PPT-UEU-Akuntansi-Forensik-Pertemuan-11.ppt

AKUNTANSI FORENSIK
COMPUTER FORENSICS
YULAZRI M.AK., CA., CPA
FEB-AKUNTANSI
11

VISI DAN MISI UNIVERSITAS ESA UNGGUL

Materi Sebelum UTS
Pengantar akuntansi forensik
Mengapa akuntansi forensik
Lingkup akuntansi forensik
Atribut akuntansi forensik
Standar audit investigatif
Tatanan kelembagaan
Korupsi

Materi Setelah UTS
Fraud 1
Fraud 2
Mencegah Fraud
Mendeteksi Fraud
Profil pelaku, korban dan perbuatan fraud
Komputer forensik
Investigatif dan audit investigatif

KEMAMPUAN AKHIR YANG DIHARAPKAN
Mampu memahami menganalisis dan menjelaskan
penerapan disiplin ilmu akuntansi yang luas,
termasuk auditing pada masalah hukum untuk
penyelesaian hukum di dalam atau di luar
pengadilan

Fraud
( KECURANGAN)

Computer Forensics DefinitionComputer Forensics Definition
•Computer forensics is simply the application of
computer investigation and analysis techniques in
the interests of determining potential legal
evidence.
•Menurut Judd Robin, seorang ahli komputer
forensik: “Penerapan secara sederhana dari
penyelidikan komputer dan teknik analisisnya untuk
menentukan bukti-bukti hukum yang mungkin”
- Judd Robins, “An Explanation of Computer Forensics”- Judd Robins, “An Explanation of Computer Forensics”

Beberapa definisi komputer forensik
•Definisi sederhana “Penggunaan sekumpulan prosedur untuk
melakukan pengujian secara menyeluruh suatu sistem komputer
dengan mempergunakan software dan tool untuk mengekstrak dan
memelihara barang bukti tindakan kriminal”
•Menurut Judd Robin, seorang ahli komputer forensik: “Penerapan
secara sederhana dari penyelidikan komputer dan teknik analisisnya
untuk menentukan bukti-bukti hukum yang mungkin”
•New Technologies memperluas definisi Robin dengan: “Komputer
forensik berkaitan dengan pemeliharaan, identifikasi, ekstraksi dan
dokumentasi dari bukti-bukti komputer yang tersimpan dalam wujud
informasi magnetik”

Komputer Forensik
•Komputer forensik banyak ditempatkan dalam
berbagai keperluan, bukan hanya untuk menangani
beberapa kasus kriminal yang melibatkan hukum,
seperti rekonstruksi perkara insiden keamanan
komputer, upaya pemulihan kerusakan sistem,
pemecahan masalah yang melibatkan hardware
ataupun software, dan dalam memahami sistem
atau pun berbagai perangkat digital agar mudah
dimengerti.

Cybercrime

Why Computer Forensics?

Who Uses Computer Forensics?
•penyidik (dalam upaya pengeledahan dan penyitaan) dan
penuntut umum
•Litigations dalam kasus-kasus perdata
•Insurance Companies/ perusahaan asuransi yang berusaha
menghentikan klaim karena adanya unsur fraud
•Perusahaan yang menangani perkara tuduhan pelehan
seksual di tempat kerja, aset misappropriation termasuk
rahasia dagang, korupsi dll.
•Individu dalam kasus perceraian dan pelecehan seksual

Who Uses Computer Forensics?
•Criminal Prosecutors
Rely on evidence obtained from a computer to prosecute suspects and use
as evidence
•Civil Litigations
Personal and business data discovered on a computer can be used in
fraud, divorce, harassment, or discrimination cases
•Insurance Companies
Evidence discovered on computer can be
used to mollify costs (fraud, worker’s
compensation, arson, etc)
•Private Corporations
Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and embezzlement cases

Who Uses Computer Forensics? (cont)
•Law Enforcement Officials
Rely on computer forensics to backup search warrants and post-seizure
handling
•Individual/Private Citizens
Obtain the services of professional computer forensic specialists to
support claims of harassment, abuse, or wrongful termination from
employment

•Apakah komputer digunakn unuk penyelundupan
informasi atau merupakan hasil kejahatan
•sistem komputer digunakan untuk kejahatan
•komputer digunakan untuk penyimpanan data-
data, kontrak dalam kejahatan
•komputer digunakan untuk kejahatan misalkan
hacker

•Basic forensic methodology consists
of:
–Acquire the evidence without altering or damaging
the original
•Look for evidence
•Recover evidence
•Handle evidence with care
•Preserve evidence
–Authenticate that your recovered evidence is the
same as the originally seized data
–Analyze the data without modifying it.
Kizza - Guide to Computer
Network Security
19

•Merupakan informasi yang didapat dalam
bentuk/format digital.
selain itu terdapat empat elemen kunci
forensik dalam teknologi informasi adalah
sebagai berikut :
1.Identifikasi dari Bukti Digital
2.Penyimpanan Bukti Digital
3.Analisa Bukti Digital
4.Presentasi Bukti Digital

Computer Forensic Capabilities
•Recover deleted files
•Find out what external devices have been attached and what
users accessed them
•Determine what programs ran
•Recover webpages
•Recover emails and users who read them
•Recover chat logs
•Determine file servers used
•Discover document’s hidden history
•Recover phone records and SMS text messages from mobile
devices
•Find malware and data collected

Typical Investigations
•Theft of Company Secrets (client, customer or employee
lists)
•Employee Sabotage
•Credit Card
Fraud
•Financial Crimes
•Embezzlement (money or information)
•Economic Crimes
•Harassment
•Child Pornography
•Other Major Crimes
•Identity Theft

Media Devices that hold Potential Data
•Computers and laptops
•Mesin fax
•Smartphones and most other
cell phones
•MP3 music players
•Hard Drives
•Digital Cameras
•USB Memory Devices
•PDAs (Personal Digital Assistants)
•Backup Tapes
•CD-ROMs & DVD’s
•iPads
•iPods

penanganan telpon nirkabel
•jika pesawat on jangan diubah menjadi off
•jika pesawat dalam keadaan off, biarkan,
jangan diubah menjadi on

Principal Targets of Computer Principal Targets of Computer
ForensicsForensics

Hard Disk DrivesHard Disk Drives

USB Drives, floppy disksUSB Drives, floppy disks

SD memory, Compact Flash, and other static SD memory, Compact Flash, and other static
memorymemory

RAM (Random Access Memory)RAM (Random Access Memory)

Basic Computer ArchitectureBasic Computer Architecture

Central Processing Unit (CPU)Central Processing Unit (CPU)

Main Memory Main Memory

(RAM) (volatile memory)(RAM) (volatile memory)

Turn-off the computer and it forgetsTurn-off the computer and it forgets

Disk Drive Disk Drive

non-volatile (persistent) memory non-volatile (persistent) memory

Maintains data across shutdownsMaintains data across shutdowns

Data FilesData Files

Temporary FilesTemporary Files

Registry EntriesRegistry Entries

Unallocated SpaceUnallocated Space

Swap SpaceSwap Space

Log FilesLog Files

Email Email

Disk GeometryDisk Geometry

Disk Sectors and ClustersDisk Sectors and Clusters

SectorsSectors are physical areas of the are physical areas of the
disk that typically represent the disk that typically represent the
smallest addressable units of smallest addressable units of
storage. When a disk drive reads storage. When a disk drive reads
or writes data, it typically does so or writes data, it typically does so
in complete sectorsin complete sectors..

ClustersClusters are logical entities are logical entities
consisting of one or more sectors. consisting of one or more sectors.
Clusters are the smallest Clusters are the smallest
addressable unit of storage used addressable unit of storage used
by a file systemby a file system..

How Clusters are Allocated to FilesHow Clusters are Allocated to Files

Initially, the disk drive consists of a large Initially, the disk drive consists of a large
number of unallocated clustersnumber of unallocated clusters

When a file is stored, the number of clusters When a file is stored, the number of clusters
needed to store the data are allocated to that needed to store the data are allocated to that
file.file.

