dfm covers
 
 

Investigating Data Theft with Stochastic Forensics

Written by DFM Team


Investigating Data Theft with Stochastic Forensics

A new approach to forensics lets you reconstruct activity, even if it leaves no artifacts.


You must find out if Roger walked off with our data.” This mandate, handed to me by my (very nervous) client, was all I had to work with as I walked into my office Monday morning. My client, a large company headquartered in Manhattan, was very concerned about Roger (not his real name), a high level employee who had recently been forced to leave the company. Days after Roger’s ousting, rumors began to circulate that, before leaving, he walked off with data which was potentially very, very damaging to them; damaging enough to put them into a fit of panic. My task was to find out of if these rumors were true.

Insider data theft is much harder to forensically investigate than external penetrations. External penetrations leave the digital equivalent of broken windows, which all good forensics experts know how to identify. Insider data theft, however, often leaves no traces: the insider is authorized to use the data, routinely using it every day. Whether they’re stealing it or just using it to do their job, their access is, from the computer’s perspective, technically indistinguishable. Copying a file is a routine operation, forensically similar to simply reading it. Indeed, as I did my background research for this case, I saw that all experts had agreed: copying files on a standard Windows system leaves no artifacts. I was faced with one question: Is forensics possible when no artifacts are left behind?



Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Cyber Attack, Cyber Crime, Cyber Warfare - Cyber Complacency

Mark Osbourne's latest book covers all things Cyber. All proceeds from the book go to charity.

Meet the Authors

Andrew Harbison

Andrew Harbison is a Director and IT Forensics Lead at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 19 on sale from May 2014:


Big Data
Andrew Pimlott and his team at EY take a look at Big Bata risk, the creation of compliance data analytics dashboards, predictability fraud models that help predict fraud, cybercrime analytics and financial services analytics. Read More »

The Roboto Project
Jonathan Rajewski continues his look at Google Glass and the Forensic Analysis of this exciting new technology. The potential uses for this technology are significant and as such will have a plethora of artefacts for potential evidential purposes. Read More »

Subscribe today


Dental Biometrics
Aqsa Ajaz takes a look at Dental biometrics and investigates how it is is used in forensic odontology to identify individuals based on their dental characteristics. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue