CDS351 Tiffin University Evidence from Mac OS X Analysis

User Generated

Zbunaan

Writing

CDS351

Tiffin University

Description

all requirements included with the PDF attachment, and I need each part of the project in a different word document.


Unformatted Attachment Preview

Tiffin University CDS 351 Project: Forensic Investigation Purpose The purpose of this project is to provide an opportunity for students to apply forensic investigation competencies gained throughout this course. Required Source Information and Tools The following tools and resources will be needed to complete this project:  Course textbook  Internet access  Computer with Paraben P2 Commander or another forensics software (like Autopsy) installed  Outlook.pst (an e-mail archive used in Project Part 2)  Mac OS JSmith.img (a Mac OS X image file used in Project Part 3) Note: The above-referenced files for Parts 2 and 3, as well as access to P2 Commander, are available in Lab 1: Applying the Daubert Standard to Forensic Evidence. To access the files, launch the lab and navigate to C:\ISSA_TOOLS\ForensicTools\Forensic2e_lab. (Files will also be provided in a shared Google Drive folder). Check with your instructor if you do not have access to Paraben P2 Commander. You may be able to download a trial version or use other software, such as Paraben EMX, Autopsy, Forensic Toolkit (FTK) or EnCase Forensic to complete this project. Learning Objectives and Outcomes You will:  Explain the rationale for computer forensic activities.  Explain computer forensic investigation procedures.  Evaluate sources of evidence.  Analyze laws related computer forensics.  Apply tools used in forensic investigations.  Analyze digital evidence.  Report findings.  Assess business considerations related to computer forensic investigations. Deliverables Part 1: Preparing for a Forensic Investigation Part 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation Part 3: Analyzing Evidence from Mac OS X © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 1 Tiffin University CDS 351 Project: Forensic Investigation Part 1: Preparing for a Forensic Investigation Scenario You are an employee at D&B Investigations, a firm that contracts with individuals, companies, and government agencies to conduct computer forensics investigations. D&B employees are expected to observe the following tenets, which the company views as the foundation for its success:  Give concerted attention to clients’ needs and concerns.  Follow proper procedures and stay informed about legal issues.  Maintain the necessary skill set to apply effective investigative techniques using the latest technologies. Your manager has just scheduled a meeting with an important prospective client, and she has asked you to be part of the team that is preparing for the meeting. The prospective client is Aaron Bradley, a wellknown football player. Last night, Mr. Bradley’s public relations team discovered that someone obtained four videos that were shot on his smartphone, and tried to sell the videos to the media. Due to the sensitive nature of the videos, Mr. Bradley and his team have not yet contacted law enforcement. They would like to know if D&B can provide any guidance or support related to the investigation—or, at the very least, if D&B can help them prevent similar incidents from occurring in the future. At this time, they do not know how the videos were acquired. The public relations team is wondering if a friend, family member, or employee could have gained direct access to Mr. Bradley’s phone and obtained the photos that way, although the phone is usually locked with a passcode and biometric authentication when Mr. Bradley is not using it. In addition, Mr. Bradley e-mailed the photos to his cousin several months ago; he has not spoken with him in the last few weeks, but he does not believe that person would have shared the videos with anyone else. Your manager plans to use this initial meeting with Mr. Bradley and his public relations team to establish rapport, learn more about the case, and demonstrate the firm’s expertise. The company sees this as an opportunity to build future business, regardless of whether they are retained to help with the investigation of this case. Tasks To help the team prepare for the meeting, your manager asks you (and your colleagues) to consider and record your responses the following questions:  What is the nature of the alleged crime, and how does the nature of the crime influence a prospective investigation?  Based on the limited information provided in the scenario, what is the rationale for launching an © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 2 Tiffin University CDS 351 Project: Forensic Investigation investigation that uses computer forensic activities? Would D&B and/or law enforcement need additional information in order to determine if they should proceed with an investigation? Why or why not?  What would you share with the client about how investigators prepare for and conduct a computer forensics investigation? Identify three to five key points that are most relevant to this case.  What sources of evidence would investigators likely examine in this case? Provide concrete examples and explain your rationale.  What should the client, investigators, and others do—or not do—to ensure that evidence could be used in a court of law? Using layman’s terms, explain laws and legal concepts that should be taken into account during the collection, analysis, and presentation of evidence.  What questions and concerns do you think the client will have?  What questions should the team ask the client to learn more about the case and determine the next steps? Required Resources  Course textbook  Internet access Submission Requirements  Format: Microsoft Word (or compatible)  Font: 12-Point, Double-Space  Citation Style: Follow your school’s preferred style guide  Length: 400 – 600 words Self-Assessment Checklist  I have effectively documented the causes for investigation.  I have effectively documented key points related to the collection, analysis, and presentation of computer forensic evidence.  I have successfully identified potential sources of evidence.  I have summarized laws and legal concepts that apply to this case.  I have created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation. © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 3 Project: Forensic Investigation Tiffin University CDS 351 Part 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation Scenario D&B is conducting a very large electronic discovery (eDiscovery) investigation for a major client. This case is so large that dozens of investigators and analysts are working on specific portions of the evidence in parallel to save time and improve efficiency. Since this is the first time you will be working on this type of investigation for D&B, your manager gives you a “test” (a sample e-mail archive) so she can assess whether you need additional training before you begin working with the rest of the team on the eDiscovery case. Your manager tells you that this archive was extracted from a hard drive image marked “suspect,” but at present nothing more is known about the user. She expects you to examine the archive and document all findings that might be of interest to a forensic investigator. She explains that she will use your report to evaluate your investigation skills, logic and reasoning abilities, and reporting methods. Tasks  Review the information about e-mail forensics and the Paraben P2 Commander E-mail Examiner feature in the chapter titled “E-mail Forensics” in the course textbook.  Using the P2 Commander E-mail Examiner (or another forensics software), create a case file, select Add Evidence, and import the e-mail archive (filename: Outlook.pst). P2 Commander or (the other forensics software) will automatically begin sorting and indexing if you choose that option.  Search for information about the user; your goal is to learn as much as possible about who the user is and what he or she has been doing. You may find evidence in the inbox or other mailboxes. You can use the software features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting attachments.  Write a report in which you: o Document your investigation methods. o Document your findings. Explain what you found that may be of interest to a forensic investigator, and provide your rationale for including each selection. Required Resources  Course textbook  Outlook.pst file (e-mail archive)  Internet access © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 4 Tiffin University CDS 351 Project: Forensic Investigation Submission Requirements  Format: Microsoft Word (or compatible)  Font: 12-Point, Double-Space  Citation Style: Follow your school’s preferred style guide  Length: 400 – 600 words Self-Assessment Checklist  I have applied appropriate evidence collection and handling methods.  I have correctly identified and analyzed evidence that is relevant to the investigation.  I have created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation. © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 5 Project: Forensic Investigation Tiffin University CDS 351 Part 3: Analyzing Evidence from Mac OS X Scenario Two weeks ago, D&B Investigations was hired to conduct an incident response for a major oil company in North Dakota. The company’s senior management had reason to suspect that one or more company employees were looking to commit corporate espionage. The incident response team went on-site, began monitoring the network, and isolated several suspects. They captured forensic images from the machines the suspects used. Now, your team leader has asked you to examine a forensic image captured from a suspect’s computer, which runs the Mac OS X operating system. The suspect’s name is John Smith, and he is one of the company’s research engineers. Tasks  Review the information on the Mac OS X file structure provided in the chapter titled “Macintosh Forensics” in the course textbook.  Using Paraben P2 Commander or (another forensics software), create a case file and add the image the incident response team captured (filename: Mac OS JSmith.img).  Sort and review the various directories within the Mac OS X image. Look for evidence or indicators that John Smith was or was not committing corporate espionage. This may include direct evidence that John Smith took corporate property, as well as indirect evidence or indicators about who the suspect is and what his activities were during work hours. You can use the software features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting files.  Write a report in which you: o Document your investigation methods. o Document your findings. Explain what you found that may be relevant to the case, and provide your rationale for each item you have identified as an indicator or evidence that John Smith was or was not committing corporate espionage. o Analyze the potential implications of these findings for the company and for a legal case. Required Resources  Course textbook  Mac OS JSmith.img  Internet access © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 6 Tiffin University CDS 351 Project: Forensic Investigation Submission Requirements  Format: Microsoft Word (or compatible)  Font: 12-Point, Double-Space  Citation Style: Follow your school’s preferred style guide  Length: 600 – 1000 words Self-Assessment Checklist  I have applied appropriate evidence collection and handling methods.  I have correctly identified and analyzed evidence that is relevant to the investigation.  I have analyzed business considerations associated with the scenario.  I have analyzed legal considerations associated with the scenario.  I have created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation. © 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 7
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Here is part 1.

Running head: FORENSIC INVESTIGATIONS

Forensic Investigations
Student’s Name
Institutional Affiliation

Preparing for a Forensic Investigation
Nature of the Crime
In this scenario, an unknown individual gained access to Mr. Bradley’s phone and
retrieved four confidential videos. The unknown person tried to sell the photos to the media.
According to federal and state laws, personal information is confidential. Accessing Mr.
Bradley’s phone without consent is an invasion of privacy. Therefore, the investigation should
seek to identify the person who accessed Mr. Bradley’s videos. There are two possible
scenarios’, either his phone got hacked, or his cousin shared the photos without his consent, both
of which are criminal.
Rationale
In this case, the police or D&B have every reason to commence with the investigations.
The main reason is that there was a sharing of personal information without the consent of the
owner, in this case, Mr. Bradley. The already have proof that indeed Mr. Bradley’s
confidentiality was compromised, and possibly, his phone got hacked. Sharing investigation
without consent and hacking someone’s phone without their permission amounts to criminal
behavior. The other suspect in this investigation is the cousin. It is safe to conclude that they
have everything necessary to commence with forensic investigation.
Conducting Forensic Investigations
In this case scenario, the first step is to get authorization to search and seize the cousin’s
computers and digital device. Mr. Bradley’s phone should also be acquired. The next step is to
ensure that there is documentation of a chain of custody of the seized devices (Doherty, 2013).

The confiscated devices, Mr. Bradley’s phone, and the compromised videos should be stored
safely in a special in a safe and secure location. The next step is to examine the forensic images
of the videos in question before drawing an inference based on the gathered facts about the case.
The findings also require presenting in the form of a report.
Sources of Evidence
In this case, the first source of evidence is system logs and logs of both Mr. Bradley’s and
his cousin’s phones. It is necessary to acquire metadata, which can find use in the analysis
process. File systems call for detailed analysis. The memory images of the RAM should be
retrieved and analyzed for evidence. Mr. Bradley’s email account should also be examined to
determine any hacking attempts during the transfer of the files to his cousin. In summary, the
primary sources of evidence in this scenario are the internet, computers, removable media, and
mobile phones.
Legal Issues
In digital forensics, legal issues range from the accuracy and reliabili...


Anonymous
I was struggling with this subject, and this helped me a ton!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags