User Account

All Pages

Explain computer forensic investigation procedures

Assignment Help Computer Engineering
Reference no: EM131740429

Assignment: Forensic Investigation

Purpose

The purpose of this project is to provide an opportunity for students to apply forensic investigation competencies gained throughout this course.

Required Source Information and Tools

The following tools and resources will be needed to complete this project:

- Course textbook
- Internet access
- Computer with Paraben
- P2 Commander installed
- Mac OS JSmith.img (a Mac OS X image file used in Project Part 3)

Note: Check with your instructor if you do not have access to Paraben P2 Commander. You may be able to download a trial version or use other software, such as Forensic Toolkit (FTK) or EnCase Forensic to complete this project.

Learning Objectives and Outcomes

You will:

• Explain the rationale for computer forensic activities.
• Explain computer forensic investigation procedures.
• Evaluate sources of evidence.
• Analyze laws related computer forensics.
• Apply tools used in forensic investigations.
• Analyze digital evidence.
• Report findings.
• Assess business considerations related to computer forensic investigations.

Deliverables

Part 3:Analyzing Evidence from Mac OS X

Part 3: Analyzing Evidence from Mac OS X

Scenario

Two weeks ago, D&B Investigations was hired to conduct an incident response for a major oil company in North Dakota. The company's senior management had reason to suspect that one or more company employees were looking to commit corporate espionage. The incident response team went on-site, began monitoring the network, and isolated several suspects. They captured forensic images from the machines the suspects used. Now, your team leader has asked you to examine a forensic image captured from a suspect's computer, which runs the Mac OS X operating system. The suspect's name is John Smith, and he is one of the company's research engineers.

Tasks

• Review the information on the Mac OS X file structure provided in the chapter titled "Macintosh Forensics" in the course textbook.

• Using Paraben P2 Commander, create a case file and add the image the incident response team captured (filename: Mac OS JSmith.img).

• Sort and review the various directories within the Mac OS X image. Look for evidence or indicators that John Smith was or was not committing corporate espionage. This may include direct evidence that John Smith took corporate property, as well as indirect evidence or indicators about who the suspect is and what his activities were during work hours. You can use the software features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting files.

• Write a report in which you:

o Document your investigation methods.

o Document your findings. Explain what you found that may be relevant to the case, and provide your rationale for each item you have identified as an indicator or evidence that John Smith was or was not committing corporate espionage.

o Analyze the potential implications of these findings for the company and for a legal case.

Submission Requirements

- Format: Microsoft Word (or compatible)
- Font: 12-Point, Double-Space
- Citation Style: Follow your school's preferred style guide
- Length: 2 pages

Self-Assessment Checklist

- I have applied appropriate evidence collection and handling methods.
- I have correctly identified and analyzed evidence that is relevant to the investigation.
- I have analyzed business considerations associated with the scenario.
- I have analyzed legal considerations associated with the scenario.
- I have created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

Reference no: EM131740429

Questions Cloud

Evaluate the ideas in relationship to curriculum development : Evaluate these ideas in relationship to curriculum development. How do you see these ideas being embedded in curriculum design?
Availability of cheap natural gas : Which industries gain and which industries lose from the availability of cheap natural gas produced from shale deposits?
Implementation of key procedures supported by calculation : Implementation of key procedures supported by Excel calculation.
Recreation found in the ibis database : Give examples of industries where target costing is prevalent. Comment on the benefits of the practice also.
Explain computer forensic investigation procedures : Explain computer forensic investigation procedures. Evaluate sources of evidence. Analyze laws related computer forensics.
Discuss your observations and analysis of the six dimensions : The desire is for the stated educational philosophy to be as close as possible to the actual curriculum design and educational practice of the school.
Describe the limitations on employment : Limitations on Employment at Will Terry was hired as an assistant manager by the Assurance Manufacturing Company. There was no specific time related to Terry's.
Discuss are there differences between males and females : Are there differences between males and females, in terms of their weight and length. Are infants always smaller/lighter than the adults
Examine the employees e-mail accounts : Workers' Privacy John Hancock Life Insurance Company instructed its employees to create passwords to protect their e-mail accounts.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd