I have forensic images of seized machines."TAS Books" accounting software is present.
My forensic platform is either Encase or FTK.
This is a UK product I believe and common in SME's.
Although I can see the various files in text, XML format etc. I would like to to export the whole package to present in the GUI type format and possibly copy it to my clients laptops for their perusal.
I have tried importing into my workstation without success.
I can VM the suspects machines, however I do not want to rely on this.
Intellectual property issues have been considered and actioned.
Any technical ideas would be appreciated.
I spent most of my career working financial frauds (Senior Informatics Investigator Canada Revenue Agency - retired) and dealt with accounting software almost daily, although I have not dealt with TAS specifically.
Pretty much all accounting software stores it's information in a form that is not easily exported other than through the native program that created it. There are some packages designed for auditing purposes that can interpret the databases and convert them to a report form or into generic database format for sampling purposes eg - Interactive Data Extraction and Analysis (IDEA) from the Canadian Institute of Chartered Accountants. I suspect that the CA institute in the UK may have a similar package and suggest that you contact either a CA firm or the Institute about acquiring it.
Thank you Robert, I appreciate your reply. I shall try that route as well.
I am trying a workaround. On of my ideas is to create the VM and export a backup copy of the TAS data. This could be imported into a clean copy of TAS.
I still find it hard to believe that there is no forensic products that can cave out the data & put this together. Unless, of course, someone knows different??
Thank you Robert, I appreciate your reply. I shall try that route as well.
I am trying a workaround. On of my ideas is to create the VM and export a backup copy of the TAS data. This could be imported into a clean copy of TAS.
I still find it hard to believe that there is no forensic products that can cave out the data & put this together. Unless, of course, someone knows different??
I used to run point of sale systems that were seized using Liveview for an analytical system.
You may want to take a look at that as it a forensically sound virtual machine solution.
You could carve out some things but in a lot of cases the data is stored as binary and there are rarely consistant offsets in the data files between versions of the same accounting packages, so it is difficult to set up a carver to get everything out. Keep in mind that some accounting packages maintain the monetary data in one database, customer information in another, tombstone data and account details in another, so there is a lot of cross-linked information. The virtual machine route is a very good solution as it was my experience that it gave the best output, being in the native form. The next best solution is specialized record extraction software such as IDEA, this actually works using an imported version of the databases you are analyzing and can't write to anything for output except the extraction databases it creates.
The one problem with running the exported data in a clean version of TAS is that accounting packages run "hot" in that they require the data files to be writable in order to function. I suspect that TAS is no different. You may find that you are inadvertantly changing something.
Ron
I am wondering if anyone has used any of the above techniques to investigate a POS system for "zapper"/automated sales suppression software; I am a Tax investigator and have an interest in developing procedures for detecting automated sales suppression software.