Electronic Discovery (eDiscovery): Performing the Early Stages of the Enron Investigation

Eric M. Negangard; Rebecca G. Fay

doi:10.2308/issues-16-064

Electronic Discovery (eDiscovery): Performing the Early Stages of the Enron Investigation

Issues in Accounting Education ◽

10.2308/issues-16-064 ◽

2019 ◽

Vol 35 (1) ◽

pp. 43-58

Author(s):

Eric M. Negangard ◽

Rebecca G. Fay

Keyword(s):

Electronic Communication ◽

Reference Model ◽

Preliminary Investigation ◽

Unstructured Data ◽

Digital Evidence ◽

Forensic Investigation ◽

Early Stages ◽

Electronic Discovery ◽

Tools And Techniques ◽

Digital Search

ABSTRACT A good investigator, whether it be in the context of an audit or a forensic investigation, recognizes the evidentiary value of digital evidence and can harness its power. The following instructional case introduces students to how digital evidence is incorporated into a forensic accounting investigation and challenges them to learn electronic discovery (eDiscovery) tools and techniques. While performing the early stages of the investigation at Enron, students gain exposure to the electronic discovery reference model (EDRM), learn the differences between structured and unstructured data, and deploy various digital search strategies. After performing their preliminary investigation, students are asked to “scope” the remainder of the investigation by creating a detailed workplan. At the conclusion of the case, students are encouraged to reflect upon their own methods of electronic communication. This encourages students to think before digitizing (and therefore memorializing) their next thought, statement, or action.

Download Full-text

Comparative Study and Analysis on Integrity of Data Files Using Different Tools and Techniques

Journal of Information Security and Cybercrimes Research ◽

10.26735/symq8715 ◽

2021 ◽

Vol 4 (1) ◽

pp. 43-54

Author(s):

Kumarshankar Raychaudhuri ◽

M. George Christopher ◽

Nayeem Abbas Hamdani

Keyword(s):

Comparative Study ◽

Data File ◽

Digital Evidence ◽

Forensic Investigation ◽

Digital Devices ◽

Sample Data ◽

Chain Of Custody ◽

Data Files ◽

Forensic Tools ◽

Tools And Techniques

Digital forensic investigation is the scientific process of collection, preservation, examination, analysis, documentation and presentation of digital evidence from digital devices, so that the evidence is in compliance with legal terms and acceptable in a court of law. Integrity of the digital evidence is an indispensable part of the investigation process and should be preserved to maintain the chain of custody. This is done through hashing technique using standardized forensic tools. However, while handling the evidences , lack of knowledge might lead to unintentional alteration of computed hash. This violates the chain of custody and makes the evidence inadmissible in a court of law. In this paper, our objective is to determine the different conditions under which the original hash value of a digital evidence changes. For this, we create different scenarios using sample data files and compute their hash values. A comparative study and analysis are done to determine in which scenario the original hash value of the data file changes. The results of the research will prove useful and essential for Criminal Justice Functionaries in gaining knowledge about various conditions leading to the change in hash value of digital evidence and therefore, avoid its accidental alteration during forensic investigation/examination.

Download Full-text

Electronic Discovery (E-Discovery)

Cyber Security Auditing, Assurance, and Awareness Through CSAM and CATRAM - Advances in Digital Crime, Forensics, and Cyber Terrorism ◽

10.4018/978-1-7998-4162-3.ch004 ◽

2021 ◽

pp. 69-83

Keyword(s):

Social Networks ◽

Big Data ◽

Information Systems ◽

Business Intelligence ◽

Reference Model ◽

Historical Background ◽

Bring Your Own Device ◽

Digital Evidence ◽

Computer Tools ◽

Electronic Discovery

The objective of this chapter is to review the concept of electronic discovery(e-discovery) paying special attention to the legally established procedures for consideration as digital evidence, to the computer tools developed for obtaining them, as well as to the historical background that frame its origin. The authors review techniques and functionalities associated with advanced information systems and describe the possibilities and limits for the evaluation and exploitation of electronic discoveries in the cloud, in social networks, as well as in bring your own device (BYOD), big data, or business intelligence settings. It also includes a review of the reference frameworks, standards, and resources associated with the EDRM model (electronic discovery reference model).

