange has taken place within business, industry, and our homes. In this information technology age, the needs of law enforcement are changing as well. Some traditional crimes, especially those concerning finance and commerce, continue to be upgraded technologically. Paper trails have become electronic trails. Crimes associated with the theft and manipulations of data are detected daily. Crimes of violence also are not immune to the effects of the information age. By knowing how to solve it by using forensic science and computer forensics are very important.
Fraud Examination Evidence in Forensic Science and Computer Forensics is generally contains Forensic Science and Computer Forensics. Forensics is the term given to an investigation of a crime using scientific means. It is also used as the name of the application of scientific knowledge to legal matters. Forensic science covers many areas of traditional science and melds them together to create an area of science called forensics. Forensic science uses areas of science such as Chemistry, Biology and Physical Science. When a crime is committed and the forensic team is called in, there are many experts who cover their specialized fields. Although all these people could be considered forensic scientists, they have specific areas that they work in.
According to Ryan Purita, “Computer forensics is the application of analytical techniques on digital media after a computer security incident has occurred. Its goal is to identify exactly what happened on a digital system and who was responsible through a structured, investigative approach. Forensic investigations cover all areas of computer misuse, including fraud, Internet and e-mail abuse, entry to pornographic Web sites, and hacking, as well as accidental deletions or alterations of data.” Computer forensics is the practice of collecting, analyzing and reporting on digital data in a way that is legally admissible. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. Computer forensics follows a similar process to other forensic disciplines, and faces similar issues. It also is used to conduct investigations into computer related incidents, whether the incident is an external intrusion into your system, internal fraud, or staff breaching your security policy. The computer forensic method to be used is determined by the company’s management.
There are few areas of crime or dispute where computer forensics cannot be applied. Law enforcement agencies have been among the earliest and heaviest users of computer forensics and consequently have often been at the forefront of developments in the field.
Computers may constitute a ‘scene of a crime’, for example with hacking or denial of service attacks or they may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking. It is not just the content of emails, documents and other files which may be of interest to investigators but also the ‘metadata’ associated with those files. A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions. More recently, commercial organizations have used computer forensics to their benefit in a variety of cases such as intellectual property theft, industrial espionage, employment disputes, fraud investigations, forgeries and bankruptcy investigations.
2.0 DEFINITION OF FORENSIC ACCOUNTING
Forensic science is the application of science to legal matters. One of the earliest applications of forensic science dates back to the 7th century when fingerprints on loan documents were used to prove debtors identities. Since that time, forensic science has become much more sophisticated, especially with the explosion of scientific knowledge in the 20th century.
Forensic science has numerous branches, has many of which are important to forensic accounting. Some forensic science branches are shown as below.
Forensic science specialist Primary focus
Forensic ballistics Firearms
Computer forensic Computer technology
Criminalistics Collection, processing, and analysis of crime scene evidence
Dactylography Fingerprints
Forensic anthropology Human skeleton
Forensic engineering Material products, structures, and components that either fail to operate or do not operate properly
Forensic entomology Insects as they relate to identifying the time and location of death
Forensic evidence Any physical thing than can be used as evidence in a legal proceeding
Forensic genetics DNA analysis to identify subjects
Forensic identification Object identification from trace evidence
Forensic odontology Dental evidence to identify bite marks and dead bodies
3.0 FORENSIC SCIENCES ARE IMPORTANT TO FORENSIC ACCOUNTANT
The specialty areas of particular interest to forensic accounting include computer forensics, criminalistics, dactylography, forensic evidence, forensic identification, and forensic, forensic psychology/psychiatry, and information forensics. The other specialties are also of interest but apply more to murders, armed robberies and so on, than to forensic accounting.
4.0 MAJOR PLAYERS IN FORENSIC INVESTIGATIONS
Forensic science investigations involve various types of forensic specialists. These include criminalists, forensic scientists and crime labs.
4.1. Criminalists
Criminalists are crime scene technicians or investigators who specialize in finding, collecting and preserving physical evidence at crime scene. The typical criminalist has a college degree with substantial coursework in areas such as biology, chemistry and physics. Some colleges and universities offer specialized degree programs in criminalistics.