A File Allocation Table keeps track of which A File Allocation Table keeps track of which
clusters are allocated to which filesclusters are allocated to which files

Files Stored on a DiskFiles Stored on a Disk
The diagram shows the data for two
files stored on the disk. One file has
been allocated contiguous clusters
(shown in green). The other file has
been allocated noncontiguous
clusters (shown in blue)
The file allocation table keeps track
of
The clusters allocated to each table.
When the file is deleted, the file
allocation table is modified to show
that the clusters are now available
for reuse, but no modification is
made to the data in the clusters.

Deleting Disk DataDeleting Disk Data

““Wiping” a file consists of deleting the file and Wiping” a file consists of deleting the file and
overwriting the contents of the associated clustersoverwriting the contents of the associated clusters

Random dataRandom data

All ones and/or all zerosAll ones and/or all zeros

Multiple overwrites Multiple overwrites

Single overwrite seems to be adequate for modern Single overwrite seems to be adequate for modern
disk drivesdisk drives
http://www.springerlink.com/content/408263ql11460147/

Remnants of the file may still exist in other parts of Remnants of the file may still exist in other parts of
the system (e.g., swapfile, temporary files, registry the system (e.g., swapfile, temporary files, registry
entries, etc). If so, data from wiped files can still be entries, etc). If so, data from wiped files can still be
recovered.recovered.

Computer Forensic
Requirements
•Hardware
–Familiarity with all internal and
external devices/components of a
computer
–Thorough understanding of hard
drives and settings
–Understanding motherboards and
the various chipsets used
–Power connections
–Memory

–Forensic software tools
for Windows
–Image and Document
Readers
–Data
Recovery/Investigation
–Password Cracking
–Network Investigation
–Phone Investigation
–PDA Investigation
–Lab Tools
–Assessments utilities
–Foundstone SASS Tools
–Intrusion Detection Tools
–Scanning Tools
–Stress Testing Tools
Kategori software forensik
2010 37Komputer Forensik

Common Computer Forensic Software
•ArcSight Logger
•Netwitness Investigator
•Quest Change Auditor
•Cellebrite
•Physical Analyzer
•Lantern
•Access Data’s Forensic Toolkit (FTK)
•EnCase Cybersecurity
•EnCase eDiscovery
•EnCase Portable
•EnCase Forensic*

Tool Forensik
 Beberapa tool untuk komputer forensik :
The Coroner Toolkit - Dan Farmer & Wietse Venema , www.fish.com
Byte Back - oleh TechAssist, http://www.toolsthatwork.com/
DriveSpy - http://www.digitalintel.com/
EnCase - oleh Guidance Software, http://www.encase.com/
Forensic ToolKit - http://www.accessdata.com/
Maresware Suite - http://www.dmares.com/
Drive Image Pro – PowerQuest
Linux "dd" -
Red Hat
Norton Ghost 2000 – Symantec
SafeBack - New Technologies
SnapBack DatArrest oleh Columbia Data Products
2010 39Komputer Forensik

Tool Forensik
•Contoh dari aplikasi yang dapat digunakan dalam komputer
forensik, yaitu :
–Encase www.guidancesoftware.com
–Forensics toolkit www.accessdata.com
–LoPe www.evidencetalks.com
–Forager www.inforenz.com/software/forager.html
–X-Ways Forensics www. x-ways.net/forensic/index-m.html
2010 40Komputer Forensik

Computer Forensic
Requirements (cont)
•Software
–Familiarity with most popular software packages
such as Office
•Forensic Tools
–Familiarity with computer forensic techniques and the software packages
that could be used

Steps Of Computer Forensics
Computer Forensics is a four step process.
Acquisition
•Physically or remotely obtaining possession of the computer, all network
mappings from the system, and external physical storage devices
Identification
•This step involves identifying what data could be recovered and electronically
retrieving it by running various Computer Forensic tools and software
suites
Evaluation
•Evaluating the information/data recovered to
determine if and how it could be used again the
suspect for employment termination or prosecution
in court

Steps Of Computer Forensics (cont)
Presentation
•This step involves the presentation of evidence discovered in a
manner which is understood by lawyers, non-technically
staff/management, and suitable as evidence as determined by United
States and internal laws

Tahapan pada Komputer Forensik
•Empat tahapan dalam komputer forensik.
1.Pengumpulan data
2.Pengujian
3.Analisis
4.Dokumentasi dan laporan

Tahapan pada Komputer Forensik
1.Pengumpulan data
Pengumpulan data bertujuan untuk
mengidentifikasi berbagai sumber daya yang
dianggap penting dan bagaimana semua data
dapat terhimpun dengan baik.

Tahapan pada Komputer Forensik
2.Pengujian
Pengujian mencakup proses penilaian dan meng-
ekstrak berbagai informasi yang relevan dari
semua data yang dikumpulkan. Tahap ini juga
mencakup bypassing proses atau meminimalisasi
berbagai feature¬ sistem operasi dan aplikasi
yang dapat menghilangkan data, seperti
kompresi, enkripsi, dan akses mekanisme
kontrol. Cakupan lainnya adalah mengalokasi file,
mengekstrak file, pemeriksanan meta data, dan
lain sebagainya.

Tahapan pada Komputer Forensik
3.Analisis
Analisis dapat dilakukan dengan menggunakan
pendekatan sejumlah metode. Untuk memberikan
kesimpulan yang berkualitas harus didasarkan pada
ketersediaan sejumlah data atau bahkan sebaliknya,
dengan menyimpulkan bahwa “tidak ada kesimpulan”.
Hal tersebut sangat dimungkinankan. Tugas analisis ini
mencakup berbagai kegiatan, seperti identifikasi user
atau orang di luar pengguna yang terlibat secara tidak
langsung, lokasi, perangkat, kejadiaan, dan
mempertimbangkan bagaimana semua komponen
tersebut saling terhubung hingga mendapat kesimpulan
akhir.

Tahapan pada Komputer Forensik
4.Dokumentasi dan laporan
Ada beberapa faktor yang mempengaruhi
hasil dokumentasi dan laporan, seperti:
–Alternative Explanations (Penjelasan Alternatif)
–Audienc Consideration (Pertimbangan Penilik)
–Actionable Information
–Standarisasi Komputer Forensik
–Informasi esensial pada registry

Dokumentasi dan laporan
•Alternative Explanations (Penjelasan
Alternatif)
Berbagai penjelasan yang akurat seharusnya
dapat menjadi sebuah pertimbangan untuk
diteruskan dalam proses reporting. Seorang
analis seharusnya mampu menggunakan
sebuah pendekatan berupa metode yang
menyetujui atau menolak setiap penjelasan
sebuah perkara yang diajukan.

Dokumentasi dan laporan
•Audienc Consideration (Pertimbangan Penilik)
Menghadirkan data atau informasi keseluruh audience
sangat berguna. Kasus yang melibatkan sejumlah
aturan sangat membutuhkan laporan secara spesifik
berkenaan dengan informasi yang dikumpulkan. Selain
itu, dibutuhkan pula copy dari setiap fakta (evidentiary
data) yang diperoleh. Hal ini dapat menjadi sebuah
pertimbangan yang sangat ber¬alasan. Contohnya, jika
seorang Administrator Sistem sebuah jaringan sangat
memungkinkan untuk mendapatkan dan melihat lebih
dalam sebuah network traffic dengan informasi yang
lebih detail.

Dokumentasi dan laporan
•Actionable Information
Proses dokumentasi dan laporan mencakup
pula tentang identifikasi actionable
information yang didapat dari kumpulan¬
sejumlah data terdahulu. Dengan¬ bantuan
data-data tersebut, Anda juga bisa
mendapatkan dan meng¬ambil berbagai
informasi terbaru.

Dokumentasi dan laporan
•Standarisasi Komputer Forensik
Standarisasi harus dapat mengisi seluruh¬ aktivitas
dalam komputer forensik. Hal ini mencakup
Pendefinisian, Prinsip, Proses, Hasil, dan “Bahasa”.
Sejumlah organisasi yang berhubungan langsung dengan
bidang komputer forensik bertujuan untuk¬
memberikan parameter yang berkualitas. Beberapa
organisasi tersebut antara lain IOCE (The International
Orga¬nization on Computer Evidence), IACIS (The
International Association of Computer Investigative
Specialist), dan masih banyak lainnya.

Dokumentasi dan laporan
•Informasi esensial pada registry
Perhatikan secara seksama apa yang ditimbulkan dari proses forensik
sehubungan dengan Windows Registry. Anda dapat melihat secara
langsung ke dalam sistem, sebenarnya apa saja yang disimpan dalam
system registry di Windows. Salah satu contoh yang dapat Anda lihat
adalah, bagaimana sejumlah password disimpan pada registry? Hal ini
mengacu langsung pada informasi system registry yang terdapat dalam
HKCU\Software\Microsoft\Internet Explorer\Intel\Forms\SPW
HKCU\Software\Microsoft\Protected Storage System Provider
Tentunya, contoh di atas sangat membingungkan. Jika Anda ingin
memahami lebih mendalam registry tersebut, gunakanlah sebuah
aplikasi yang memiliki kemampuan untuk menampilkan semua
informasi yang tersimpan di dalamnya, misalnya program Protected
Storage PassView. Dengan bantuan aplikasi ini, Anda dapat menggali
lebih dalam semua informasi yang tersimpan dalam registry tersebut.
Fungsi yang diunggulkan dari aplikasi ini adalah mampu
memperlihatkan password dari program Internet Explorer, Outlook

Handling Evidence
•Admissibility of Evidence
–Legal rules which determine whether potential evidence can be
considered by a court
–Must be obtained in a manner which ensures the authenticity and validity
and that no tampering had taken place
•No possible evidence is damaged, destroyed, or otherwise
compromised by the procedures used to search the computer
•Preventing viruses from being introduced to a
computer during the analysis process
•Extracted / relevant evidence is properly handled
and protected from later mechanical or
electromagnetic damage

Handling Information
Information and data being sought after and collected in the
investigation must be properly handled.
•Volatile Information
–Network Information
•Communication between system and the network
–Active Processes
•Programs and daemons currently active on the system
–Logged-on Users
•Users/employees currently using system
–Open Files
•Libraries in use; hidden files; Trojans (rootkit)
loaded in system

Handling Information (cont)
•Non-Volatile Information
–This includes information, configuration settings, system files and registry
settings that are available after reboot
–Accessed through drive mappings from system
–This information should investigated and reviewed from a backup copy

Types of Cyber CrimeTypes of Cyber Crime
•Computer Integrity Crimes- Illegally accessing
data on a computer or network system
•Computer-assisted Crimes- using a computer to
deceive and individual or business
•Computer Content Crimes-involve illegal
content

Computer Integrity Crimes
PhishingPhishing
•Fraudulent e-mail that looks remarkably real
asks the recipient to update his or her
personal information.
–Email usually looks like it from the victim’s bank or
an online retailer
•Email tricks individuals into providing
information by threatening disruption of
service or denial of access
•Identity Theft is main motive

Computer Integrity Crimes
HackingHacking
•Hacking is intentionally entering an unauthorized
network system
–Gain access to protected information by destroying
security of network
–Usually intention is to gain access to and steal
proprietary, commercial information, or personal
identity data
–Hackers may also destroy internal structure
Black Hat- bad guys
White Hat- good guys
Grey Hat- play both sides

Computer Integrity Crimes
Cyber-TerrorismCyber-Terrorism
•Hacking into a governmental or company’s
networking system for the purpose of
demonstrating or protesting political agenda
–Causes fear of loss, destruction, or theft of stored
data

MalwareMalware
•Malware is software designed to provide
unauthorized access to a computer system
–Trojan Horse is software that is designed with
intention to harm a computer or information stored
on computer
•Appears to be legitimate useful software yet whe n run or
installed provides access to data on the system
–Spyware-software that tracks and colllects
information about a computer’s user
•Tracks internet activity
•Some gain access to general computer activity use
•May include password –sniffing technology

