User Account

All Pages

Investigate the supplied forensic image

Assignment Help Case Study
Reference no: EM132990147

Case Study

Guidelines

Coffee is defined as a "a hot drink made from the roasted and ground seeds (coffee beans) of a tropical shrub". In Australia, it is illegal to be in possession of any digital content related to coffee, coffee beans or information on the process of making coffee. As a result, accessing, owning, or distributing digital content relating to "coffee" is a criminal offense.

Josh claims to have witnessed a work colleague (Bob) viewing coffee content on a work computer. The allegation was escalated to management, who subsequently escalated the allegation to law enforcement. Following the approval of formal warrants, Bob's computer was seized by law enforcement and transported to the Cyber Crime Centre (CCC).

The computer's hard disk was acquired using AccessData FTK Imager. Unfortunately, the junior investigator who acquired the computer's hard disk only performed a logical acquisition. The CCC is currently in lockdown due to COVID-19, so all employees are completing investigations remotely and thus at this stage, a subsequent full-disk acquisition cannot be undertaken. Given the time-critical nature of the case, an investigation will need to be undertaken on the acquired data, that is currently available. The following list of facts have been produced for this investigation.

• The suspect, Bob, denies accessing "coffee" content on the computer.
• Bob is technically skilled and alleges he has been setup. Bob claims that malware and RDP access to his computer may have resulted in the presence of content.
• Bob confirmed that the computer does belong to him.
• Bob confirmed that he did not use a password onto his computer.
• Bob confirmed that he does not take the computer home.
• Bob backs up his Apple iPhone to the work computer via iTunes.

In addition to initial allegation, prior accumulated intelligence reports suggest that Bob may have been working with an insider - who works for law enforcement. A USB stick may have been physically handed to Bob. The USB stick contained a classified document on COVID-19 and a confidential video of a Bugs Bunny cartoon. As part of the investigation, it is critical to determine if the USB drive was ever connected to Bob's computer and were either of the files copied and subsequently shared with others.

You are a newly hired consultant who specialises in digital forensic investigations. As your very first investigation, you have been assigned the task of examining a forensic image of the computer that was seized. It is currently not known what Bob was doing with the coffee content. Your task is to forensically investigate the supplied forensic image using appropriate tools and processes and develop a formal forensic report encompassing the evidence and methodology used. You may use any tools to undertake the investigation, but you must formally justify and document all of your actions. The recommended report structure is as follows:
• Evidence/content - 30%
• Running sheet - 60%
• Timeline of events 10%.

As a result, the running sheet is the most important component of your report. You may or may not find all evidence and items of interests in the supplied forensic image. Thus, you should focus on carefully documenting end explaining the methods you used to locate evidence and analyse their value within this investigation.

General Idea

• Cover page - unit code and title, assignment title, student name, number, campus and tutor.
• Table of contents - An accurate reflection of the content within the report, generated automatically in Microsoft Word
• Summary - A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers and/or statistics to support or extend the extent of any crimes that have been committed. Keep the summary to a maximum of 1 page.
• Issue #1: Presentation of content relating to offence - A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must be characterised, explained and examined. What metadata exists? What is the value of the evidence to the investigation? What does each piece of evidence mean? Does the evidence support or negate the allegations made? Consider how you will present the evidence. Do not make the mistake of making issue #1 the majority of your report.
• Issue #2: Identification - Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence that demonstrates ownership of the device or content?
• Issue #3: Intent - Was the digital content purposefully accessed/used/downloaded/installed? Was it accidental? Was it a third party? Was it malicious software? Present all evidence to support your theory.
• Issue #4: Quantity of files - How many files of every type were present on the system? What percentage of these files relate to the offence? What does this mean for the overall investigation?
• Issue #5: Installed Software - What applications are installed that relate to the investigation? What purpose do these applications serve? Have they been used/run? What are the dates/times the application was last used? What impact do these applications have on the investigation?
• Issue #6, 7, etc. - Any other evidentiary sections that do not full under the other issue headings.
• Appendix A: Running sheet - A comprehensive running sheet (recipe) of your actions in investigating the case study. The running sheet should be presented in table form. What did you? How did you do it? What was the outcome of your action? The running sheet should be more detailed than a ‘recipe' and allow someone to replicate your process and achieve the exact same outcome.
• Appendix B: Timeline of events - A comprehensive and chronological order of events representing the actions that resulted in the illegal activity taking place, and the events thereafter. Be creative in how you present this data. Consider what is important to include and what serves no purpose.