Criminalists are especially good at performing certain activities, such as collecting blood, DNA, fingerprints, footprints, trace evidence and so on, in homicide cases. However, these types of evidence are often only peripherally important in financial and computer related crimes, although fingerprints are discussed later.
Some criminalists have special training in computer and information systems, which becoming more important as computer criminals become more sophisticated. In the absence of a specially trained criminalist, law enforcement officer are likely to seize computer using standard search warrant procedures.
In some cases, traditional criminalists and specialist work together at the time crime scene. For example, an arsonist might burn a building to cover up a financial crime in which case both arson investigators and computer specialized criminalists need to work together.
4.2 Forensic Scientists
A forensic scientist tends to work in laboratory rather than at crime scenes. Furthermore, a forensic scientist focuses on interpreting evidence gathered by criminalists although some experienced criminalist develops interpretive skills. Forensic scientist tends to have graduate degrees, and some have doctorate degrees in areas such as genetics, biology, and chemistry. Forensic scientists specializing in information technology may have graduate degrees in computer science.
Criminalists generally work at the beginning of cases, forensic scientists typically work at the end of cases, and they are the individuals who normally give expert testimony in the courtroom.
4.3. Crime Labs
The United States has hundreds of crime labs. Approximately 80 percent of them are affiliated with a police agency. The better labs are accredited by one of the main accrediting organizations such as the American Society of Crime Laboratory Directors or the National Forensic Science Technology Center. Specializes labs can receive additional accreditation.
At the state level, a crime lab typically includes a single parent lab and several regional labs. This ensures that in most cases a nearby crime lab is available for all law enforcement jurisdictions.
The typical crime lab has five divisions or departments: serology, unknown’s substances, trace evidence, ballistics and fingerprints.
4.4 FBI Labs
The FBI lab, which is much more sophisticated than a typical state lab, provides lab and related forensic services in the following areas:
Chemistry
Combined DNA index system (CODIS)
Computer analysis and response team (CART)
DNA analysis
Evidence response team (ERT)
Explosives
Firearms and tool marks
Forensic audio, video and image analysis
Forensic science training.
Hazardous material response
Investigative and prosecutive graphics
Latent prints
Materials analysis
Questioned documents
Racketeering records
Special photographic analysis
Of special interest to the forensic accountant are the computer analysis and response team (CART), evidence response team (ERT), questioned documents unit, investigative and prosecutive graphics, and racketeering records. Each of these is discussed in the following sections.
4.4.1 Computer Analysis and Response Team (CART)
CART consists of a group of individuals who are highly trained in information technology and networking. Included in the group are forensic computer examiners with expertise in nine areas:
Content- determining the content of computer files
Comparison- comparing the content of computer files to known reference files and or documents.
Transaction- determining the exact time and sequence in which files were created or modified.
Extraction- extracting data from computer storage.
Detection- recovering deleted data files.
Format conversion- covering data from one format to another.
Keyword searching- finding data (possibly in deleted data files) that contain keywords or phrases of interest.
Password recovery- finding or recovering passwords that have been used to encrypt files or that limit investigators access to important IT resources.
Limited sources code- studying computer programs to identify processing steps that can be of interest to investigators.
4.4.2 Evidence Response Teams (ERTs)
ERTs are groups of FBI special agents who focus on evidence recovery. They are experts in the latest techniques for finding and collecting evidence. ERTs normally include a team leader and six additional support specialists, including an evidence custodian, sketch preparer, photographer, evidence log recorder, evidence collector/processor, and specialist such as bomb, technician or forensic anthropologist.
4.4.3 Questioned Documents Unit
The questioned documents unit examines paper documents, surface impressions on paper document, and other type of surface impressions such as shoeprints and tire tread impressions. Documents examination typically involves comparing questioned documents with other types of evidentiary materials. Examiners also evaluate the characteristics of the documents themselves, including watermark and safety fibers. The unit is capable of evaluating many types of paper surface impressions, including those originating from handwriting, typewriting, printing and hand printing. The unit also analyzes typewriter/ printer ribbons, photocopiers, faxes, graphic arts and plastic bags. Various databases are maintained within the unit, including the anonymous letter file, bank robbery note file, national fraudulent check file, watermark file, and shoeprint file.
4.4.4 Investigative and Prosecutive Graphics Unit
This unit specializes in crime scene survey and documentation, forensic facial imaging, and demonstrative evidence. Demonstrative evidence is generally of the most interest to financial investigations. In regard to this evidence, the unit provides charts, maps, diagrams, link analyses flow and check kite charts, time lines and technical renderings, of course accountant are also very skilled in providing graphics.
4.4.5 Racketeering Records Unit
This unit contains four subunits: gambling, drug, money laundering, and cryptanalysis. Each of which specializes in the examination of financial, property, taxation, real estate and other types of records relating to specific types of crimes. The gambling subunit focuses not only on gambling records but also on the examination of records relating to support bookmaking, loan, sharking; prostitution, illegal lottery, video gambling machines, and internet gambling. The drug subunit examines record relating to illegal drug trafficking operations. The money laundering subunit examines financial records relating to all areas including international terrorism. Finally, the cryptanalysis subunit ‘breaks’ coded message found in the letter, email message, diaries and financial records often used by organizes crime and gang members, prison inmates and terrorist groups.
5.0 FORENSIC EVIDENCE
Evidence usable in a court, specially the one obtained by scientific methods such as ballistic, blood test, and DNA test.Evidence is crucial for ruling out suspects, finding criminals and proving their guilt. Many criminals go to great lengths to cover up their crime and leave no feasible trace of evidence, but major advances in forensics and investigation practices have made it possible to dig up various types of evidence that are admissible in court and bring police closer to catching criminals.
5.1 How it is used to identify suspects and criminals
We can identify the evidence by using DNA fingerprints, hair or blood test.
5.1.1 DNA fingerprints
This process is used as one means of identification when an attacker or assailant has left some kind of bodily fluid or blood at the scene of crime and when no visual identification is possible. Fingerprints are the most incriminating types of evidence used in criminal cases because it’s one of the most reliable forms of identification.
5.1.2 Hair
This kind of evidence that can bring police near to the criminal. Forensic scientists may have better chance at testing the DNA if the hair follicle and still intact.
5.1.3 Blood test
Blood is an incriminating type of evidence for various reasons. DNA can be extracted from blood to find a criminal and blood type can be analyzed to help rule out suspects.
There is more of evidence that we can use to prove the suspects and criminals have involve in criminal scene. The ways they solve evidence must be real and have been approve to take the evidence to the court.
6.0 TESTIMONIAL EVIDENCE
A witness who is qualified as an expert by knowledge, skill, experience, training, or education may testify in the form of an opinion or otherwise if there are
The expert’s scientific, technical, or other specialized knowledge will help the Trier of fact to understand the evidence or to determine a fact in issue. The testimony is based on sufficient facts or data.
The testimony is the product of reliable principles and methods.
The expert has reliably applied the principles and methods to the facts of the case.
The specific requirements for a technique or theory to be considered scientific such the technique or theory has been subjected to scientific testing, has been published in peer-reviewed scientific journals, the error rate for the technique is reasonably estimated or known and also the theory is accepted in the relevant scientific community. It a lies only in federal courts and in those states that have adopted. Some court may rigorously apply the entire requirement to prevent possible problem with appeals
Such as case the Supreme Court Kumho Rire Co. V. Carmicheal, the court made mandatory a Daubert determination in all cases involving expert testimony and refine the flexible requirement by indicating that they should not necessarily be applied to all forms of expert testimony with the same but should applied strictly only to forms for which their strict application is possible.
So Daubert determination is normally in a “mini-trial” held before judge but outside the presence of the jury. The judge rules on whether the witness qualifies as an expert and can represent a given body of evidence as being scientific and who is not permitted to present the evidence as being scientific may still be permitted to introduced it as personal expect opinion.
The court will accept as scientific evidence is an ongoing open question but some courts accept a given method while others reject it. Besides that, they can reverse themselves at any time because scientific knowledge and method are constantly changing and new arguments can be made and witness is prepared to argue that the method employed meet the Daubert test. Use the combination of the Daubert and Frye test; others use some version of the Frye test.
6.1 Investigatory tools in forensic science
Forensic science can be used not only to collect court-admissible evidence but also as an investigatory tool. Some investigatory tools:
Brain printing
Monitors the pattern of the subject’s brain activity with special instruments while showing her a photo. The pattern of brain activity is then used to determine whether the subject is familiar with the content of the photo.
Biometrics
Identifying persons by physical characteristics is under development. Computers are being used to identify people by the irises in their eyes, the shapes of their ears, their “voice prints,” and so on. Video biometrics is becoming especially important as police continue to place video cameras in more and more public locations.
Profiling
Being developed and used today. Organized crime groups could be identified by mathematical, structural analyses of social networks. Profiles of criminals including their age, marital status, education, living community, income, personality factors, and so on there are being developed and used to solve various crimes.
Data mining
Using artificial intelligence to analyze large volumes of data by considering the relationships between individual data items.6.2 Computer Forensic
The computer forensics involves applying computer science techniques to assist in investigations relating to a wide range of legal matters.
Computer forensic specialists are typically called on to study computers and computer networks to discover and preserve computer-related evidence and to achieve objectives in the following three areas: Identify the perpetrator(s) of a crime or other type of malfeasance, locate and recover data, files, or e-mail messages relating to a crime or civil matter and reconstruct damaged databases and files.
7.0 MAJOR ISSUES IN A FORENSIC COMPUTER INVESTIGATION
A Computer Forensic Investigation generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorized access or not.
7.1 Issues facing computer forensics
The issues facing computer forensics examiners can be broken down into three broad categories: technical, legal and administrative.
7.1.1 Technical issues
Encryption
Encrypted data can be impossible to view without the correct key or password. Examiners should consider that the key or password may be stored elsewhere on the computer or on another computer which the suspect has had access to. It could also reside in the volatile memory of a computer which is usually lost on computer shut-down, another reason to consider using live acquisition techniques, as outlined above.
Increasing storage space
Storage media hold ever greater amounts of data, which for the examiner means that their analysis computers need to have sufficient processing power and available storage capacity to efficiently deal with searching and analyzing large amounts of data.
New technologies
Computing is a continually evolving field, with new hardware, software and operating systems emerging constantly. No single computer forensic examiner can be an expert on all areas, though they may frequently be expected to analyze something which they haven’t previously encountered. In order to deal with this situation, the examiner should be prepared and able to test and experiment with the behavior of new technologies. Networking and sharing knowledge with other computer forensic examiners is very useful in this respect as it’s likely someone else has already come across the same issue.
Anti-forensics
Anti-forensics is the practice of attempting to thwart computer forensic analysis. This may include encryption, the over-writing of data to make it unrecoverable, the modification of files’ metadata and file obfuscation (disguising files). As with encryption, the evidence that such methods have been used may be stored elsewhere on the computer or on another computer which the suspect has had access to. In our experience, it is very rare to see anti-forensics tools used correctly and frequently enough to totally obscure either their presence or the presence of the evidence that they were used to hide.
7.1.2 Legal issues
Legal issues may confuse or distract from a computer examiner’s findings. An example here would be the ‘Trojan Defence’. A Trojan is a piece of computer code disguised as something benign but which carries a hidden and malicious purpose. Trojans have many uses, and include key-logging), uploading and downloading of files and installation of viruses. A lawyer may be able to argue that actions on a computer were not carried out by a user but were automated by a Trojan without the user’s knowledge; such a Trojan Defence has been successfully used even when no trace of a Trojan or other malicious code was found on the suspect’s computer. In such cases, a competent opposing lawyer, supplied with evidence from a competent computer forensic analyst, should be able to dismiss such an argument. A good examiner will have identified and addressed possible arguments from the “opposition” while carrying out the analysis and in writing their report.
