User Account

All Pages

Write a report that includes a data recovery plan

Assignment Help Computer Network Security
Reference no: EM132998677

Project

Purpose

The purpose of this project is to provide an opportunity for students to apply forensic investigation competencies gained throughout this course.

Deliverables
Please choose FOUR OPTIONS Out of the SIX (OPTION 1 is mandatory) from the following six options and complete the report for your chosen four options.
Option 1: Preparing for a Forensic Investigation
Option 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation
Option 3: Analyzing Evidence from Mac OS X
Option 4: Private Investigation Firms Offering Digital Forensics Services
Option 5: State-of-the-art Equipment for Digital Forensics Lab
Option 6: Data Recovery Plan
The following tools and resources will be needed to complete this project (They are found in the virtual lab access that accompanies the textbook)
• Course textbook
• Internet access
• Computer with Paraben P2 Commander/E3 installed
• Outlook.pst (an e-mail archive file)
• JSmith.img (Mac OS image file)

Option 1: Preparing for a Forensic Investigation
Scenario
You are an employee at D&B Investigations, a firm that contracts with individuals, companies, and government agencies to conduct computer forensics investigations. D&B employees are expected to observe the following tenets, which the company views as the foundation for its success:
• Give concerted attention to clients' needs and concerns.
• Follow proper procedures and stay informed about legal issues.
• Maintain the necessary skill set to apply effective investigative techniques using the latest technologies.
Your manager has just scheduled a meeting with an important prospective client, and she has asked you to be part of the team that is preparing for the meeting. The prospective client is Brendan Oliver, a well-known celebrity. Last night, Mr. Oliver's public relations team discovered that someone obtained three photos that were shot on his smartphone, and tried to sell the photos to the media. Due to the sensitive nature of the photos, Mr. Oliver and his team have not yet contacted law enforcement. They would like to know if D&B can provide any guidance or support related to the investigation-or, at the very least, if D&B can help them prevent similar incidents from occurring in the future. At this time, they do not know how the photos were acquired. The public relations team is wondering if a friend, family member, or employee could have gained direct access to Mr. Oliver's phone and obtained the photos that way, although the phone is usually locked with a passcode when Mr. Oliver is not using it. In addition, Mr. Oliver e-mailed the photos to one other person several months ago; he has not spoken with that person in the last few weeks, but he does not believe that person would have shared the photos with anyone else.
Your manager plans to use this initial meeting with Mr. Oliver and his public relations team to establish rapport, learn more about the case, and demonstrate the firm's expertise. The company sees this as an opportunity to build future business, regardless of whether they are retained to help with the investigation of this case.

Tasks
To help the team prepare for the meeting, your manager asks you (and your colleagues) to consider and record your responses the following questions:
• What is the nature of the alleged crime, and how does the nature of the crime influence a prospective investigation?
• Based on the limited information provided in the scenario, what is the rationale for launching an investigation that uses computer forensic activities? Would D&B and/or law enforcement need additional information in order to determine if they should proceed with an investigation? Why or why not?
• What would you share with the client about how investigators prepare for and conduct a computer forensics investigation? Identify three to five key points that are most relevant to this case.
• What sources of evidence would investigators likely examine in this case? Provide concrete examples and explain your rationale.
• What should the client, investigators, and others do-or not do-to ensure that evidence could be used in a court of law? Using layman's terms, explain laws and legal concepts that should be taken into account during the collection, analysis, and presentation of evidence.
• What questions and concerns do you think the client will have?
• What questions should the team ask the client to learn more about the case and determine the next steps?

Option 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation
Scenario
D&B is conducting a very large electronic discovery (eDiscovery) investigation for a major client. This case is so large that dozens of investigators and analysts are working on specific portions of the evidence in parallel to save time and improve efficiency.
Since this is the first time you will be working on this type of investigation for D&B, your manager gives you a "test" (a sample e-mail archive) so she can assess whether you need additional training before you begin working with the rest of the team on the eDiscovery case. Your manager tells you that this archive was extracted from a hard drive image marked "suspect," but at present nothing more is known about the user. She expects you to examine the archive and document all findings that might be of interest to a forensic investigator. She explains that she will use your report to evaluate your investigation skills, logic and reasoning abilities, and reporting methods.

Tasks
• Review the information about e-mail forensics and the Paraben P2 Commander/E3 E-mail Examiner feature in the chapter titled "E-mail Forensics" in the course textbook.
• Using the P2 Commander/E3 E-mail Examiner, create a case file, select Add Evidence, and import the e-mail archive (filename: Outlook.pst). P2 Commander/E3 will automatically begin sorting and indexing if you choose that option.
• Search for information about the user; your goal is to learn as much as possible about who the user is and what he or she has been doing. You may find evidence in the inbox or other mailboxes. You can use the software features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting attachments.
• Write a report in which you:
o Document your investigation methods.
o Document your findings. Explain what you found that may be of interest to a forensic investigator, and provide your rationale for including each selection.

Option 3: Analyzing Evidence from Mac OS X
Scenario
Two weeks ago, D&B Investigations was hired to conduct an incident response for a major oil company in North Dakota. The company's senior management had reason to suspect that one or more company employees were looking to commit corporate espionage. The incident response team went on-site, began monitoring the network, and isolated several suspects. They captured forensic images from the machines the suspects used. Now, your team leader has asked you to examine a forensic image captured from a suspect's computer, which runs the Mac OS X operating system. The suspect's name is John Smith, and he is one of the company's research engineers.

Tasks
• Review the information on the Mac OS X file structure provided in the chapter titled "Macintosh Forensics" in the course textbook.
• Using Paraben P2 Commander/E3, create a case file and add the image the incident response team captured (filename: Mac OS JSmith.img).
• Sort and review the various directories within the Mac OS X image. Look for evidence or indicators that John Smith was or was not committing corporate espionage. This may include direct evidence that John Smith took corporate property, as well as indirect evidence or indicators about who the suspect is and what his activities were during work hours. You can use the software features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting files.
• Write a report in which you:
o Document your investigation methods.
o Document your findings. Explain what you found that may be relevant to the case, and provide your rationale for each item you have identified as an indicator or evidence that John Smith was or was not committing corporate espionage.
o Analyze the potential implications of these findings for the company and for a legal case.

Option 4: Private Investigation Firms Offering Digital Forensics Services
Scenario
There was a time that if you wanted to work in digital forensics you had to work for the FBI Crime Lab. There are many more options now. A number of private investigation firms offer digital forensics services, each with different focuses and varying qualifications.

Tasks:
• Research three private investigation firms that offer digital forensics services.
• Describe each company.
• Describe the services each one provides.
• Describe each firm's clients.
• Describe the qualifications/certifications each firm holds.

Option 5: State-of-the-art Equipment for Digital Forensics Lab
Scenario
You have been working for the DigiFirm Investigation Company for several months. The company has a new initiative to continually improve its processes.
Technology changes quickly. Therefore, companies need to change their procedures frequently to stay abreast of new developments. Organizations such as the National Institute of Justice and the FBI offer up-to-date recommendations on best practices.
There is a meeting scheduled for next week to talk about best practices in collecting digital evidence using state-of-the-art equipment in forensics lab.

Tasks:
• Choose three examples of software or state-of-the-art equipment that would benefit the forensics lab and write a proposal that covers:
o Your three choices.
o The reasons for choosing them.
o The benefits and limitations (if any) of each choice.
o Best practices in collecting digital evidence

Option 6: Data Recovery Plan
Scenario
You are an employee of DigiFirm Investigation Company. You received a call from Bill, an engineer at Skyscraper, Inc., a large commercial construction company. Bill reported that a disgruntled employee reformatted a hard disk that contained valuable blueprints for a current job. The computer is an ordinary laptop that was running Windows 7. No backup is available, and Bill wants the data to be recovered.
You can use a few built-in tools to recover deleted files from a Windows 7 operating system. There are also third-party tools that might be helpful. Before beginning any data recovery endeavor, it's a good idea to research your options and plan your approach.

Tasks:
• Research, identify, and list the appropriate steps for recovering data from a reformatted hard disk.
• Write a report that includes a data recovery plan outline, listing the steps to be performed in recovering the data in the order of importance.

Attachment:- Forensic project Report.rar

Reference no: EM132998677

Questions Cloud

What will your loan payoff be on that day : Mortgage Payoff. Somewhat over five years ago, on February 1 you took out a loan for $20,000,000 at 5.25% with a 25-year amortization period and a 7-year term.
What net amount does the lender disburse : To buy your dream home you use a 4/16 reset loan that pays interest only (bullet loan) for the first 4 years, followed with a reset payment to amortize over the
What is conversion ratio : You purchase 100 shares of Musa Masak Berhad convertible preferred stock on 1st July 2021. According to the registration statement, each share of preferred stoc
What you would pay for a share of company x : The stock of company X pays dividends annually, with next year's dividend expected to be $1 a share. What you would pay for a share of Company X
Write a report that includes a data recovery plan : Write a report that includes a data recovery plan outline, listing the steps to be performed in recovering the data in the order of importance
How much additional credit can the company avail : If a company's Current Assets figure is $12,000 and Current Liabilities are $4,000, how much additional credit can the company avail
Purpose of purchasing a factory : Ace Publishing Ltd needs to borrow money for the purpose of purchasing a factory to expand its business.
Automating e-mail evidence discovery : Automating E-mail Evidence Discovery - Identifying and Documenting Evidence from a Forensic Investigation
What the alton company indirect product costs totaled : During the current month, the company incurred the following product costs: Raw materials $85,000; What the Alton Company's indirect product costs totaled

Reviews

Write a Review

Computer Network Security Questions & Answers

  Provide a report on any vulnerabilities

Provide a report on any vulnerabilities in their online environment, as well as mitigations. Your report should also cover your enumeration

  Write a policy about acceptable use policy

Case Study - Online Grocery Business: The Case of ASDA - Online and phone support for inquiries and complaints oCustomer details management

  How would use address the given troublesome trend

How can one protect against virus outbreaks in an organization? What are the common causes of this problems? How would use address this troublesome trend?

  How cryptography can be used in order to secure data

Provide a real-world example of how cryptography/hashing can be used in order to secure data transmission across a network.

  Calculate the positions in an array

How do you calculate the positions in an array of the left and right child of a node in a tree represented as an array?

  Describe briefly the different types of network messages

Describe briefly the different types of network messages. Briefly explain how you know that the host computer was placed on the correct subnet.

  Define the perimeter security requirements for your network

Define the perimeter security requirements for your network. Research Internet and Web perimeter security models, and select a model that is appropriate for your network.

  Discuss threats to the security operations data center

Topic: Info Security & policy. Discuss two major threats to the security operations of a data center and corresponding controls

  What architecture does a ddos attack typically use

What architecture does a DDoS attack typically use? What is the primary defense against many DoS attacks, and where is it implemented?

  Define attack methodology and countermeasures

Attack Methodology and Countermeasures, Imagine that a local company has hired you as a penetration tester to perform necessary testing. The company has asked you to report back to the Board of Directors on your findings.

  Describe the purpose of a risk assessment

Describe the purpose of a risk assessment, risk scope and identify critical areas for an assessment. Select risk assessment methodology and give your rationale behind the one you chose.

  Differences between a network and a stand-alone environment

Describe at least 4 differences between a network and a stand-alone environment which make a network more vulnerable to security attacks

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd