1 / 46

Grover Kearns, Ph.D., CPA, CFE, CITP

Computer Forensics for Accountants. Additional Materials. Grover Kearns, Ph.D., CPA, CFE, CITP. File Signatures in Hex. Corrupt the File Shift Left or Right. Hex editors allow you to shift bits right or left Result? The file looks like garbage. To view file, reverse the process.

vianca
Télécharger la présentation

Grover Kearns, Ph.D., CPA, CFE, CITP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Forensics for Accountants Additional Materials • Grover Kearns, Ph.D., CPA, CFE, CITP

  2. File Signatures in Hex

  3. Corrupt the FileShift Left or Right • Hex editors allow you to shift bits right or left • Result? The file looks like garbage. • To view file, reverse the process.

  4. Beat File Signature Analysis • Anti-forensic approach to stop EnCase and similar tools from identifying file types. • Change the file extension. • Use hex editor to alter the file signature • MZ for executable files

  5. Hide Files in Open Sight • First change the file signature • Second change the file extension • Example: plan.doc becomes plan.jpg

  6. In the hex editor the hex values 42 4D is the signature for a bitmap file. These can easily be changed to another value such as D0 CF 11 E0 for a .doc file.

  7. Hibernate Mode

  8. Hibernate or Sleep?

  9. Hibernate or Sleep?

  10. Timestomp.exe Freeware that allows time stamps to be altered. This code will change the file creation to 10/8/2005. timestomp.exe c:\test.txt -z "Saturday 10/08/2005 2:02:02 PM" timestomp.exe c:\test.txt -a "Saturday 10/08/2005 2:02:02 PM"

  11. Changing Time Stamp

  12. Computers are Obedient – They Do What They are Told • Everything is represented in 1’s and 0’s • The bytes are interpreted according to user instructions • The bytes may represent numbers, dates, text, colors, sounds, etc. • Representation may also depend on hardware such as audio cards, video cards, etc.

  13. Dates in Excel

  14. Obfuscation: Simple Hiding Technique

  15. Assumed Trust

  16. Top 10 Social Networking Websites 1. Facebook 2. YouTube 3. Twitter 4. Squidoo 5. Hubpages 6. MySpace 7. LinkedIn 8. Classmates 9. Xanga 10. Weebly

  17. Facebook – Can You Do This? My middle name __________, my age ___, my favorite soda _______, my birthday ___/___/___, whose the love of my life ______, my best friend _____, my favorite color ______, my eye color _______, my hair color ______ my favorite food ________ and my mom's name __________. Put this as your status and see who knows you best.

  18. Your friend [Name here] just answered a question about you! Was it possible that an old friend answered a question about me that I needed to "unlock?" Absolutely. When you click on the link, the next screen should give you pause: 21 Questions is requesting permission to ... (a) access your name, profile picture, gender, networks, user ID, friends and any other information shared with everyone ... (b) send you email ... (c) post to your wall ... and ... (d) access your data any time ... regardless of whether or not you're using their application.

  19. Look at the video I found of you! LOL. Big Problems in One Click Banned Lady Gaga Video!

  20. We’re Stuck! (and 5 Things Never to Post) • You or Your Family's Full Birth Dates • Your Relationship Status • Your Current Location • The Fact That You Are Home Alone • Pictures of Your Kids Tagged With Their Names

  21. Secret Crush

  22. Meet Sophie Draufster • Born on Facebook and LinkedIn in 2010 • Purpose: Social engineering of executives at large consulting firms • Facebook Friends: 105 • LinkedIn Requests: 133 • Divulging of PII: 73 • Date Requests: 33

  23. Spear Phishing • Like phishing but targeted to a specific person or group using personalized information that lends credibility. • Typically diverts to a spoofed web page requesting PII, card numbers, etc. • May request clicking link that downloads malware.

  24. Linked-In and Spearphishing • Cybercriminals datamine LinkedIn for information about companies and employees. • That information is used to launch spearphishing attacks. • Corporate directories also exist online, providing a wealth of information for spearphishers. • Malicious LinkedIn invitation reminders redirect you to a webpage that installs malware onto your computer. If you click, hackers can potentially steal your confidential data.

  25. Top 5 Social Media Security Threats • Lack of a social media policy • Your employees • Social networking sites • Social engineering • Mobile apps

  26. Should We Block SN Sites? • “Allowing access to social network sites influences user behavior in a way that increases corporate risk.” Chris Poulin, Chief Security Officer at Q1 Labs • There is no need to block access to social network sites. The risks can be easily addressed and the downsides of blocking are greater than potential problems. Shel Holtz, Principal of Holtz Communication + Technology • One study shows 54% of U.S. companies restrict employees from visiting sites like Facebook, Twitter and LinkedIn.

  27. Social Networking Headlines • Hackers hijack Obama's, Britney's Twitter accounts • Twitter wrestles with multiple worm attacks • Phishers, viruses target Facebook users • Twitter/Google Apps hack raises questions about cloud security • High-profile organizations ban Facebook, Twitter • Twitter victimized by distributed denial-of-service attack • Facebook shuts down Beacon program, donates $9.5 million to settle lawsuit • Facebook unveils controversial new privacy settings

  28. Seven Most Lethal Social Networks Hacks 1. Impersonation and targeted personal attacks 2. Spam and bot infections 3. WeaponizedOpenSocial and other social networking applications 4. Crossover of personal to professional online presence 5. XSS, CSRF attacks 6. Identity theft 7. Corporate espionage

  29. Common Social Media Policies • Be transparent • Be connected • Be thoughtful • Strive for accuracy • Do not mix personal with business • Think twice before posting

  30. Social Networking Policy “Employees are forbidden from using social networks to post or display comments about co-workers, supervisors that are vulgar, obscene, threatening, harassing, or a violation of Company XYZ’s policies on discrimination or harassment.” “Employees may not use social networks to disclose any confidential or proprietary information about Company XYZ or its employees, customers or business partners.” “Employees should refrain from speaking on behalf of Company XYZ when not authorized.”

  31. Social Networking Policy (cont.) • Display a warning banner on all systems • Policy should state that company has right to inspect all computers on-site at will without notice • Policy should include employee’s own computer, cell phone, briefcase, purses, etc.

  32. Are Passwords Effective • Not always. Strong passwords are difficult to impossible to crack • Social engineering attacks are effective against strong passwords • Companies should have and enforce a strong password policy. • Companies should train employees to social engineering attacks.

  33. Online Information About You • Name(s) • Address • Phone • Birthdate • Spouse • Children • High School • Workplace • Education • Relatives Names • Pets Names • Criminal History • Email Address • SSN (?)

  34. Card Readers: Is Your PII Safe? SIM SD Mag Stripe Smart Card Guide to Computer Forensics and Investigations 37

  35. Not on Windows 8!

  36. Bring your system back from the dead!

  37. Next … • More hacks and theft of PII and IP • Social engineering combined with hacks • Office 2013 safer • BYOD • Cloud Computing • XBRL • Need for extensive employee training

  38. Even reasonable intelligent people make mistakes!

  39. Even reasonable intelligent people make mistakes!How much will those mistakes cost your organization?

  40. Grover Kearns, Ph.D., CPA, CFE, CITP Gregory, Sharer & Stuart Term Professor in Forensic Accounting gkearns@usfsp.edu

More Related