User Account

All Pages

Suggest farayi has been counterfeiting isic cards

Assignment Help Other Subject
Reference no: EM132591763

CO4514 Digital Forensic Technology - University of Central Lancashire

Practice Investigation

Scenario

Farayi is suspected of selling counterfeit International Student Identity Cards to people who are not entitled to claim the discounts this card brings. An undercover sting operation was setup to catch Farayi in the act of selling his counterfeit goods. Farayi attempted to sell a counterfeit ISIC card to an undercover officer who was part of the sting operation.

After being arrested and questioned at the local police station, Farayi provided a USB data stick to be further examined. Under questioning Farayi has stated that all the evidence that can be found is on this USB data stick.

A forensic technician has taken custody of the data stick and has performed a full physical acquisition using the DD imaging tool, and have signed this digital image into the evidence locker.

This evidence is available on Blackboard called "unit0910_evidence.zip". Download it and unzip it, and save it somewhere so you can access it later.

Your Instructions
You are to examine the full physical acquisition and answer the following questions.

1. What evidence exists to suggest Farayi has been counterfeiting ISIC cards?
2. Is there any evidence to suggest that Farayi knew his actions were illegal?
3. Is there any evidence to suggest the names of his customers?

Produce a report answering these questions. You should assume that you are preparing this report to be used by the Crown Prosecution Service.

Performing an Investigation Using Autopsy

You will need to keep contemporaneous notes as you are performing this investigation. You will be reminded to keep your notes at the beginning of the investigation, but towards the end you will not be reminded. Your notes should demonstrate your thought process, your decisions, your actions and your results and should be an open and transparent reflection of your investigation. You may use any tools at your disposal for keeping your contemporaneous notes. For example, you may use QCC Forensic Casenotes (available as a free download) or Microsoft Word.

Read all instructions carefully. This work sheet is set up so that it tells you what you are aiming to achieve, before giving you the instructions on how to achieve it. Read through and entire section and understand the instructions - before you attempt to do any of the work.

Part 1 - Creating the Case File
Aim: You have been provided with a copy of the chain of custody form. Check and update the form, and then create your Autopsy case with the provided details.

1.1 Read through the chain of custody documentation.

1.2 Create your case within Autopsy using the correct information.

1.3 Generate and MD5 and then check against the value written on to the chain of custody document. If the MD5 values do not match then you should contact the person in charge immediately.

Part 2 - Initial Survey

Aim: To perform an initial survey of the evidence and to get a good idea of the kind of evidence that I will be exposed to; develop any intelligence about how the investigation might proceed.

2.1 Write down a list of keywords that you think are relevant to this investigation. Use your imagination and don't yet consult with the digital evidence. Re-read the investigative scenario to try and understand what kind of evidence might be discovered.

2.2 Create a keyword list within Autopsy that contains all of the keywords you have identified above. Instructions to do this follow.
2.2.1 Click the "Keyword List" button on the top right hand side of the Autopsy screen.

2.2.2 Click "Manage Lists" when the window pops up

2.2.3 Click the ‘New List' button
2.2.4 Enter "ISIC Card Counterfeitting" as the list name
2.2.5 Ensure ‘ISIC Card Counterfeitting' is selected
2.2.6 Select the ‘New Keywords' button
2.2.7 Enter the first keyword you have identified in the table above
2.2.8 Select "Substring Match"
2.2.8 Click OK
2.2.9 Enter the rest of your keywords
2.2.10 Once you have entered all of your keywords click OK to close the keyword list manager
2.2.11 Run the search facility again to search for the keywords you have just entered.
The keyword list search facility is actually an ingest module that is run when we first added the evidence; so we will need to run it again. However, we now have our ISIC card counterfeiting keyword list set up - and could run it immediately if we ever have to perform another investigation into ISIC card counterfeiting.
2.2.12 Select Tools->Run Ingest Modules->thumbdrive.dd from the main menu
2.2.13 De-select all of the ingest modules, apart from the "Keyword Search" module
2.2.14 Select the "Keyword Search" module from the list
2.2.15 Ensure "ISIC Card Counterfeiting" is ticked (you can keep the others ticked too if you want).
2.2.16 Click ‘Finish'
This will now run the search facility using the keyword list you've entered.
2.2.17 In the "Keyword Hits" tree viewer, expand the "ISIS Card Counterfeiting" option to see all of the search results from your keywords.
2.2.18 Don't spend too much time analysing the search results. Look at the search results and identify anything that needs to be followed up. This might include individual files that you need to examine more closely, it might include new keywords that have become more obvious, and it might include bits of technology that you need to understand a bit better before you complete further investigation.

