dfm covers
 
 

Investigating Data Theft with Stochastic Forensics

Written by DFM Team


Investigating Data Theft with Stochastic Forensics

A new approach to forensics lets you reconstruct activity, even if it leaves no artifacts.


You must find out if Roger walked off with our data.” This mandate, handed to me by my (very nervous) client, was all I had to work with as I walked into my office Monday morning. My client, a large company headquartered in Manhattan, was very concerned about Roger (not his real name), a high level employee who had recently been forced to leave the company. Days after Roger’s ousting, rumors began to circulate that, before leaving, he walked off with data which was potentially very, very damaging to them; damaging enough to put them into a fit of panic. My task was to find out of if these rumors were true.

Insider data theft is much harder to forensically investigate than external penetrations. External penetrations leave the digital equivalent of broken windows, which all good forensics experts know how to identify. Insider data theft, however, often leaves no traces: the insider is authorized to use the data, routinely using it every day. Whether they’re stealing it or just using it to do their job, their access is, from the computer’s perspective, technically indistinguishable. Copying a file is a routine operation, forensically similar to simply reading it. Indeed, as I did my background research for this case, I saw that all experts had agreed: copying files on a standard Windows system leaves no artifacts. I was faced with one question: Is forensics possible when no artifacts are left behind?



Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Cyber Attack, Cyber Crime, Cyber Warfare - Cyber Complacency

Mark Osbourne's latest book covers all things Cyber. All proceeds from the book go to charity.

Meet the Authors

Scott C. Zimmerman

Scott C. Zimmerman is a CISSP qualified Information Security consultant and presenter

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 24 on sale from August 2015:


BitCoin Targeted Phishing
This feature article is all about BitCoin and a Phishing attack. The article will explain what Bitcoin is and how this phishing attack was targeted at BitCoin. Read More »

Dealing with the ‘Unknown Unknowns’ of Intelligence Data
The article will address how intelligence agencies can use data more effectively to predict and model crime. Read More »

Subscribe today


Finding the relevant artefact in visual content
Jan Willem Klerkx explains how the University of Amsterdam solved the problem of finding relevant artefacts in pictures in an effective way. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue