Calm before the storm: the challenges of cloud computing in digital forensics

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed

Automating Vendor Fraud Detection in Enterprise Systems

Fraud is a multi-billion dollar industry that continues to grow annually. Many organizations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper, we adopt a DesignScience methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated by developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of this study are: (a) automating routine data analytics improves auditor productivity and reduces time taken to identify potential fraud; and (b) visualizations assist in promptly identifying potentially fraudulent user activities. The study makes the following contributions: (a) a model for proactive fraud detection; (b) methods for visualizing user activities in transaction data; and (c) a stand-alone Monitoring and Control Layer (MCL) based prototype

Automating Vendor Fraud Detection in Enterprise Systems

Fraud is a multi-billion dollar industry that continues to grow annually. Many organisations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper we adopt a Design-Science methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated be developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of this study are: i) automating routine data analytics improves auditor productivity and reduces time taken to identify potential fraud, and ii) visualisations assist in promptly identifying potentially fraudulent user activities. The study makes the following contributions: i) a model for proactive fraud detection, ii) methods for visualising user activities in transaction data, iii) a stand-alone MCL-based prototype.</p

Machine Learning Aided Static Malware Analysis: A Survey and Tutorial

Malware analysis and detection techniques have been evolving during the last decade as a reflection to development of different malware techniques to evade network-based and host-based security protections. The fast growth in variety and number of malware species made it very difficult for forensics investigators to provide an on time response. Therefore, Machine Learning (ML) aided malware analysis became a necessity to automate different aspects of static and dynamic malware investigation. We believe that machine learning aided static analysis can be used as a methodological approach in technical Cyber Threats Intelligence (CTI) rather than resource-consuming dynamic malware analysis that has been thoroughly studied before. In this paper, we address this research gap by conducting an in-depth survey of different machine learning methods for classification of static characteristics of 32-bit malicious Portable Executable (PE32) Windows files and develop taxonomy for better understanding of these techniques. Afterwards, we offer a tutorial on how different machine learning techniques can be utilized in extraction and analysis of a variety of static characteristic of PE binaries and evaluate accuracy and practical generalization of these techniques. Finally, the results of experimental study of all the method using common data was given to demonstrate the accuracy and complexity. This paper may serve as a stepping stone for future researchers in cross-disciplinary field of machine learning aided malware forensics.Comment: 37 Page

Developing a Forensic Continuous Audit Model

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as an effective tool to support the audit function, meet management’s regulatory objectives, and to combat fraud. An approach to developing such a system is presented

Developing a Forensic Continuous Audit Model

Despite increased attention to internal controls and risk assessment, traditional audit approaches do not seem to be highly effective in uncovering the majority of frauds. Less than 20 percent of all occupational frauds are uncovered by auditors. Forensic accounting has recognized the need for automated approaches to fraud analysis yet research has not examined the benefits of forensic continuous auditing as a method to detect and deter corporate fraud. The purpose of this paper is to show how such an approach is possible. A model is presented that supports the acceptance of forensic continuous auditing by auditors and management as an effective tool to support the audit function, meet management’s regulatory objectives, and to combat fraud. An approach to developing such a system is presented