Computer forensics for the fraud examiner

Root kits: Digital evidence collection of volatile data

By Richard D. Cannon, CFE, CFCE
Fraud Bytes

Admittedly, some of the information presented here is on the advanced side of the curve. However, for those who understand the growing need for digital forensics in fraud examination, the latest evolution in the field involves new forensic tools and methods for gathering evidence from live systems. I'll continue to bring you developments when I think that they may have an impact on the way we do fraud examinations of digital evidence. Please contact me at for explanation of any information.

If you're tuned in at all to the news of current computer technology abuses then you've heard about the Sony copy protection controversy. Like other big music companies Sony is concerned about copyright infringement of digital music so it embedded a DRM (digital rights management) program on some of the music CDs it produces and distributes. When a user would open one of these CDs, the DRM would surreptitiously install itself on the user's computer and limit his ability to make illegal copies and to prohibit sharing with others who had no interest in legally buying it. This program is a subcategory of malicious software called "root kits." This DRM root kit is designed to hide itself from the Windows operating system so the user is unaware of its presence. Even if he did know it was on his system he couldn't remove it without crashing his system.

For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.

 Your Rating:
Your Review: