Reference no: EM132961596 , Length: 25 pages
Forensic Investigation Case Study
Identity Fraud Case Study
Background
Identity fraud (also known as identity theft or crime) involves someone using another individual's personal information without consent, often to obtain a benefit. Identity crime is considered one of the most common crimes in Australia with over 26% of Australians reporting they were a victim to identity fraud at some point in their life, according to the Australian Institute of Criminology (AIC). The AIC also states that the annual economic impact of identity crime exceeds $2 billion.
Identity crime also provides a foundation for many other forms of serious crime, stolen identities may be used for money laundering, tax evasion, to make online purchases, or to protect the true identities of organised crime members.
The WA police have been notified of a potential case of identity fraud through scam watch. It has been reported that a software developer named Damon has allegedly stolen identities online to make fraudulent purchases. A background search conducted on Damon concluded that he has had no prior convictions, and the suspect denies allegations of identity fraud. Police officers obtained a warrant and entered Damon's workplace; network traffic logs were analysed, and officers concluded there is a high probability of criminal involvement. Damon's device was seized, and a "forensic image" was created to be further analysed by the digital forensics team. As the latest recruit to the digital forensics team.
As the latest recruit to the digital forensics team, you have been assigned the task of examining the forensic image of the suspect's laptop. At this point in time, there is insufficient evidence to draw any conclusions regarding the identity fraud case. It is your task to conclude with evidence beyond reasonable doubt that the suspect has committed an identity fraud crime so that they can be prosecuted.
Task
Your task is to investigate the supplied forensic image using appropriate tools and forensic process and to develop and submit a written report on your findings. You may use any tools to undertake the investigation, but you must justify all your actions!
Report Structure
Cover Page
Unit code and title, assignment title, your name, student number, campus, and tutor's name
Table of Contents
This must accurately reflect the content of your report and must be generated automatically in Microsoft Word with page numbers.
Summary
A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers to support or extend the extent of any crimes that have been committed.
Issue #1 - Presentation of content relating to offence.
A detailed representation of all content identified, extracted, and analysed in the investigation. All evidence must be characterised, explained, and examined. What is the value of the evidence toward the investigation? What does each piece of evidence mean?
Issue #2 - Identification
Detail all information relating to use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence which demonstrates ownership of the device or content?
Issue #3 - Intent
Was the content of interest purposefully accessed, downloaded, installed etc.? Was it accidental? What it a third party? Was it malicious software? Present all evidence to support
your theory.
Issue #4 - Quantity of Files
How many files of every type were present? What percentage of these files relate to the offence? What does this mean for the overall investigation?
Issue #5 - Installed Software
What are the installed applications relating to the investigation? What purpose do these applications serve? Have they been used? Dates/times the application was used? What impact do these applications have on the investigation?
Appendix A - Running Sheet
A comprehensive running sheet of your actions in investigating the case study. The running sheet should be presented in table form. What did you do? How did you do it? What was the outcome of your action? The running sheet should be more detailed than a recipe and allow someone to replicate your process and achieve the exact same outcome.
Appendix B - Timeline of Events
A comprehensive and chronological order of events representing the actions of an illegal nature. Be creative in how you present this data. Consider what is important to include and what serves no purpose.
Software
Possible software you will need to use are:
• Autopsy
• FTK Imager
• OSForensics
• EnCase Forensic
• Oxygen Forensic Detective
• Magnet Axiom
• Registry Viewer
• ExecutedProgramsList
• Aid4Mail
• Wireshark
Additional Task Information
• You may need to spend some time experimenting with various tools. If a tool or method fails to result in a successful outcome you should still document this action in your running sheet. Each tool has its own strengths and limitations.
• Each report will be unique and presented in its own way.
• Scrutinise the marking key
• Look for clues/hints in the investigation. Strategically placed clues/hints have been created in this fictitious case study to help you along the way.
• It is not expected that you find every piece of evidence and nor do you have to. Furthermore, should there be password protected or encrypted content - you do not necessarily have to break/decrypt it to successfully progress with the investigation.
• Remember to ensure the integrity of the image being investigated. You should continually demonstrate that you have maintained integrity throughout your investigation.
• Consider what you are trying to find and what you need to negate. The background information of this document provides carefully developed clues.