Advertisement

Methodology and Tools of IS Audit and Computer Forensics – The Common Denominator

  • Magdalena Szeżyńska
  • Ewa Huebner
  • Derek Bem
  • Chun Ruan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)

Abstract

Information system audit and computer forensics each developed its own set of standards based on a separate discipline of knowledge. In this paper we analyse the tools and methodology used by IS auditors and computer forensic experts in the contemporary world, with the focus on emerging similarities between their needs and goals. We demonstrate the benefits which could be derived from the increased convergence of tools and methodology used in both areas, and we discuss possible modifications to existing tools and methodology to fulfill this goal.

Keywords

IS audit guidelines computer forensics tools IS audit tools 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    CNSS: National Information Assurance Glossary. The Committee on National Security Systems (2006)Google Scholar
  2. 2.
    McKemmish, R.: Report No. 118: What is Forensic Computing? In: Trends & Issues in Crime And Criminal Justice. Australian Institute of Criminology (1999)Google Scholar
  3. 3.
    Hinson, G.: Top Information Security Risks for 2008, CISSP Forum (2007), http://www.iso27001security.com/ (accessed October 6, 2008)
  4. 4.
    Solms, B.v.: Information Security governance: COBIT or ISO 17799 or both? Computers & Security 24, 99–104 (2005)CrossRefGoogle Scholar
  5. 5.
    ISACA: IS Standards, Guidelines and Procedures for Auditing and Control Professionals (2008), http://www.isaca.org/AMTemplate.cfm?Section=Standards2&Template=/ContentManagement/ContentDisplay.cfm&ContentID=39354 (accessed December 15, 2007)
  6. 6.
    ISO/IEC TR 18044: Information security incident management, ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) (2004) Google Scholar
  7. 7.
    SKAPP: Daubert:The Most Influential Supreme Court Ruling You’ve Never Heard Of. In: The Project on Scientific Knowledge and Public Policy. Tellus Institute (2003) Google Scholar
  8. 8.
    Mandia, K., Prosie, C., Pepe, M.: Incident Response & Computer Forensics, 2nd edn. McGraw-Hill/Osborne, Emeryville (2003)Google Scholar
  9. 9.
    RFC 3227: Guidelines for Evidence Collection and Archiving, Internet RFC/STD/FYI/BCP Archives (2002), http://www.faqs.org/rfcs/rfc3227.html (accessed April 14, 2008)
  10. 10.
    ISACA: Control Objectives for Information and related Technology (COBIT®) (2008), http://www.isaca.org/ (accessed February 15, 2008)
  11. 11.
    Farmer, D., Venema, W.: The Coroner’s Toolkit (TCT) (2008), www.porcupine.org/forensics/tct.html (accessed March 10, 2008)
  12. 12.
    Carrier, B.: The Sleuth Kit (2007), http://www.sleuthkit.org/sleuthkit/desc.php (accessed February 10, 2007)
  13. 13.
    Remote-Exploit.org (2007), http://www.remote-exploit.org (accessed February 2, 2008)
  14. 14.
    Inside Security, I.T.: Consulting GmbH (2007), http://www.inside-security.de/ (accessed March 13, 2008)
  15. 15.
    E-fense: The HELIX Live CD Page (2007), http://www.e-fense.com/helix/ (accessed February 9, 2007)
  16. 16.
    Digital Evidence & Forensic Toolkit DEF (2007), http://deft.yourside.it (accessed, November 30, 2007)
  17. 17.
    EnCase® Forensic Modules (2007), http://www.guidancesoftware.com/products/ef_modules.asp (accessed January 25, 2007)
  18. 18.
    ProDiscover Technology Pathways (2007), http://www.techpathways.com/ (accessed January 2, 2008)
  19. 19.
    Access Data Forensic Toolkit ® 2.0 (2008), http://www.accessdata.com/Products/ftk2test.aspx (accessed April 14, 2008)
  20. 20.
    X-Ways Forensics: Integrated Computer Forensics Software (2008), http://www.x-ways.net/forensics/ (accessed February 5, 2008)
  21. 21.
    Paraben Corporation (2008), www.paraben-forensics.com (accessed January 12, 2008)
  22. 22.
    NTI Software Suites (2008), http://www.forensics-intl.com/ (accessed February 12, 2008)
  23. 23.
    Tenable Network Security, Inc. (2008), http://www.nessus.org/ (accessed April 14, 2008)
  24. 24.
    The Metasploit Project (2008), http://www.metasploit.org (accessed December 15, 2007)
  25. 25.
    Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources (2007), http://nmap.org/ (accessed December 10, 2007)
  26. 26.
    Security Auditor’s Research Assistant (SARA), Advanced Research Corporation® (2008), http://www-arc.com/sara/ (accessed March 4, 2008)
  27. 27.
    eEye Digital Security, http://www.eeye.com/html/products/retina/ (accessed April 10, 2008)
  28. 28.
    GFI Software (2008) http://www.gfi.com/lannetscan/ (accessed April 12, 2008)
  29. 29.
    IBM Internet Security Systems (2007), http://www.iss.net (accessed April 8, 2008)
  30. 30.
  31. 31.
    Bem, D.: Open Source Virtual Environments in Computer Forensics. In: Proceedings of the 1st Workshop on Open Source Software for Computer and Network Forensics, Milan, pp. 1–13 (2008)Google Scholar
  32. 32.
    Buchholz, F., Spafford, E.H.: Run-time label propagation for forensic audit data. Computers & Security 26, 496–513 (2007)CrossRefGoogle Scholar
  33. 33.
    Huebner, E., Henskens, F.: The Role of Operating System in Computer Forensics. ACM SIGOPS Operating Systems Review 42(3), 1–3 (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Magdalena Szeżyńska
    • 1
  • Ewa Huebner
    • 2
  • Derek Bem
    • 2
  • Chun Ruan
    • 2
  1. 1.Faculty of Electronics and ITWarsaw University of TechnologyPoland
  2. 2.School of Computing and MathematicsUniversity of Western SydneyPenrith SouthAustralia

Personalised recommendations