MalwareMalware
•Malicious Destruction
–Worms are self replicating malware that sends
copies of itself to other computers on a network
•Cause network and computer damage
–Viruses are similar to worms, cause network and
computer damage, requires a specific command
or file be executed or opened before it can attach
itself and infect a computer

Computer-Assisted Crimes
•Virtual Robbery- opening bank accounts, credit card
accounts, or loans under false identities.
•Virtual Sting- buying goods or purhases under false
pretenses (stolen or falsified credit card). Another type
is arbitrage, or purchasing goods or services that are
illegal in one’s home jurisdiction.
•Virtual Scams- tricks victims into purchasing
investments or below-market-value product
–Many are “get rich quick sceams”
–Usually little to know product or service in return

Computer Content Crimes
•Involve posting illegal content
–Sexually explicit material
–Child pornography
–Hateful or aggressive speech or test related to
race and extreme politics
–Violent content

Entering the Crime Scene
•Identify computer hardware and other devices
that may served valuable
–Computer hardware components may also contain
trace evidence

Preserving the Evidence
•Caution- Turning computer on or off may
delete files
–Cleansing software
–Data rewrite
•Software may be installed to obtain data via a
USB drive
–Warrant required
•Computer copying software clones/copies
data

Network Forensics
•Unlike computer forensics that retrieves information from the computer’s disks,
network forensics, in addition retrieves information on which network ports were
used to access the network.
•There are several differences that separate the two including the following:
–Unlike computer forensics where the investigator and the person being investigated, in
many cases the criminal, are on two different levels with the investigator supposedly
on a higher level of knowledge of the system, the network investigator and the
adversary are at the same skills level.
–In many cases, the investigator and the adversary use the same tools: one to cause the
incident, the other to investigate the incident. In fact many of the network security tools
on the market today, including NetScanTools Pro, Tracroute, and Port Probe used to gain
information on the network configurations, can be used by both the investigator and the
criminal.
–While computer forensics, deals with the extraction, preservation, identification,
documentation, and analysis, and it still follows well-defined procedures springing from
law enforcement for acquiring, providing chain-of-custody, authenticating, and
interpretation, network forensics on the other hand has nothing to investigate unless
steps were in place ( like packet filters, firewalls, and intrusion detection systems) prior
to the incident.

68

Network Forensics Intrusion Analysis
•Network intrusions can be difficult to detect let alone
analyze. A port scan can take place without a quick detection,
and more seriously a stealthy attack to a crucial system
resource may be hidden by a simple innocent port scan.
•So the purpose of intrusion analysis is to seek answers to the
following questions:
–Who gained entry?
–Where did they go?
–How did they do it?

What Is Data Mining?
•We are drowning in data, but starving for knowledge!
•“Necessity is the mother of invention”—Data mining—
Automated analysis of massive data sets
70
The non-trivial extraction of implicit, previously unknown and
potentially useful knowledge from data in large data
repositories
Data Mining: A Definition
Non-trivial: obvious knowledge is not useful
implicit: hidden difficult to observe knowledge
previously unknown
potentially useful: actionable; easy to understand

71
Data Mining: Confluence of Multiple Disciplines
Data Mining
Machine
Learning
Statistics
Applications
Algorithm
Pattern
Recognition
High-Performance
Computing
Visualization
Database
Technology

72
Data Mining’s Virtuous Cycle
1.Identifying the problem
2.Mining data to transform it into actionable
information
3.Acting on the information
4.Measuring the results

73
The Knowledge Discovery Process
•Data Mining v. Knowledge Discovery in Databases (KDD)
–DM and KDD are often used interchangeably
–actually, DM is only part of the KDD process
- The KDD Process

