“Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.” Nonetheless, an IT auditor should refrain from providing an opinion on results obtained through agreed-upon procedures unless required to testify in court proceeding.
Whether target data are in transit or at rest, it is critical that measures be in place to prevent the sought information from being destroyed, corrupted or becoming unavailable for forensic investigation. When evidence is at rest, adequate procedures should be followed to ensure evidential nonrepudiation. Volatile data capture assists investigators in determining the system state during the incident or event. Consequently, the utilization of functionally sound imaging software and practices is essential to maintaining evidential continuity.
“View Part I of the Irregularities and Illegal Acts Agreed-Upon Procedures Assessments series here“