7.1.3 Administrative issues
Accepted standards
There are a plethora of standards and guidelines in computer forensics, few of which appear to be universally accepted. The reasons for this include: standard-setting bodies being tied to particular legislations; standards being aimed either at law enforcement or commercial forensics but not at both; the authors of such standards not being accepted by their peers; or high joining fees for professional bodies dissuading practitioners from participating.
Fit to practice
In many jurisdictions there is no qualifying body to check the competence and integrity of computer forensics professionals. In such cases anyone may present themselves as a computer forensic expert, which may result in computer forensic examinations of questionable quality and a negative view of the profession as a whole.
8.0 STEP IN FORENSIC INVESTIGATION OF COMPUTERS
There are eight steps in order to do forensic investigation of computers. The forensic professional must follow this procedure in dealing with computer that can gather evidence.
The first step is size up the situation. In order to size up the situation, the forensic professional firstly must ask some questions to solve the problems. For example, “What type of incident is being investigated? Who are likely perpetrators, and how sophisticated are they?” The way is answered will affect how the investigator proceeds. The perpetrators will have the largest impact on the approach taken based on the seriousness of the matter. If the matter already known to be serious, consideration should be given to immediately restricting access to the suspected computers and relevant areas, and the issue should be discussed with law enforcement authorities, who could bring in criminalists to process the crime scene.
The second step is logging every detail. The forensic professional should keep an accurate log of every step followed. It should contain precise details, including names, dates, times, and computer serial numbers.
The third step is conducting the initial survey. Anything that relevant to the investigation, the forensic professional must immediately secure the site. For example, any offices and computers need to be secure in conducting the initial survey. They also need to secure any computer servers, videos security camera recordings, computerized phone records, centralized email databases and others. This action is to restrict access to it to those participating in the investigation. All investigators need to wear plastic gloves during the investigation to avoid damaging possible evidence. Items that already been collected should be placed in tamper-proof evidence bags.
The fourth step is access the possibility of ongoing undesirable activity. The forensic professional can also install a packet sniffer if there still involved some crime during the investigation. According to Andy O'Donnell stated that “Packet sniffer is tools that are commonly used by network technicians to diagnose network-related problems. Packet sniffers can also be used by hackers for less than noble purposes such as spying on network user traffic and collecting passwords.” Another alternative is remote keyboard logging or monitoring software. This software can record and sent to a private web site all internet activity on a surveilled computer which includes incoming and outgoing email, chat sessions and web browser activity. The computer could contain some type of active Trojan horse, worm, virus, spyware or others that involved in sending out spam or spreading itself to other computers even they have already install the software. Therefore, the investigator can be we need to immediately unplug or disconnect the computer from the network to avoid the virus spread and hackers can access the information without we realized.
The fifth step is power down. If the subject computer is already off, it should not be turned on. If it is on, some minimal work must be done before shutting down the machine. It is much safer if shut down a machine than to do any work on it. There is a situation when we just need to unplug the internet itself and unplug the computer. If the computer already unplug, it is better for forensic investigator from touch it and switch on back because the possibility of data damage is high because he can be charged into it. Once the professional forensic starts working on the machine, data can be lost, and the investigator becomes responsible for the machine’s status. The forensic professional must carefully logged about the information such as list of all processes that running on the system, the locations of their related programs, and any characteristic information available about them like priority, memory size, related processes, and CPU utilization. After investigator list down all the programs in the computer, then he can shut down the machine down. This is because it will applicable when they use late-version system, majority is stored on RAM therefore they need to do a backup first.
The sixth step is check for booby traps. The forensic professional must consider the possibility that the system may has booby traps once it is opened. The booby trap is a device that can destroy the internal system of the computer. Therefore, the forensic professional should use a fiber optic probe to examine the computer’s internal contents.
