Improving forensic software tool performance in detecting fraud for financial statements

The use of computer forensics is important for forensic accounting practice because most accounting information is in digital forms today. The access to evidence is increasingly more complex and in far greater volumes than in previous decades. The effective and efficient means of detecting fraud are required for the public to maintain their confidence in the reliability of accounting audit and the reputation of accounting firms. The software tools used by forensic accounting can be called into question. Many appear inadequate when faced with the complexity of fraud and there needs to be the development of automated and specialist problem-solving forensic software. In this paper we review the context of forensic accounting and the potential to develop improved support tools. The recommendation is for adopting financial ratio analysis as the basis for an improved fraud detection software

The utilization of forensic corpora in validation of data carving on sata drives/

The field of digital forensics has become more prevalent in the court of law due to the increase of availability of technology. With digital evidence coming up in court consistently, digital forensics and its tools are coming under scrutiny and being held against disciplines that are more standardized. Validation and Verification of tools is vital to maintaining the integrity of the evidence received by them. Utilizing standardized data sets, or forensic corpora, as a part of validation and verification techniques has shown to be effective. The goal of the study is to assess the use of forensic corpora in the validation and verification of one of the most commonly used digital tools

On the Scientific Maturity of Digital Forensics Research

In this paper we transfer a well-known grade schema of scientific maturity from the domain of software engineering into the domain of digital forensics research. On the basis of this maturity schema and its grades we classify the current state of maturity in the research field of digital forensics, and we argue for more efforts towards higher levels of scientificness in this still new field of research.http://link.springer.com/chapter/10.1007/978-3-642-41148-9_3mv201

Digitaalsete tõendite kogumise ja kasutamise perspektiivikus kriminaalmenetluses

http://www.ester.ee/record=b5143799*es

The Proceedings of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia

Conference Foreword This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, and I would like to take this opportunity to thank the conference committee for their tireless efforts in this regard. These efforts have included but not been limited to the reviewing and editing of the conference papers, and helping with the planning, organisation and execution of the conference. Particular thanks go to those international reviewers who took the time to review papers for the conference, irrespective of the fact that they are unable to attend this year. To our sponsors and supporters a vote of thanks for both the financial and moral support provided to the conference. Finally, to the student volunteers and staff of the ECU Security Research Institute, your efforts as always are appreciated and invaluable. Yours sincerely, Conference Chair Professor Craig Valli Director, Security Research Institut

A Framework for the Systematic Evaluation of Malware Forensic Tools

Following a series of high profile miscarriages of justice linked to questionable expert evidence, the post of the Forensic Science Regulator was created in 2008 with a remit to improve the standard of practitioner competences and forensic procedures. It has since moved to incorporate a greater level of scientific practice in these areas, as used in the production of expert evidence submitted to the UK Criminal Justice System. Accreditation to their codes of practice and conduct will become mandatory for all forensic practitioners by October 2017. A variety of challenges with expert evidence are explored and linked to a lack of a scientific methodology underpinning the processes followed. In particular, the research focuses upon investigations where malicious software (‘malware’) has been identified. A framework, called the ‘Malware Analysis Tool Evaluation Framework’ (MATEF), has been developed to address this lack of methodology to evaluate software tools used during investigations involving malware. A prototype implementation of the framework was used to evaluate two tools against a population of over 350,000 samples of malware. Analysis of the findings indicated that the choice of tool could impact on the number of artefacts observed in malware forensic investigations as well as identifying the optimal execution time for a given tool when observing malware artefacts. Three different measures were used to evaluate the framework. The first of these evaluated the framework against the requirements and determined that these were largely met. Where the requirements were not met these are attributed to matters either outside scope or the fledgling nature of the research. Another measure used to evaluate the framework was to consider its performance in terms of speed and resource utilisation. This identified scope for improvement in terms of the time to complete a test and the need for more economical use of disk space. Finally, the framework provides a scientific means to evaluate malware analysis tools, hence addressing the Research Question subject to the level at which ground truth is established. A number of contributions are produced as the output of this work. First there is confirmation for the case for a lack of trusted practice in the field of malware forensics. Second, the MATEF itself, as it facilitates the production of empirical evidence of a tool’s ability to detect malware artefacts. A third contribution is a set of requirements for establishing trusted practice in the use of malware artefact detection tools. Finally, empirical evidence that supports both the notion that the choice of tool can impact on the number of artefacts observed in malware forensic investigations as well as identifying the optimal execution time for a given tool when observing malware artefacts

Data recovery function testing for digital forensic tools

Many digital forensic tools used by investigators were not originally designed for forensic applications. Even in the case of tools created with the forensic process in mind, there is the issue of assuring their reliability and dependability. Given the nature of investigations and the fact that the data collected and analyzed by the tools must be presented as evidence, it is important that digital forensic tools be validated and verified before they are deployed. This paper engages a systematic description of the digital forensic discipline that is obtained by mapping its fundamental functions. The function mapping is used to construct a detailed function-oriented validation and verification framework for digital forensic tools. This paper focuses on the data recovery function. The data recovery requirements are specified and a reference set is presented to test forensic tools that implement the data recovery function.