Module Name: Information System Security and Risk Management

CODE ITU 08115

Number:
Class: BAIT_3A & BAIT_3B
Module leader: Eng. Gaspari Shiliba Gaspari Shiliba Digitally signed by Gaspari Shiliba
Date: 2023.01.15 15:30:14 +03'00'

E-mail [email protected]
Institute IFM
Dept: Computer Science and Mathematics
Lecture L_6.2.1: Explain the concepts of information system auditing in an
Number: organization

Information system auditing is the process of reviewing an organization's information

systems and technology infrastructure to ensure that it is secure, compliant with regulations,
and functioning properly. This includes evaluating the effectiveness of controls, assessing the
accuracy of data, and determining compliance with industry standards and best practices. The
goal of information system auditing is to identify and mitigate any potential risks to the
organization's information systems and to ensure that the organization is able to meet its
business objectives. Auditors may use a variety of techniques, such as examining system
logs, interviewing staff, and testing system controls, to gather the information needed to
conduct the audit. The audit report will provide management with recommendations for
improving the organization's information systems and technology infrastructure, as well as
any identified issues that need to be addressed.
Describe digital evidence
Digital evidence refers to any type of data that is stored or transmitted electronically and can
be used as evidence in a legal case. This can include items such as emails, text messages,
social media posts, digital images, and video recordings. Digital evidence can be found on a
variety of devices, including computers, smartphones, and servers, and can be used to prove a
wide range of criminal activity, such as fraud, embezzlement, and cybercrime.
Digital evidence is typically collected and analyzed by forensic experts, who use specialized
tools and techniques to extract, preserve, and analyze the data. This process is designed to
ensure that the integrity of the evidence is preserved and that it can be used in court.
One of the key characteristics of digital evidence is that it can be easily tampered with or
altered, so it is important to ensure that it is collected and handled in a way that preserves its
integrity. This typically involves creating a forensic image of the original data, which can be
used for analysis without altering the original data.
The use of digital evidence in legal cases is becoming increasingly common, as more and
more criminal activity is conducted electronically. It is important for law enforcement
agencies and legal professionals to be familiar with the techniques used to collect and analyze
digital evidence, in order to effectively use it in court.
Explain the source of digital evidence
Digital evidence can come from a variety of sources, including:
i. Electronic devices: Digital evidence can be found on a wide range of electronic
devices, including computers, laptops, smartphones, tablets, servers, and storage
devices. This can include data stored on the device itself, as well as data that has
been transmitted to or from the device.

ii. Cloud storage: Digital evidence can also be found in cloud storage services, such
as Dropbox, Google Drive, and Microsoft OneDrive. This can include data that
has been uploaded to the cloud, as well as data that has been shared with others.

iii. Social media and online platforms: Social media platforms, such as Facebook,
Twitter, and Instagram, can be a rich source of digital evidence. This can include
posts, comments, messages, and other types of data that have been shared online.

iv. Network logs and traffic: Network logs and traffic can provide valuable
information about the activities of users and devices on a network. This can
include information about websites visited, files transferred, and other types of
network activity.

v. Backup and archival data: Digital evidence can also be found in backup and
archival data, such as data that has been stored on tape or in the cloud for long-
term retention. This can include information that has been deleted from the
original device or system.
It is important to note that digital evidence can be found in various forms, like text, image,
audio, and video files. It is also important to understand that digital evidence can be stored in
different places and types of devices, and can be stored in different forms like text, image,
audio, and video files.

Describe the challenges of Forensics

Forensics refers to the process of using scientific methods and techniques to gather and
analyze evidence in order to establish facts in a legal case. The field of forensics is complex
and multifaceted, and there are many challenges that forensic experts must overcome in order
to effectively collect and analyze evidence. Some of the main challenges include:
i. Data volume and complexity: The amount of digital data that needs to be
analyzed in a forensic investigation can be overwhelming. Data can be stored on a
wide range of devices, in different formats, and in different locations, making it
difficult to identify and extract relevant evidence.

ii. Data integrity and authenticity: Digital evidence can be easily tampered with or
altered, making it important to ensure that the integrity of the data is preserved.
Forensic experts must use specialized tools and techniques to create a forensic
 image of the original data, which can be used for analysis without altering the
original data.

iii. Data encryption: Data encryption can make it difficult or impossible to access
and analyze data. Forensic experts must use specialized tools and techniques to
decrypt the data, which can be time-consuming and may not always be successful.

iv. Cloud storage and virtual environments: Cloud storage and virtual
environments can make it difficult to identify and extract relevant data. This can
include data that is stored in the cloud or data that is stored in virtual machines or
containers.

v. Legal and ethical considerations: Forensic experts must be aware of the legal
and ethical considerations when collecting and analyzing digital evidence. This
includes understanding the laws and regulations that govern the collection and use
of digital evidence, as well as ensuring that the rights of individuals are protected
during the investigation.

vi. Technical expertise: Forensic experts must have a high level of technical
expertise in order to effectively collect and analyze digital evidence. This includes
understanding the various types of devices and platforms that are used to store and
transmit data, as well as understanding the different types of data that can be
found on those devices and platforms.

vii. Time constraint: Time constraint is also an important challenge in forensics.

There is a need for fast and efficient forensic analysis to be performed in order to
prevent the destruction of evidence or contamination of the crime scene.

Explain the limitation of using forensics

Forensics, despite its importance in criminal investigations and legal cases, has certain
limitations that can impact its effectiveness and reliability. These include:
i. Data volume: With the increasing amount of digital data being produced, the
volume of data that needs to be analyzed in a forensic investigation can be
overwhelming. This can make it difficult for forensic experts to identify and
extract relevant evidence.

ii. Complexity of data: Data can be stored in various forms and formats and on a
wide range of devices, making it difficult to extract, preserve, and analyze the
data. This complexity can also make it hard to identify and extract relevant
evidence.

iii. Data integrity: Digital evidence can be easily tampered with or altered, making it
important to ensure that the integrity of the data is preserved. However, this can be
a challenge, as it can be difficult to ensure that the original data has not been
tampered with.
iv. Data encryption: Data encryption can make it difficult or impossible to access
and analyze data, which can greatly limit the effectiveness of forensic analysis.

v. Cloud storage and virtual environments: Cloud storage and virtual

environments can make it difficult to identify and extract relevant data, as well as
to preserve data integrity.

vi. Legal and ethical considerations: Forensic experts must be aware of the legal
and ethical considerations when collecting and analyzing digital evidence. This
includes understanding the laws and regulations that govern the collection and use
of digital evidence, as well as ensuring that the rights of individuals are protected
during the investigation.

vii. Technical expertise: Forensic experts must have a high level of technical
expertise in order to effectively collect and analyze digital evidence. This includes
understanding the various types of devices and platforms that are used to store and
transmit data, as well as understanding the different types of data that can be
found on those devices and platforms.

viii. Time constraints: Forensic analysis can be time-consuming, and in some cases, it
can be difficult to complete the analysis within a reasonable timeframe.

ix. Human Error: Forensic analysis is a human-dependent process, and as such, it is

vulnerable to human error. This can include mistakes made during the collection,
preservation, or analysis of evidence, which can compromise the integrity of the
evidence and the investigation.