Albert J. Marcella (editor) - Cyber Forensics: Examining Emerging and Hybrid Technologies

We wish to thank the anonymous reviewers identified by Taylor & Francis Group, LLC, our Publisher, who initially reviewed our proposed book and provided feedback and comments on the proposed content when the authors initially brought the idea for this book to CRC Press.

Our thanks go to the anonymous online contributors, drone pilots, technicians, users, and guests on the following forums: Airdata UAV Forum, DJI Phantom Drone, DJI UAV Online, Pixhawk, and UAV Coach, who posted countless questions and responses, provided technical assistance and insights, uploaded flight logs for analysis, and who make the UAS/UAV forums a viable resource for everyone.

We would also like to thank:

• Desert Rotor of Scottsdale, AZ, for permission to use a photo of the companys 12PCX HOTAS HD Portable GCS, Dual Screen UAV Ground Control Station
• Paul Thelu and Drotek Electronics, Avignonet-Lauragais France, for permission to use a photo of the companys The Pixhawk 3 Pro Autopilot
• Elliot Webb, founder and chief pilot at High Line Drones LLC, of Quinebaug, CT, for providing the Putnam Connecticut Town-Scape image and associated EXIF data
• Holybro organization for permission to include photos of the companys Kakute F7 All-In-One flight controller
• UAV Navigation S. L., of Madrid, Espaa, for permission use a photo of the companys Flight Data Recorder
• Dr. Fahad E. Salamh, at Purdue University and Digital Forensics and Incident Response consultant, for his excellent and detailed review of materials for the chapter Cyber Forensics: Examining Commercial Unmanned Aircraft Systems (UASs) and Unmanned Aerial Vehicles (UAVs). Dr. Salamh's research A 3-Dimensional UAS Forensic Intelligence-Led Taxonomy (U-FIT), will soon be independently published.
• Myles Levin, CEO and Founder, Daubert Tracker, LLC and Principal and Co-founder, Expert Witness Profiler, LLC, for use of the Daubert Tracker graphic and personal information provided related to the Expert Witness Profiler
• Robert White, Bradley Smith, Russ Curry, Alex De Looze (Aerialtronics), David Webster (Autel Robotics), and Justin Slater (Phantom Pilot), who responded to specific UAS/UAV research questions and provided flight logs for analysis: thank you for your contributions and for so graciously responding to requests for further information
• Dr. Keyun Ruan for permission to use data from her research in her publication Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results, published in Digital Investigation

Douglas Menendez

The constructs of compliance and auditing may vary depending upon industry and application. To begin this chapter on common ground, we will first take a brief look at exactly what compliance and auditing is, from a broad, more global perspective. In many instances throughout this book, the reader will encounter terms such as examiner and investigator. While auditing involves both the process of examination and investigation, there is both an operational as well as functional difference between the two processes.

Lets start with some definitions of compliance and auditing.

• The definition of compliance is: the action of complying with a command, or the state of meeting rules or standards. In the corporate world, its defined as the process of making sure your company and employees follow all laws, regulations, standards, and ethical practices that apply to your organization and industry

The definition of an audit is the process of evaluation or analysis of something to determine its accuracy. In the business world, auditing can be focused on financial, operational, or information technology:

• Financial Auditing:

  The process of verifying a companys financial information. An auditor examines a companys accounting books and records in order to determine whether the company is following appropriate accounting procedures. An auditor issues an opinion in a report that says whether the financial statements present fairly the companys financial position and its operational results in accordance with Generally Accepted Accounting Principles (GAAP).

• Operational Auditing:

  An independent review and examination of records and activities to assess the adequacy of operational controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.

• Information Technology Auditing:

  An independent review and examination of system records and activities in order to test the adequacy and effectiveness of data security and data integrity procedures, to ensure compliance with established policy and operational procedures, and to recommend any necessary changes.

There are also two main categories of auditing: internal and external.

• Definition of Internal Auditing:

  Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.

• Definition of External Auditing:

  External auditing is an independent function outside of the organization that assesses the financial and risk associated aspects in order to comply with statutory audit requirements. The main role of external audit is to provide an opinion whether the company financial statements present a true and fair view of the companys financial results. The external audit function is managed by the external auditor, who in the United States is typically a Certified Public Accountant.

The audit work performed by an auditor is different from the investigation work performed by cyber forensic professionals (see ).

The remainder of this chapter will focus the readers attention on a review and examination of auditing and compliance and the rapidly growing field of cyber forensics.

As defined by UpGuard, Cyber forensics is a branch of forensic science focused on the recovery and investigation of material found in digital devices and cybercrimes. Throughout this book, cyber forensics, digital forensics, and computer forensics are used interchangeably.

As society increases reliance on computer systems and cloud computing, cyber forensics becomes a crucial aspect of law enforcement agencies and businesses. The reader interested in a deeper review of cyber forensics and cloud computer is directed to and Ronald L. Krutzs examination of the subject.