Download Full-text

Evidencia digital y técnicas y herramientas de auditoría asistidas por computador [Digital evidence and Computer Assisted Audit Tools and Techniques]

Ventana informatica ◽

10.30554/ventanainform.26.142.2012 ◽

2013 ◽

Author(s):

Francisco Javier Valencia Duque ◽

Johnny Alexander Tamayo Arias

Keyword(s):

Digital Evidence ◽

Computer Assisted ◽

Exploratory Research ◽

Information And Communications Technologies ◽

Audit Process ◽

Electronic Evidence ◽

Palabras Clave ◽

Level Of Use ◽

Communications Technologies ◽

Tools And Techniques

Resumen La evidencia, es la esencia del proceso auditor, demostrado implícita y explícitamente en las definiciones formales de auditoría; sin embargo con la adopción intensiva de las Tecnologías de Información y Comunicaciones en las organizaciones, la evidencia digital, se ha convertido en un tema clave para la competitividad de los auditores. Este artículo desarrolla una investigación exploratoria acerca de la evidencia tradicional y digital, con énfasis en esta última, asociada a las Técnicas y Herramientas de Auditoría Asistidas por Computador, explorando sus conceptos, tipologías, normas y estándares; además de intentar establecer su nivel de uso tomando como referencia estudios desarrollados en el ámbito internacional. Los resultados de esta indagación llevan a concluir que el tratamiento de la evidencia digital, y su obtención a través de Técnicas y Herramientas de Auditoría Asistidas por computador no son nuevas y han sido objeto de estudio por parte de las principales entidades relacionadas con la disciplina de la auditoría, destacándose en los estudios de nivel de uso, la tendencia a indagar sobre las Herramientas de Auditoría y con un fuerte énfasis en el software generalizado de auditoría, más que en las técnicas de auditoría asistidas por computador propiamente dichas. Palabras clave Evidencia, Evidencia digital, Evidencia electrónica, TAAC, Técnicas de auditoría. Abstract The evidence is the essence of the audit process, implicitly and explicitly demonstrated in the formal definitions of audit, but the intensive adoption of Information and Communications Technologies in organizations, the digital evidence, has become a key issue for competitiveness of the auditors. This paper develops an exploratory research on traditional and digital evidence, with emphasis on the latter, associated with Techniques and Tools Computer Assisted Audit, exploring the concepts, types, rules and standards in addition to trying to establish their level of use reference to studies carried out internationally. The results of this investigation lead us to conclude that the processing of digital evidence, and obtaining through Techniques and Tools Computer Assisted Audit are not new and have been studied by the main entities involved in the discipline of the audit, highlighting the use of level studies, the tendency to investigate audit Tools with a strong emphasis on generalized audit software, rather than on technical computer-assisted audit themselves.KeywordsEvidence, Digital Evidence, Electronic Evidence, CAATT, Audit Techniques.

Download Full-text

A Framework for the Forensic Investigation of Unstructured Email Relationship Data

International Journal of Digital Crime and Forensics ◽

10.4018/jdcf.2011070101 ◽

2011 ◽

Vol 3 (3) ◽

pp. 1-18 ◽

Cited By ~ 11

Author(s):

John Haggerty ◽

Alexander J. Karran ◽

David J. Lamb ◽

Mark Taylor

Keyword(s):

Forensic Analysis ◽

Structured Data ◽

Unstructured Data ◽

Forensic Investigation ◽

Qualitative Information ◽

Data Set ◽

Analysis Techniques ◽

Potential Sources ◽

Network Identification ◽

Digital Investigation

The continued reliance on email communications ensures that it remains a major source of evidence during a digital investigation. Emails comprise both structured and unstructured data. Structured data provides qualitative information to the forensics examiner and is typically viewed through existing tools. Unstructured data is more complex as it comprises information associated with social networks, such as relationships within the network, identification of key actors and power relations, and there are currently no standardised tools for its forensic analysis. This paper posits a framework for the forensic investigation of email data. In particular, it focuses on the triage and analysis of unstructured data to identify key actors and relationships within an email network. This paper demonstrates the applicability of the approach by applying relevant stages of the framework to the Enron email corpus. The paper illustrates the advantage of triaging this data to identify (and discount) actors and potential sources of further evidence. It then applies social network analysis techniques to key actors within the data set. This paper posits that visualisation of unstructured data can greatly aid the examiner in their analysis of evidence discovered during an investigation.

Download Full-text

A Cyber Crime Investigation Model Based on Case Characteristics

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2017100104 ◽

2017 ◽

Vol 9 (4) ◽

pp. 40-47

Author(s):

Zhi Jun Liu

Keyword(s):

Case Analysis ◽

Digital Evidence ◽

Cyber Crime ◽

Legal Requirements ◽

Model Based ◽

Early Stages ◽

Investigation Area ◽

Crime Investigation ◽

Digital Investigation ◽

Case Characteristics

In the early stages of the digital investigation of cyber crime, digital evidence is inadequate, decentralized and fragmented. Cyber crime investigation model based on case characteristics is presented in this paper, to help determine investigation orientation and reduce investigation area. Firstly, purifying and filtering the digital evidence collected, classification and acquirement of event sets are accomplished. Secondly, a method of imperfect induction is applied to analyze the event sets and construct one or more premises, and combining with the case characteristics extracted from the legal requirements, inference and its reliability are given. Finally, through a case analysis of network pyramid sales, the initial practice shows the model is feasible and has a consulting value with cyber crime investigation.

Download Full-text

Forensic investigation and analysis on digital evidence discovery through physical acquisition on smartphone

2015 World Congress on Internet Security (WorldCIS) ◽

10.1109/worldcis.2015.7359429 ◽

2015 ◽

Cited By ~ 3

Author(s):

Taniza Binti Tajuddin ◽

Azizah Abd Manaf

Keyword(s):

Digital Evidence ◽

Forensic Investigation

Download Full-text

Predictions of Thermal and Hydrodynamic Characteristics of a Single Circular Micro-Jet Impinging on a Flat Plate

Volume 4: Heat Transfer, Parts A and B ◽

10.1115/gt2008-50490 ◽

2008 ◽

Cited By ~ 1

Author(s):

Marcel Le´on De Paz ◽

B. A. Jubran

Keyword(s):

Heat Transfer ◽

Reynolds Number ◽

Flat Plate ◽

Reference Model ◽

Preliminary Investigation ◽

Jet Impingement ◽

Hydrodynamic Characteristics ◽

Transfer Rates ◽

Impingement Cooling ◽

3 Dimensional

Jet impingement cooling remains one of the key methods in various high-end cooling applications as it can induce higher heat transfer rates. The objective of this preliminary investigation is to shed some light on micro-impingement cooling and assess the accuracy for a future 3-dimensional turbine blade model. For the purpose of this study, several micro-jet impingement cases are modeled in Gambit and iterated with Fluent. The reference model consists of a single 500μm cylindrical nozzle impinging on a constant temperature flat plate. Conducive results were found on the effects of turbulence model, Reynolds number, and H/D ratio for the Nusselt distribution on the flat plate. The Reynolds numbers iterated were: 2000, 3000, 4000, 5000, and 6000. The different H/D ratios modeled were: 6, 5, 4, 3, 2, 1. In general, it was observed that a higher Reynolds number increased the heat transfer on the plate, but the jet to target spacing had no significant impact on it. All results were validated via comparison with several published experimental data, the deviation margins indicated a good agreement.

Download Full-text

A Metode Offline Forensik Untuk Analisis Digital Artefak Pada TOR Browser Di Sistem Operasi Linux

JITU : Journal Informatic Technology And Communication ◽

10.36596/jitu.v4i2.345 ◽

2020 ◽

Vol 4 (2) ◽

pp. 41-51

Author(s):

Wisnu Sanjaya ◽

Bambang Sugiantoro ◽

Yudi Prayudi

Keyword(s):

Operating System ◽

Operating Systems ◽

Rapid Development ◽

Digital Evidence ◽

Forensic Investigation ◽

User Privacy ◽

Web Browser ◽

Digital Footprint ◽

Technology Products ◽

The Creation

The rapid development of the IT world has covered all aspects of life and among IT technology products is the creation of Operating Systems and Web browser applications. Privacy in the use of IT in the open era is now highly expected, therefore now widely developed Operating Systems and Web browser applications that have facilities to protect user privacy. Linux and TOR Browser is a combination that is widely used in the field of security, but unfortunately many are misused by the person in a crime. The motivation to use both is to eliminate or minimize the digital footprint of the browsing activity so that it will complicate the search of digital evidence in a crime. This research proposes a framework of stages for TOR Browser analysis in Linux Operating System which aims to provide solution in forensic investigation using offline forensic method. The use of offline forensic methods to obtain detailed information from a digital proof on a computer in a off state

Download Full-text

Holistic Analytics of Digital Artifacts

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.20210901.oa5 ◽

2021 ◽

Vol 13 (5) ◽

pp. 78-100

Author(s):

Ashok Kumar Mohan ◽

Sethumadhavan Madathil ◽

Lakshmy K. V.

Keyword(s):

Digital Evidence ◽

Forensic Investigation ◽

Association Model ◽

Digital Devices ◽

Digital Forensic ◽

Unique Mapping ◽

Metadata Association ◽

Almost All ◽

Mapping Models ◽

Unique Association

Investigation of every crime scene with digital evidence is predominantly required in identifying almost all atomic files behind the scenes that have been intentionally scrubbed out. Apart from the data generated across digital devices and the use of diverse technology that slows down the traditional digital forensic investigation strategies. Dynamically scrutinizing the concealed or sparse metadata matches from the less frequent archives of evidence spread across heterogeneous sources and finding their association with other artifacts across the collection is still a horrendous task for the investigators. The effort of this article via unique pockets (UP), unique groups (UG), and unique association (UA) model is to address the exclusive challenges mixed up in identifying incoherent associations that are buried well within the meager metadata field-value pairs. Both the existing similarity models and proposed unique mapping models are verified by the unique metadata association model.

Download Full-text

Concept of Digital Evidence, Current Status and Its Role in the Evidentiary Process

Juridical Science and Practice ◽

10.25205/2542-0410-2019-15-4-55-60 ◽

2020 ◽

Vol 15 (4) ◽

pp. 55-60

Author(s):

A. Yu. Cherdantsev

Keyword(s):

Russian Federation ◽

Preliminary Investigation ◽

Legal Regulation ◽

Current Status ◽

Digital Evidence ◽

Criminal Proceedings ◽

Criminal Cases ◽

Significant Information ◽

Current State ◽

The Russian Federation

The article analyzes the international current state of the concept of digital evidence, its meaning, types and role in the process of proving in criminal cases in the practical activities of the preliminary investigation bodies of the Russian Federation, considers some problems arising in law enforcement practice, suggests the author's classification of modern digital traces, studies and compares international practice governing the practical application of digital evidence, their concept and content. The problem of gaps in the legal regulation of digital evidence is considered, as well as the possibility of introducing amendments to the current legislation concerning the legal recognition of digital evidence along with traditional types of evidence, as well as the regulation of the use of digital evidence in criminal proceedings, and a proposal is made to introduce a number of amendments to the current legislation of the Russian Federation, where it is necessary to secure definitions of digital evidence, thus legalizing it, stating in the following re At the same time, it is noted that there is no need to introduce a separate article to regulate digital (electronic) evidences, because it is rather difficult to determine the volume of digital (electronic) evidences (digital criminally significant information), at least because there is no unanimity in this respect and there was no unanimity, besides, due to the dynamic development of electronics, including personal ones, this norm quickly lost its relevance and required amendments, creating a certain gap in legal regulation, which is more complicated.

Download Full-text