2.3 Check and record the file system details for the evidence file
2.3.1 Click on the "datasources" item in the tree viewer window
2.4 Have a quick look around the file system
Part 3 - Documentation Phase
Aim: To ensure the correct documentation is used or maintained.

Phase 4 - Search for Digital Evidence
Aim: to locate and interpret the relevant digital evidence.
4.1 Look at your keyword list results.
4.2 Add a bookmark to this file
4.3 Examine the rest of your search results. Bookmark anything that is relevant to your investigation.
4.4 Within the tree viewer window, examine the results of the ingest modules.
4.4.1 Click the File Types item in the tree viewer. Expand it, and look at all of the identified files.

Phase 5 - Reconstructing the Evidence
Phase 6 - Preparing Documents

Aim: To present the evidence in an appropriate format

Attachment:- Digital Forensic Technology.zip

Reference no: EM132591763

Questions Cloud

What is the impact of lower cost of solar power : What is the impact of lower cost of solar power panels on renewable energy projects and Imergy?
How much each class of shares should receive dividend : How much each class of shares should receive dividend and prepare the Journal entry(s) to record this dividend. (Hint: that there is no dividend in arrears.
What will be the length of the wire : If the wire is to have a resistance R = 0.650 O, and if all the copper is to be used, find the following.
Leveraged data mining technologies : Select an organization that has leveraged Data Mining technologies in an attempt to improve profitability or to give them a competitive advantage.
Suggest farayi has been counterfeiting isic cards : What evidence exists to suggest Farayi has been counterfeiting ISIC cards and Is there any evidence to suggest that Farayi knew his actions were illegal
What the total amount that will be added to the common share : What The total amount that will be added to the Common Shares account when the final subscriptions are received will be?Subscriptions Receivable, Common Shares
The rising importance of big-data computing stems : The rising importance of big-data computing stems from advances in many different technologies.
What the long-run objective of financial management is to : What The long-run objective of financial management is to?The decision function of financial management can be broken down into decision
How much time tmelts passes before the ice starts : The mass of the container can be ignored. Heat is supplied to the container at the constant rate of 780 J/minute.

Reviews

Write a Review

Other Subject Questions & Answers

  Determine the control limits for the chart

Garcia's Garage desires to create some colorful charts and graphs to illustrate how reliably its mechanics "get under the hood and fix the problem."

  Explain the differences among the atmospheres of mars

Use information from the textbook and the internet to research the atmospheres of Mars, Venus, and the Earth. Identify and explain the differences among the atmospheres of Mars, Venus, and the Earth

  Characteristics of critical realignment

What characteristics encompass the 1980 critical realignment and how does it differ from the 1932 critical realignment?

  The relevance of democracy to any republican country

What is the relevance of democracy to any republican country in the world?

  A first benchmark goal of anger management program find the

a school psychologist is planning to study the effect of a new anger management program on the aggressive behavior of

  Air quality-increased ventilation-natural daylighting

Write a brief description for each of the following categories of ondoor environment quality, including the environmental intent. Air quality. Increased ventilation. Natural daylighting

  Effective communication is essential

Effective communication is essential for maintaining patient safety. Define professional communication. What constitutes effective communication in healthcare?

  Human excellence and preserving natural environments

Hill discusses the Ideals of Human Excellence and Preserving Natural Environments. What is Hill's central questions regarding environmental ethics?

  Why do you feel attached to certain groups and teams

Think about how to build teams in terms of designing the task, selecting the people, and then, managing their relationships. How would compose a team.

  What is design failure mode and effects analysis

What is Design Failure Mode and Effects Analysis (DFMEA)? what Performance Improvement issue would fall under a FMEA.

  Different presidential election

Go through the following website and post your opinion on it in two paragraphs (200-250 words) in two different presidential election years of your choice

  Define the main reasons you chose to study religion

Reflect upon the main reasons you chose to study religion and how your background and life experiences may shape

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd