Investigative Techniques –
Use of Technology in Forensic Accounting Investigation
Introduction
Agreeing to the statement that certain TV series like for example, crime scene investigation or the CSI does elevate the importance of technology to a ‘must have’ status in any forensic investigation. In reality technology plays several roles in assisting the forensic accounting investigation and those roles need to be supervised and managed in order to support the objectives of the investigation. Forensic investigation involves a wide range of careful monitoring, assessments and evaluations when it comes to most real, accurate process of investigation and implies to most risky and delicate crime scenarios calling for forensics to take charge of every possible steps that leads to crime resolutions and further comprehensive research in the areas of forensic studies. Technology brings in computer security as a form of defense against unauthorized and malicious intrusion and computer forensics allows for identification of incidents, gathering of evidence, analysis of evidence and potentially recovery of records as there has been multi-disciplinary and inter-disciplinary nature of computer forensics extends to records management. It is suggested in this paper that computer forensics and records management are compatible disciplines and areas of study (Rogers and Seigfried, 2004; Rogers, 2003).
Analysis and Discussion with Literature
There are rigorous process and procedure which need to be followed in the identification, collection and analysis of data as evidence as it is easy to contaminate suspicious situation by looking to see what’s wrong, by ignoring the principle, taken from forensic science, doing no harm and makes use of the fact that every action and transaction into the computer is recorded, usually to a “log file” which provides some list of transactions with important forensics information such as in time stamp. So, for example, if someone accesses ones record via personal computer, the transaction will be recorded with details of the record they accessed, what they did to the record, when they accessed and from where. Another task performs by computer based forensics does involve several examination and assessment of digital evidence. Computer evidence and digital evidence are like any other form of forensics evidence; in order to be valuable to an investigation the digital evidence must be: authentic, accurate, complete, have evidential integrity, be convincing to juries and conform with common law and legislative rules. Thus, technology related evidence is different to the formation of forensic evidence as the computer data changes moment by moment and computer data is invisible to the human eye. The evidence will be obtained reliably by following accepted legal procedures for seizure, imaging and storing as well as ensuring that evidential integrity is preserved always.
Aside, proponent Casey (2004, p. 322), have suggested that when considering sources of technology related evidence it is valuable to categorize computer forensic systems into the following ways:
- open computer systems, for example, the world wide web – the internet
- communication systems like, the presence of telephones, mobile phones and other communication devices
- embedded computer systems for instance, presence of useful chip in a car machinery
For the advantages linking to computer based forensics does accounts to ubiquitous nature of computing and information technology and the convenience associated with holding data, information and records electronically has the effect of making business, commerce, industry and society deeply dependent on the availability and accuracy of those systems. But on the pitfall, there denotes that as the dependency increases so does vulnerability in forensic centered systems have failures and can result into unauthorized access or attack another advantage, computer as one great tool for technology collaboration for forensic research can be used in storing and managing of records but, some of the records might become susceptible to unauthorized access, tampering, alteration, destruction and other potential misuse as issues raise potential records management problems in ensuring authenticity, reliability and integrity of records. The principles, techniques and tools of computer forensics can provide support for the records management environment in determining if any unauthorized transactions have taken place, obtaining digital evidence to indicate the nature of the transgression and help in the digital recovery and restoration of the original record when the record has been compromised.
Troell et al. (2003, p. 115) asserted that, “computer forensics is often associated with computer security and whilst there are synergies it is most appropriate to think of computer forensics and computer security being opposite sides of the same coin as computer forensics differs from computer security, the issue of securing computers against malicious attacks”. Computerized forensics does performs its tasks in a relative, effective assumption such as for example, serves as UAE corporate governance devise which have on records management (Barrett, 2005) also the concentration on technology resource preservation that supports UAE government systems, upon adhering to the Digital Preservation Coalition as being launched in the year 2002 as stated by Jones (2004). Computer forensics is much more than turning on computer, making a directory listing and searching through files.
Henceforth, in due to forensic investigations, concepts about evidential integrity is of a crucial factor as the principle requires that the material being examined must not be changed in any way and several researches that will contravene into the latter principle would render the evidence gathered in forensic investigation inadmissible in court or in such employment tribunal as applicable. Moreover, in order to mitigate certain pitfalls desirable steps are needed and it is in the following pointers, Turvey (2002, p. 765)
- Applicable for computer forensics analysis, the need to carefully preserve the original file or device because this is all the computer forensic expert has to work with and they have to be sure that they can prove that they have not contaminated or tampered with the evidence with integrity
- To ensure evidential integrity, any computer forensics investigation must begin with the creation of an exact image of the file or device and tools and techniques do facilitate the process; for example, write-blocker is used to ensure that the destination drive does not write back to the original source and every actions undertaken by computer forensic team need to be meticulously documented, therefore, creating records of the process
- To focus on application of computer forensics in the resolution of legal cases associated with criminal activity in computing or in employment tribunal related activities such as disciplinary cases of computer misuse in organizations
- To catch up good range of inappropriate activities digital records may be susceptible to, including unauthorized access, infecting records through distribution of viruses, denial of service attacks to even more sinister activities such as internet based terrorism
- Computer forensics tools and principles must be utilize as one better basis for auditing and monitoring records management, as well as aiding in the recovery of lost or damaged records
- The seizing of investigative opportunities, forensics investigation team will need continuing professional development in computer forensics as imperative that they should be knowledgeable about risks, governance, legal issues, trade imperatives and others so too should they be at least cognisant of principles and implications of computer forensics
- To be proactively working with IT and computer forensics colleagues and by which educators, trainers and records management professional bodies should take strong interest into
The courts acceptance of computerized forensics evidence depends on how the overall scene investigated are protected and the deepness of records keeping and management is served at all times without any suspicious alterations and utterances towards any material used and presented as upper hand evidence in court hearings and proceedings. The main role of technology in forensics involves easy access to convenience in finding out records and information to the highest level, gaining access to computer based files that is of importance in assuring the reliability, validity as well as effectiveness of CSI systems and its operations, technology happens to be found at the centre core as it aids in storing and keeping of confidential evidence to the crime scene, a tool that brings in effective channeling of communication, studying, interpreting and diagnosing what crime anatomy it has been on a situational basis, computer based forensics help in testing evidences on a higher continuum allowing in forensic investigative outcomes appropriate and desirable as possible, keeping in a better track of profiles and the needed back up information files for a possible archives of crime cases that are undergoing investigations, court hearings by some of well known forensic pathologists/psychologists as well as certain FBI, CIA and other crime organized groups for a possible cases.
Another essential role of technology is for records management as it implies to the exploration of forensic methods and techniques being associated with computer forensics. For instance, according to Irons (2006, p. 102), “the disciplines of records management and computer forensics are potentially mutually compatible. Computer forensics allows for identification of incidents, gathering of evidence, analysis of evidence and potentially recovery of records” and so forensic team and experts could utilize computer forensics principles to positively enhance records management and have valuable knowledge and expertise to share with the other computer forensics colleagues example, towards metadata expertise, functional requirements for electronic records management, recordkeeping systems design and implementation methodologies, digital preservation and retention management” (Irons 2006, p. 102).
In addition, proponents Wang, Cannady and Rosenbluth (2005, p. 119), believed in the “rapid advance in computer and network technology, computer-based electronic evidence has increasingly played an important role in the courtroom over the last decade”. Furthermore, they have also noted that “computer forensics implies to the growing discipline rooted in forensic science and computer security technology, focuses on acquiring electronic evidence from computer systems to prosecute computer crimes, national security threats, as well as computer abuse, as there loses a certain mystique as a technique used solely by law enforcement and intelligence agents, and has become popular and powerful application employed by corporations as deemed for civil disputes also for employee terminations and some proceedings relating to intellectual property” (Wang, Cannady and Rosenbluth 2005, p. 119).
The future of computer based forensics is clear as government, courts, organizations and others are placing ample emphasis on fact finding grounds in support to computer related forensic records upon guarding of some inadequate recordkeeping, ensuring in accuracy of forensic evidence records and the guarantee aspect that these are not being put into compromise as deemed important for the court to recognize. Computer forensics can help ensure that computer forensics provides support, backup and reassurance for forensic experts in performing in ideal role and tasking as well as the quest to ensure the ongoing accessibility and integrity of technology manifested knowledge and information. Smith (1999) has indicated that, technologies played an important role in daily activities of the society as benefits are derived for instance the UAE government can deliver e-services to CSI team also, Haugen and Selin (1999) did claim that computer crime is of perilous move to forensic research as of the present as computer based control is needed for prevention of abuses in investigations as it require forensic specialist for records construction and maintenance in assessing effective domains of the forensics.
Conclusion
Therefore, presence and usability of technology is imperative, a vital tool to any forensic accounting investigation and recognizing technology roles adheres to the successful epitome of forensic investigation. The technology applied for forensics has the obligation to verify evidence, assessing if evidences of crime is valid and reliable proof of determining crime to understand legal proceedings and be aware of the legal standards in valuable presence of technology advancements. The application of computer forensics in record keeping as well as its assumed management will require that some principles adheres to the preservations of imperative integrity of the record for example records in complete stature yet unaltered. Indeed, computer based forensic evidence engaged in creating tools and techniques are ideally crucial in identifying as well as tracing of any legitimate additions, alterations/annotations to record which user made them from which machine and what the alteration is about and ensuring integrity of record.
References
Rogers, M.K., Seigfried, K. (2004). The future of computer forensics: a needs analysis survey, Computers and Security, Vol. 23 pp.12-16.
Credit:ivythesis.typepad.com
0 comments:
Post a Comment