Reference no: EM133775463 , Length: 15 pages
Background
Linda who works for an intelligence and analysis company, and is suspected of accessing and possessing digital content pertaining to "turtles". Accessing, possessing, or distributing of digital content pertaining to turtles breaches both civil and criminal laws. Linda has also been accused (by her company) of obtaining two highly confidential documents. One document encompasses the names, positions, usernames and passwords of notable personnel within the company. The second document is a top secret intelligence report. Linda should not have had access to either of these documents.
You are a consultant who specialises in Digital Forensic investigations. You have been assigned the task of examining an image of Linda's laptop which was seized with the appropriate warrants. An image of the hard disk was created using forensically sound practices. Only a logical acquisition was undertaken by the individual responsible for creating the forensic copy. The logical acquisition was undertaken in a forensically sound manner and the md5 value at the time of acquisition was "b7cb6e8ad2ed5b89014f4ee25c05087e".
At this point in time it is unknown if Linda was also distributing the digital content. Linda denies accessing and possessing any content pertaining to turtles and denies storing the confidential documents on her computer. Linda stated that she noticed her computer had been misbehaving in recent months. During the interview she stated that the computer had been problematic and believes a computer virus may have infected her computer and downloaded the content to the computer. The following points have also been provided to you to aid your investigation:
- Linda has acknowledged that she was the only user of the computer but later retracted this comment.
- No other persistent storage devices were located around the crime scene.
Task
Your task is to investigate the supplied 2042.dd image using appropriate tools and forensic processes, to develop and submit a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions!. You are encouraged to be creative and communicate the outcomes of your investigation in a professional manner. Your final report structure, should encompass the following core components:
Summary - A coherent, professionally written summary detailing; what you discovered, how you approached the investigations, assumptions made, an analysis of the severity of crimes committed, quantification of evidence discovered, and your formal conclusions (2 pages max).
Issue #1 - Content Relating to Offence - Professionally presented examples of content related to the offence, including the characterisation and formal analysis of each evidentiary artefact (1 page max).
Issue #2 - Identification - What evidence links the content to the suspect? Did the Suspect plan to or engage in any potentially illegal actions? (1 page max).
Issue #3 - Intent - If there is concerning evidence - was it purposefully accessed, downloaded, created and/or installed? What is accidental? Was a third party involved? Was it malicious software? Present all evidence demonstrating the suspect's intention to engage in the illegal action. (1 page max).
Issue #4 - Quantity of Evidence - What type of evidence and how many files of a concerning nature are present? Tabulate and/or graphically represent the scope of the evidentiary artefacts. (1 page max).
Issue #5 - Installed Software - What software was installed on the system? What software relate to the crime(s)? What is their purpose? What were they used for? Have they been used? When were they used? How many times? What account(s) (f any) used the software? (1 page max).
Issue #x - Any subsequently identified issues or concerns should be sequentially identified and placed within their own section. (1 pages max).
Running Sheet - A comprehensive running sheet of your investigative actions. What did you? How did you do it? What was the outcome of your action?In order to obtain a high mark for the running sheet, you must ensure that your process can be replicated, and that clear link exists between the running sheet and each respective issue! (5 pages max).
Timeline of Events - The order in which the critical factors took place using comprehensive and chronological order of events. Only include events that tell a clear and organised story. Each event must encompass a comprehensive analysis. (2 pages max).