The seventh step is the investigator must duplicate the hard drive or other permanent unit. The investigator should photograph its inside and remove the hard drive and log its make, model and serial number, when the computer is open. It should be placed in a sealed evidence bag. The next following step is the hard drive’s serial number should be documented in the notes. The forensic investigator must duplicate the hard drive using a system guaranteed. The duplication system should independently generate a checksum for both original and duplicate disk.
The last step that should be taken by the forensic professional is analyzing the hard drive. The drive can be placed in a machine and then booted. Booting is to explore it without concern for changing its contents and to verify any findings using second duplicate copy that was not booted. There are some alternative sources for data recovery. It is a good practice to consider checking out computers belonging to individuals in the perpetrator’s email address book. Some files or documents actually have already secure with password done by the forensic professional; eventually the sophisticated perpetrators are possible to have encrypted files with elaborate encryption techniques. The examiner should investigate the system and individual program log files for example who accessed the computer, when, what software are used in order to secure the system. Secondly, identify individuals in a network environment. One of the best ways to track the hacker is through his IP address or known as Internet Protocol address. Margeret Rouse defined the Internet Protocol (IP) is “the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one IP address that uniquely identifies it from all other computers on the Internet.” When the subject’s IP address has been identified, investigator can identify the hacker’s information. Unfortunately, majority of the hackers used a fake IP address so that they are not able detected. They hide their IPs by communicating through proxy server.
9.0 LAW ENFORCEMENT DATABASES AND NETWORKS
In order to help the investigations, some of the professionals’ law enforcement can access too many databases.
National Integrated Ballistics Information Network (NIBIN)
NIBIN Program automates ballistics evaluations and provides actionable investigative leads in a timely manner. NIBIN is the only interstate automated ballistic imaging network in operation in the United States and is available to most major population centers in the United States. Prior to the NIBIN Program, firearms examiners performed this process manually which was extremely labor intensive. To use NIBIN, firearms examiners or technicians enter cartridge casing evidence into the Integrated Ballistic Identification System. These images are correlated against the database. Law enforcement can search against evidence from their jurisdiction, neighboring ones, and others across the country. This program is one investigative tool accessed by law enforcement that allows each of us to share information and cooperation easily making all of us more effective in closing cases.
Combined DNA Index System (CODIS)
CODIS are the FBI program that allowed forensic DNA laboratories to create and search databases of DNA profiles. The Federal DNA Identification Act of 1994 authorized the FBI to create CODIS and set national standards for forensic DNA testing. CODIS became fully operational in 1998. CODIS databases exist at the local (LDIS), STATE (SDID), and national levels (NDIS). This tiered architecture allows crime laboratories to control their own data, enabling each laboratory to decide which profiles it will share with the rest of the country. CODIS contain an index of convicted offender and arrestee profiles. These profiles are developed from biological samples submitted when an individual is arrested for or convicted of statutorily specified crimes. Each state has different qualifying offences, and there are requirements for entering the profiles into the local, state or national database. When biological evidence is collected from a crime scene or victim, a DNA profile of a suspect may be developed. This “forensic unknown profile” can be compared to profiles in the convicted offender and arrestee index.
Automated Fingerprint identification System (IAFIS)
IAFIS is a national automated fingerprint identification and criminal history system maintained by the FBI. IAFIS provides automated fingerprints and responses. IAFIS is the largest biometric database in the world. Employment background checks and legitimate firearms purchases cause citizens to be permanently recorded in the system. For instance, the State of Washington mandates that all applicants seeking employment in an inpatient setting that houses vulnerable minors are fingerprinted and entered in to IAFIS as part of their background check in order to determine if the applicant has any record of criminal behavior. Law enforcement agencies then can request a search in IAFIS to identify crime scene fingerprints obtained during criminal investigations.
National DNA Index System (NDIS)
NDIS is one part of CODIS that containing the DNA profiles contributed by federal, state and local participating forensic laboratories. NDIS was implemented in October 1998. The DNA Identification Act of 1994 authorized the establishment of this DNA index. The Act specifies the categories of data that may be maintained in NDIS as well as requirements for participating laboratories relating to quality assurance, privacy and expungements
National Law Enforcement Telecommunications Systems (NLETS)
NLETS is an information sharing network. It is an interface to search each state’s criminal and driver records and the License Plate Reader (LPR) records going back one year maintained by the US Customs and Border Protection (CBP). The NLETS helps a law enforcement agency in one state to search for someone’s criminal and driver records in another state. NLETS potentially serves as a better tool to search for minor misdemeanors and traffic violations that would not be in the National Crime Information Center.
National Crime Information Center (NCIC) Network
NCIC is a computerized database of documented criminal justice information available to virtually every law enforcement agency nationwide throughout the year. NCIC start operating on 1967 with the goal of assisting law enforcement in apprehending fugitives and locating stolen property. This goal has expanded to include locating missing persons and further protecting law enforcement personnel and the public. The NCIC database currently consists of 21 files: 7 files containing records of stolen articles and another 14 files containing person files.
10.0 REFERENCE
William S. Hopwood, Jay J. Leiner, George R. Young, Forensic Accounting and Fraud Examination “Fraud Examination Evidence 3; Forensic Science and Computer Forensic”, Books, page 325-348.
Forensic Computer Investigation. (2014). Issue in Computer Forensic (Sonia). Retrieved 23 October 2014 from http://www.cse.scu.edu.
Forensic Computer Investigation. (2014). The Challenges Facing Computer Forensics Investigators (David W. Bennett). Retrieved 23 October 14 from http://articles.forensicfocus.comWord count : 4993
You May Also Find These Documents Helpful
-
When I think of the term ‘Law’ I visualize a sense of order, control, a dominion controlled by rules, which are enforced by individuals appointed with a general authority. The definition of the term law varies slightly but may be broad dependent due to the many variations and use of law. One definition of Law is defined as “a body of rules of action or conduct prescribed by controlling authority, and having legal binding force (Melvin, 2011). In this paper we will discuss the functions and role of law in business and society.…
- 992 Words
- 4 Pages
Good Essays -
This class session explores cyberspace legal issues and relevant laws. It also presents principles of e-contract and cybercrime. It discusses various IT methods and strategies to handle cyberspace legal requirements.…
- 149 Words
- 1 Page
Satisfactory Essays -
The fact is that domestic law has nothing to do with international law and companies should be ready to face any issue that could appear. The second week material offered more information on how to handle international issues. The forum selection is the most important thing to do when trying to avoid future conflicts of law. Litigation and arbitration are the best options for organizations involved in international disputes. Legal advice or counseling is a useful resource that could help avoid confusions and setbacks in the future; it is always better to be…
- 1256 Words
- 6 Pages
Better Essays -
In today’s business environment there is no exact definition of law. Law is a set of rules, standards and principles that outlines the behavior we practice in business. The legal system is a major institution that assists us in defining acceptable social behavior. Laws limit the activities that are not in the best interest of the public. All people have different values and desire different things in life laws act as a way to dispute resolution. Laws play a role in maintaining honesty and integrity in a social environment. The legal system is a tool used to implement changes in acceptable behavior. Laws and courts have many purposes in today’s business environment for example consumer protection, employee protection, environmental protection, and taxation.…
- 743 Words
- 2 Pages
Good Essays -
References: * Hart, J. D. (2007). Internet law: A field guide (p. 750). Washington, D.C.: BNA Books.…
- 952 Words
- 4 Pages
Good Essays -
80. As courts decide cases involving the Internet and new kinds of issues not addressed previously, what role, if any, does precedent play? What role should it play? What difficulties could arise?…
- 394 Words
- 2 Pages
Good Essays -
D 1. D1. Describe the expected stage of social development of children aged 4 years.…
- 519 Words
- 3 Pages
Satisfactory Essays -
In the past recent years, the US has experienced major tragedy from gun violence. The Century movie theater shooting which resulted in killing of 20 people and injuring 58 others. There was Clackamas Town Center shooting in Oregon which a gunman open fire with an AR-15 semiautomatic rifle killing two people and injuring two others. The most horrific shooting was the notorious Sandy Hook Elementary school shooting, which resulted in the in the death of 26 people from a man with a high powered rifle. These past shootings has now caused a debate over gun control in the US. President Obama has now recently called a on a ban on Assault weapons and other high capicty magazine. The definition of an assault weapon is considered to be a gun that can hold more then 10 bullets or a gun with a pistol grip. The right to bare arms is constantly being compromised. A ban on assault weapons is outrageous, and unconstitutional. The United States founders made this country because they wanted to get away from laws like this. Assault weapons should not be banned in the US for sever reasons.…
- 809 Words
- 4 Pages
Good Essays -
Law. The Symposium took place in London on June 14–15, 2012. The research in this…
- 19561 Words
- 79 Pages
Better Essays -
world as far as laws governing the global world of the Internet. Paul F. Burton,…
- 2163 Words
- 9 Pages
Powerful Essays -
A. Become familiar with the use of the WEKA workbench to invoke several different machine learning schemes.…
- 2191 Words
- 10 Pages
Good Essays -
Cyber law India as an organization has been active since late 1990’s in India. Cyber law India was responsible for conducting various programmers directing at creating more awareness about the needs for Cyber law in India. The Information Technology Bill 1999 when presented in Parliament was appropriately analyzed at Cyber law India. Mr. Pavan Duggal, President, Cyber law India, was responsible for demonstrating various draw backs and lacuna of the said legislation. After the passage of the Indian Information Technology Act 2000, Cyber law India was engaged in initiatives, programmes and events that were targeting at creating more awareness amongst the relevant stake holders about the Indian Cyber law namely the Information Technology Act 2000, its salient features and how the said law impacts their day to day operation. Cyber law India has been in the forefront of creating more…
- 4036 Words
- 17 Pages
Powerful Essays -
Thank you, jurists and masters of law for the expression of your ideas, thoughts and immense amount of knowledge in the form of the various books, articles and opinions. Without all of this, it would have been a herculean task for me to complete this project.…
- 4504 Words
- 19 Pages
Powerful Essays -
Cyberlaw is a new phenomenon having emerged much after the onset of Internet. Internet grew in a completely unplanned and unregulated manner. Even the inventors of Internet could not have really anticipated the scope and far reaching consequences of cyberspace. The growth rate of cyberspace has been enormous. Internet is growing rapidly and with the population of Internet doubling roughly every 100 days, Cyberspace is becoming the new preferred environment of the world.With the spontaneous and almost phenomenal growth of cyberspace, new and ticklish issues relating to various legal aspects of cyberspace began cropping up. In response to the absolutely complex and newly emerging legal issues relating to cyberspace, CYBERLAW or the law of Internet came into being. The growth of Cyberspace has resulted in the development of a new and highly specialised branch of law called CYBERLAWS- LAWS OF THE INTERNET AND THE WORLD WIDE WEB.…
- 1515 Words
- 7 Pages
Powerful Essays -
Globalization and digital convergence in the emerging knowledge society has raised complex ethical, legal and societal issues. We are faced with complex and difficult questions regarding the freedom of expression, access to information, the right to privacy, intellectual property rights, and cultural diversity. ICT is an instrumental need of all humans for the gathering of information and knowledge, and as such, should be guaranteed as a basic right to all human beings. All over the world, rights that are already legally recognised are daily being violated, whether in the name of economic advancement, political stability, religious causes, the campaign against terrorism, or for personal greed and interests. Violations of these rights have created new problems in human social systems, such as the digital divide, cybercrime, digital security and privacy concerns, all of which have affected people’s lives either directly or indirectly. It is important that the countries of the Asia-Pacific region come up with an assessment of the situation, followed by guidelines for action to combat the incidence of malicious attacks on the confidentiality, integrity and availability of electronic data and systems, computer-related crimes, such as forgery and fraud, content related offenses, such as those related to child pornography, and violations of intellectual property rights (IPRs). Further, threats to critical infrastructure and national interests arising from the use of the internet for criminal and terrorist activities are of growing concern after the September 11 incident. The harm…
- 27608 Words
- 111 Pages
Powerful Essays