© D.L. Crumbley
Computer Forensics Primer
Defined: acquiring and analyzing digital evidence in a manner that protects the integrity of the evidence to investigate a potential fraud.
Currently only 5% of fraud investigations use electronic data in investigations.
This low percentage is likely because much of the collected digital evidence is forensically unusable.
SAS No. 99: In an IT environment, it may be necessary for the auditor to employ computer-assisted audit techniques (for example, report writers, software or data extraction tool, or other system-based techniques) to identify the journal entries and other adjustments to be tested. [par. 61].
Source: G.S. Smith, “Computer Forensic: Helping to Achieve The Auditors Mission,” Working Paper, December 2003.