Reference no: EM132582075
Investigation Scenario
You are a well respected and competent computer forensic examiner working for the Cold Case unit Wensleydale Constabulary. As the lead investigator, you have been tasked with leading a re-investigation of an existing conviction, re-analysing the results and presenting what could amount to quite complex evidence in a simplified formal evidence report which should concentrate on
• Clarity
• Simplicity
• Brevity
The target audience for your reports will be
• Lawyers and their clients (the accused and potential witnesses)
• Judges and Jury Members
You should remember that the recipients of your reports will rarely possess subject knowledge to match your own.
"A picture paints a thousand words" so think about using visualisation techniques such as screenshots, graphics, charts, and drawing. You will need to re ach out to try and help the target audience by relating to known concepts, try to use analogies to get concepts across but do not over stretch.
You need to maintain credibility with your reports
• Executive Summary
• Objectives
• Computer Evidence analyzed
• Relevant Findings
• Supporting Information
• Investigative Leads
• Concluding Statement
• References
• Appendices (if appropriate)
Each professional report needs to be written in the
• 3rd person and concise not exceeding a 2000 words
• (excluding Executive Summary, Tables, Quotes, Screenshots, References and Appendices).
Scenario
An employee from the previously well-respected financial institution, Bank of Wensleydale, 6 years ago, Gordon Gekko was convicted of the following crimes
• Viewing and possessing and conspiracy to distribute indecent pictures of "Naughty Girls and Bad Boys".
• Embezzlement from bank customer funds and conspiracy to defraud the bank.
There had previously been evidence that there been a data breach where £75 million pounds of saver deposits have been fraudulently removed from user's accounts.
Initially cyber criminals were suspected of breaching the bank's firewall and stealing user credentials from the bank network. However, further investigations by the bank security staff and CID indicated that Gordon Gekko had provided "inside information" to third parties to facilitate the fraud and that he had used his credentials to transfer the funds to an offshore account in the Cayman Islands. The "Naughty Girls and Bad Boys"images were found on a shared drive under Gekko's id.
Gekko's PC was originally seized but was never properly analyzed and as part of the cold case review has been forensically imaged by another investigator and you have been requested to perform the analysis.
Gekko's defense team have suggested that Gordon isvery non-computer literate and he thinks that his computer had been deliberately infected with malware that has allowed cybercriminals to remotely access his PC without his knowledge or consent and that he is also a victim of being framed for possession of the indecent images.
Your task is to take the forensic image of the suspects PC and investigate whether there is any evidence of the alleged bank fraudand is there any evidence that may suggest if any of the malware found could be responsible for the defense suggestion.
You need to remember that you are reporting what you have found within the remit given and any conclusions must be based on fact.
Concise details are required because there is a maximum of 2000 words available. Always beware the red herring and what you have been asked to do.