From Data Mining to Data Science
74

75
Data Mining: On What Kinds of Data?
•Database-oriented data sets and applications
–Relational database, data warehouse, transactional database
–Object-relational databases, Heterogeneous databases and legacy databases
•Advanced data sets and advanced applications
–Data streams and sensor data
–Time-series data, temporal data, sequence data (incl. bio-sequences)
–Structure data, graphs, social networks and information networks
–Spatial data and spatiotemporal data
–Multimedia database
–Text databases
–The World-Wide Web

76
Data Mining: What Kind of Data?
•Other Types of Databases
–legacy databases
–multimedia databases (usually very high-dimensional)
–spatial databases (containing geographical information, such as maps, or
satellite imaging data, etc.)
–Time Series Temporal Data (time dependent information such as stock
market data; usually very dynamic)
•World Wide Web
–basically a large, heterogeneous, distributed database
–need for new or additional tools and techniques
•information retrieval, filtering and extraction
•agents to assist in browsing and filtering
•Web content, usage, and structure (linkage) mining tools
–The “social Web”
•User generated meta-data, social networks, shared resources, etc.

77
What Can Data Mining Do
•Many Data Mining Tasks
–often inter-related
–often need to try different techniques/algorithms for each task
–each tasks may require different types of knowledge discovery
•What are some of data mining tasks
–Classification
–Prediction
–Clustering
–Affinity Grouping / Association discovery
–Sequence Analysis
–Characterization
–Discrimination

78
Some Applications of Data mining
•Business data analysis and decision support
–Marketing focalization
•Recognizing specific market segments that respond to particular
characteristics
•Return on mailing campaign (target marketing)
–Customer Profiling
•Segmentation of customer for marketing strategies and/or product
offerings
•Customer behavior understanding
•Customer retention and loyalty
•Mass customization / personalization

79
Some Applications of Data mining
•Business data analysis and decision support
(cont.)
–Market analysis and management
•Provide summary information for decision-making
•Market basket analysis, cross selling, market segmentation.
•Resource planning
–Risk analysis and management
•"What if" analysis
•Forecasting
•Pricing analysis, competitive analysis
•Time-series analysis (Ex. stock market)

80
Some Applications of Data mining
•Fraud detection
–Detecting telephone fraud:
•Telephone call model: destination of the call, duration, time of day or week
•Analyze patterns that deviate from an expected norm
•British Telecom identified discrete groups of callers with frequent intra-group calls,
especially mobile phones, and broke a multimillion dollar fraud scheme
–Detection of credit-card fraud
–Detecting suspicious money transactions (money laundering)
•Text mining:
–Message filtering (e-mail, newsgroups, etc.)
–Newspaper articles analysis
–Text and document categorization
•Web Mining
–Mining patterns from the content, usage, and structure of Web resources

81
The Knowledge Discovery Process
- The KDD Process
•Next: We first focus on understanding the data
and data preparation/transformation

PENYEBAB KECURANGAN
1.Kelemahan pengendalian intern
2.Konflik kepentingan dari pejabat perusahaan
3.Tidak mempunyai kebijakan tertulis mengenai “fair
dealing”
4.Pegawai dan pejabat yang tidak jujur
5.Ketidaktegasan sangsi yang diberikan
6.Terlalu yakin dengan orang kepercayaan
7.Target yang berat dari top management
8.Bonus yang didasarkan performance

84

Many thanks for supporting graphic and image

PPT-UEU-Akuntansi-Forensik-Pertemuan-11.ppt

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

PPT-UEU-Akuntansi-Forensik-Pertemuan-11.ppt

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 26

Slide 28

Slide 30

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Slide 45

Slide 46

Slide 47

Slide 48

Slide 49

Slide 50

Slide 51

Slide 52

Slide 53

Slide 54

Slide 55

Slide 56

Slide 57

Slide 58

Slide 59

Slide 60

Slide 61

Slide 62

Slide 63

Slide 64

Slide 65

Slide 66

Slide 67

Slide 68

Slide 69

Slide 70

Slide 71

Slide 72

Slide 73

Slide 74

Slide 75

Slide 76

Slide 77

Slide 78

Slide 79

Slide 80

Slide 81

Slide 83

Slide 84