dfm covers
 
 

Investigating Data Theft with Stochastic Forensics

Written by DFM Team


Investigating Data Theft with Stochastic Forensics

A new approach to forensics lets you reconstruct activity, even if it leaves no artifacts.


You must find out if Roger walked off with our data.” This mandate, handed to me by my (very nervous) client, was all I had to work with as I walked into my office Monday morning. My client, a large company headquartered in Manhattan, was very concerned about Roger (not his real name), a high level employee who had recently been forced to leave the company. Days after Roger’s ousting, rumors began to circulate that, before leaving, he walked off with data which was potentially very, very damaging to them; damaging enough to put them into a fit of panic. My task was to find out of if these rumors were true.

Insider data theft is much harder to forensically investigate than external penetrations. External penetrations leave the digital equivalent of broken windows, which all good forensics experts know how to identify. Insider data theft, however, often leaves no traces: the insider is authorized to use the data, routinely using it every day. Whether they’re stealing it or just using it to do their job, their access is, from the computer’s perspective, technically indistinguishable. Copying a file is a routine operation, forensically similar to simply reading it. Indeed, as I did my background research for this case, I saw that all experts had agreed: copying files on a standard Windows system leaves no artifacts. I was faced with one question: Is forensics possible when no artifacts are left behind?



Find out more - subscribe to DFM today and read the full article. Or if you're a subscriber, login and read the article online.


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Noemi Kuncik

Noemi Kuncik is an IT Forensics Specialist at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 36 on sale from February 2018:


Crowd Sourcing Digital Evidence The Risk v The Reward

All digital devices used today can be considered as a potential source for digital evidence. Andrew Ryan investigates the current state in the art of crowd sourced digital evidence. Read More »

Recovery of Forensic Artifacts from Deleted Jump-List in Windows 10

Jump-Lists are widely discussed in forensics community since the release of Windows 7 and are having more capabilities to reveal forensics artifacts in Windows 10. Read More »

Subscribe today


Voice Biometrics

This article looks at the research and development in the field of Voice Biometrics and Speech Analytics, specifically Speaker Identification, Language and Gender Identification, Speech-to-Text Transcription, Keyword Spotting, and others. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue