PLease I need help In this major task assume you are a Digital Forensics Examine

Question

PLease I need help

In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, E-mail, Mobile, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can think of.

depending on the following structure:

Introduction:

Background, scope of engagement, tools, and findings

Analysis: relevant programs, techniques, graphics

refer to Figure xx or Appendix xx or Glossary xx for procedures or how to obtain the results/outcomes

Findings:

specific files/images, type of searches, type of evidence, indicators of ownership

refer to Figure xx or Appendix xx or Glossary xx for procedures or how to obtain the results/outcomes

Conclusion:

Summary, Results

References:

Glossary / Appendices:

Explanation / Answer

Introduction :

Computer Forensics is a new field and there is less standardization and consistency across the courts and industry. There is no single digital forensic investigation model that has been universally accepted. However, it was generally accepted that the digital forensic model framework must be flexible, so that it can support any type of incidents and new technologies

Today, Darvy contacted me (Forensics department) for imaging a stolen MacBook that had been recovered. Darvy is requesting a forensic examination to see what company documents may have been stolen by the suspect(s) and is requesting a full forensic examination and report for possible criminal charges & civil litigation.

Analysis :

I began the forensic acquisition/imaging process of the stolen MacBook. Prior to imaging the stolen laptop, I photographed the laptop, documenting any identifiers (e.g., make, model, serial #), unique markings, visible damage, etc. while maintaining chain of custody.

Once I gathered all the available evidences, I conducted the examination by the help of various computer forensic investigation tools. We also examine the file system, Windows registry, Network and Database forensic examination.

Action and activities of a user can be investigated in the HKEY_CUREENT_USER hive which is created from HKEY_USERSID hive. User information is mapped to the HKEY_CURRENT_USER. The NTUSER.DAT holds information about registry specification settings of a user. Examination of this hive gave me a good clue of activities and actions taken by a user.

Findings :

After completing the forensic acquisition of the stolen laptop I began analyzing the forensic image of the stolen laptop with Forensic Tool

A review of the Internet history using Internet Evidence Finder, the following data was recovered from sector 117004, which shows a Facebook email between Darvy and Meire. Further analysis shows that Darvy logged into his Google Mail account.

After completing the forensic acquisition of the stolen laptop I began analyzing the forensic image of the stolen laptop with Forensic Tool

Conclusion :

Files and sub-folders from the User directory were touched and uploaded to email server (emailed).

Name of folders : Pictures , Certificates, Employment engagement letter.

References :

File History informations, Browser Information.

Glossary/Appendices :

Not required.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.