dfm covers
 
 

Investigating Data Theft with Stochastic Forensics

Written by DFM Team


Investigating Data Theft with Stochastic Forensics

A new approach to forensics lets you reconstruct activity, even if it leaves no artifacts.


You must find out if Roger walked off with our data.” This mandate, handed to me by my (very nervous) client, was all I had to work with as I walked into my office Monday morning. My client, a large company headquartered in Manhattan, was very concerned about Roger (not his real name), a high level employee who had recently been forced to leave the company. Days after Roger’s ousting, rumors began to circulate that, before leaving, he walked off with data which was potentially very, very damaging to them; damaging enough to put them into a fit of panic. My task was to find out of if these rumors were true.

Insider data theft is much harder to forensically investigate than external penetrations. External penetrations leave the digital equivalent of broken windows, which all good forensics experts know how to identify. Insider data theft, however, often leaves no traces: the insider is authorized to use the data, routinely using it every day. Whether they’re stealing it or just using it to do their job, their access is, from the computer’s perspective, technically indistinguishable. Copying a file is a routine operation, forensically similar to simply reading it. Indeed, as I did my background research for this case, I saw that all experts had agreed: copying files on a standard Windows system leaves no artifacts. I was faced with one question: Is forensics possible when no artifacts are left behind?



Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

George Bailey

George Bailey is an IT security professional with over 15 years of experience

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 30 on sale from February 2016:


Human Aspects of Security
This feature article is all about how today’s advanced attacks focus more on exploiting human flaws than system flaws. This article presents original field research using data gathered from products deployed around the world.  Read More »

Recent Advances in Forensic Radiology
This article describes all the recent advancements done till now in the field of forensic radiology.. Read More »

Subscribe today


BitCoin Targeted Phishing
This feature article is all about BitCoin and a Phishing attack. The article will explain what BitCoin is and how this Phishing attack was targeted at BitCoin. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue