For this specific case, I would need forensic tools that allow me to conduct an efficient incident investigation. The two main software I would use for this forensic investigation case are EnCase by Guidance Software and the Forensic Toolkit by AccessData which both provide hard drive imaging, graphics searching, keyword searches, and MD5 & SHA checksums (Albrecht, n.d.). Other tools I would use including FTK Imager, SANS Investigative Forensic Toolkit, Helix 3 Pro, Volatility, PTK, COFEE, and other specialized tools for this investigation (Tabona, 2013).
- EnCase: can be used for e-Discovery and analytics.
- FTK Imager: use to inspect documents, files, and folders that are stored on hard drives.
- Volatility: can be used to extract digital …show more content…
One of the best reasons why the use of data mining technique is vital in the investigation is that it provides the investigator (myself) a timeline of all events including when irregularities started to occur. For example, I might verify in the year of 2014 and earlier, there may have no peculiar transactions. However, starting from 2014 to present date, I might find various financial transactions or exchanges that appear to be fraud in nature. Therefore, I can start reviewing data from all assets starting from 2014. This search should include inspecting the AMS financial records going from 3 to 5 years. During this time, I will look for any significant changes or any suspicious activities in the marketing and accounts receivable departments.
Verification
One of the steps in the digital forensic investigation is verification step. The verification step is to check an incident has occurred and to discover the size and extent of the occurrence (Rocha, 2014). In AMS situation, this is impractical in any case. As AMS hired me to discover a skimming operation that they think is happening I should check that there is an inconsistency amongst marketing department and accounts receivable.
In proceeding this check, I need to have a good understanding how the marketing department and account receivable operate
- EnCase: can be used for e-Discovery and analytics.
- FTK Imager: use to inspect documents, files, and folders that are stored on hard drives.
- Volatility: can be used to extract digital …show more content…
One of the best reasons why the use of data mining technique is vital in the investigation is that it provides the investigator (myself) a timeline of all events including when irregularities started to occur. For example, I might verify in the year of 2014 and earlier, there may have no peculiar transactions. However, starting from 2014 to present date, I might find various financial transactions or exchanges that appear to be fraud in nature. Therefore, I can start reviewing data from all assets starting from 2014. This search should include inspecting the AMS financial records going from 3 to 5 years. During this time, I will look for any significant changes or any suspicious activities in the marketing and accounts receivable departments.
Verification
One of the steps in the digital forensic investigation is verification step. The verification step is to check an incident has occurred and to discover the size and extent of the occurrence (Rocha, 2014). In AMS situation, this is impractical in any case. As AMS hired me to discover a skimming operation that they think is happening I should check that there is an inconsistency amongst marketing department and accounts receivable.
In proceeding this check, I need to have a good understanding how the marketing department and account receivable operate