Attachment:- Case Study.rar

Reference no: EM132990147

Questions Cloud

Explain the current status of the financial position : Explain the current status of their financial position (Using numbers and facts always helps). How do they react to the coronavirus?
What are the ethical and scientific integrity issues : Compare the difference between theory, research, and practice in nursing. What are the ethical and scientific integrity issues related to the research?
Find expected cost savings for the coming year : Compute its expected cost savings for the coming year. Hillshire Company's budgeted sales and budgeted cost of goods sold for the coming year are $129,870,000.
Journalise signature bad debts expense using the percentage : Journalise signature bad debts expense using the percentage sales method. During its first of operation signature lamp company revenue of $350000
Investigate the supplied forensic image : Investigate the supplied forensic image using appropriate tools and processes and develop a formal forensic report encompassing the evidence and methodology
How much is the fund worth today : How much is the fund worth today? Carl has been dollar cost averaging in a mutual fund by investing $2,000 at the beginning of every quarter for the past 7 year
How long would financial planner recommend : How long would her financial planner recommend that she live in the house to break even using Option 2 presuming she is not financing the points?
Explain the importance of e-procurement in an e-business : a. What are the benefits of an E-Procurement toward business nowadays? (Give at least EIGHT (8) benefits with examples that can support your statement)
Determine the new annual depreciation expense : Using the straight-line method, determine the new annual depreciation expense for the equipment. The equipment has been in use for 3 out of 7-year useful life.

Reviews

len2990147

9/15/2021 11:24:49 PM

The task is to forensically investigate the supplied forensic image using appropriate tools and processes and develop a formal forensic report encompassing the evidence and methodology used. The recommended report structure is as follows: • Evidence/content - 30% • Running sheet - 60% • Timeline of events 10%. Microsoft Word Report - maximum of 25 (A4) pages (including cover page, table of contents, etc.).

Write a Review

Case Study Questions & Answers

  HI5019 Case Study - Giant Eggplant Assignment

HI5019 Case Study Giant Eggplant Assignment Help and Solution, Holmes Institute - Assessment Writing Service - Describe the various transaction cycles

  How does GoPro understand and deliver customer values

Case Study Assignment - University of Stirling, UK - Management School - Division of Marketing and Retail. Case - GoPro: riding the waves of a changing market

  Identify the ethical culture problem at texaco

Identify the ethical culture problem at Texaco in the mid-1990s. Based on the facts in the case and what you have learned in this chapter, evaluatethe culture change effort that is under way

  Design a comprehensive environmental audit tool

Design a comprehensive environmental audit tool that could be used to undertake an environmental audit - development of the environmental audit instrument

  Develop a culture of ethics and compliance

How does the NCAA encourage collegiate football programs to develop a culture of ethics and compliance - Is it a valid criticism

  As jareds sales manager what would you do

As Jared's sales manager, what would you do? Should you reprimand him, retrain him, or fire him? Why? Support your answer. Would this scenario cause you to change or implement any corporate policies?

  Write a review on case study splitting by gordon matta clark

Write a review on the case study Splitting by Gordon Matta Clark.

  Analyse internationalisation process of mnc in one country

Analyse the internationalisation process of an MNC in ONE country (e.g. PTT in Australia). Europe is not one country it is too big to be said as one country.

  Does the new dress code discriminate against women

Does the new dress code discriminate against women? Why or why not? Does the dress code violate any other of Hannah's rights?

  What federal initiatives in place to address current issues

What federal initiatives are in place to address current public health issues? Explain in detail with a minimum of two examples. What are the outcomes of these initiatives? Explain with examples.

  Case analysis - metropolitan hospital

How can Clara explain that those who are hired come to accept the core cultural values of the hospital? What steps would you recommend

  What security strategies use to protect from phishing scams

Case- Phishing scams likely to target corporate info soon. What security strategies would you implement in your business to protect yourself from phishing scams

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd