Forensic Investigation Case Study ECU University
Title: Cat got your tongue?
Background
In the state of Western Australia it is illegal to access, own or distribute digital content relating to ‘cats’. Jane, the network administrator for the Daily Planet was reviewing network traffic logs when she noticed that an employee may have been accessing digital content relating to cats. The network administrator informed their line manager (Ash), and Ash notified the police. A junior police officer attended the company’s premises and assessed the network traffic logs, confirming that there is a high probability that digital content relating to cats had been accessed via a computer owned by an individual named Clark. Police obtained the necessary documents and seized the equipment relating to the allegation.
The suspect Clark was formally interviewed and denied accessing any content relating to cats. To date, Clark does not have a criminal record. Paul Ekman was coincidentally onsite during the interview, and was asked to examine the video of the interview. Paul made a statement suggesting that Clark’s micro facial expressions didn’t quite “add up”. Clark was interviewed again, but this time used the malware defence. Paul Ekman and the forensic investigators concluded that “something wasn’t quite right”, and they concluded that this would be a suitable challenge for you, the new recruit within the department.
You have been assigned the task of examining a “forensic image” of the suspect’s laptop which was seized with the appropriate warrants and imaged using forensically sound practices. At this point in time, there is insufficient evidence to make any generalisations or conclusions regarding the case. The network logs conclusively suggest that Clark’s computer was used to access the illegal content.
Unfortunately, the junior forensic investigator who obtained a “forensic image” of the computer only performed a logical acquisition. To make matters worse, the junior investigator accidently, securely wipe the laptop’s entire hard drive. Fortunately, the logical acquisition was undertaken in a forensically sound manner and can still be used within the investigation. The MD5 hash of the forensic image is “044288459e2fd193e446eec8de0acdd9”.
Task
Your task is to investigate the supplied forensic image using appropriate tools and forensic process and to develop and submit a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions!
Report Structure
|
Cover Page Unit code and title, assignment title, your name, student number, campus and tutor’s name |
|
Table of Contents This must accurately reflect the content of your report and must be generated automatically in Microsoft Word with page numbers. |
|
Summary A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers to support or extend the extent of any crimes that have been committed. |
|
Issue #1 – Presentation of content relating to offence A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must characterised, explained and examined. What is the value of the evidence to the investigation? What does each piece of evidence mean? |
|
Issue #2 – Identification Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence which demonstrates ownership of the device or content? |
|
Issue #3 – Intent Was the content of interest purposefully accessed, downloaded, installed etc.? Was it accidental? What it a third party? Was it malicious software? Present all evidence to support your theory. |
|
Issue #4 – Quantity of Files How many files of every type were present. What percentage of these files relate to the offence? What does this mean for the overall investigation? |
|
Issue #5 – Installed Software What are the installed application relating to the investigation? What purpose do these application serve? Have they been used? Dates/times the application was used? What impact do these applications have on the investigation? |
|
Appendix A – Running Sheet A comprehensive running sheet of your actions in investigating the case study. The running sheet should be presented in table form. What did you? How did you do it? What was the outcome of your action? The running sheet should be more detailed than a recipe and allow someone to replicate your process and achieve the exact same outcome. |
|
Appendix B – Timeline of Events A comprehensive and chronological order of events representing the actions of an illegal nature. Be creative in how you present this data. Consider what is important to include and what serves no purpose. |
Additional Task Information
- Start early and plan ahead, you may need to spend some time experimenting with various tools. If a tool or method fails to result in a successful outcome you should still document this action in your running sheet. Each tool has its own strengths and limitations.
- Each report will be unique and presented in its own way.
- Scrutinise the marking key, and ask any questions you may have EARLY in the semester!
- Look for clues/hints in the investigation. Strategically placed clues/hints have been created in this fictitious case study to help you along the way.
- It is not expected that you find every piece of evidence and nor do you have to. Furthermore, should there password protected or encrypted content – you do not necessarily have to break/decrypt it to successfully progress with the investigation.
- Remember to ensure the integrity of the image being investigated. You should continually demonstrate that you have maintained integrity throughout your investigation.
- Consider what you are trying to find and what you need to negate. The background information of this document, provides carefully developed clues.
Marking Key
|
CRITERIA |
MARK |
|
Evidence (20 marks) |
|
|
‘Issues’ are adequately populated with appropriate evidence |
/8 |
|
Evidence is characterised (filenames, sector locations, file extensions, metadata, hashes, dates/times, allocation status etc.) |
/8 |
|
Evidence has been explained and analysed appropriately |
/4 |
|
Method and Timeline (20 marks) |
|
|
Comprehensive running sheet with clearly defined aims, methods and results |
/8 |
|
Clear use of forensic process which is repeatable and reproducible |
/6 |
|
Accurate and professional timeline of evidence |
/6 |
Assignment Service Australia | CDR Writing Help | TAFE Course Help | Perth Course Help | Melbourne Course Help | Darwin Course Help | Adelaide Course Help | Course Help Victoria | Sydney Course Help | Canberra Course Help | Brisbane Course Help | CDR for Australian immigration | Course For Australian History
Diploma Universities Assignments
- Laureate International Universities Course
- Holmes Institute Course
- Tafe NSW
- Yes College Australia
- ACC508 Informatics and Financial Applications Task 2 T2, 2019
- ACC512 Accounting
- ACC520 Legal Regulation of Business Structures Semester 2, 2019
- ACCT20074 Contemporary Accounting Theory Term 2 Assessment 3
- AERO2463 Computational Engineering Analysis : Assignment 4
- B01DBFN212 Database Fundamentals Assessment 1
- BE01106 - Business Statistics Assignment
- BFA301 Advanced Financial Accounting
- BFA504 Accounting Systems Assessment 3
- BSB61015 Advanced Diploma of Leadership and Management
- BSBADV602 Develop an Advertising Campaign
- BSBCOM603 Plan and establish compliance management systems case study
- BSBCOM603 Plan and establish compliance management systems Assessment Task 1
- BSBCOM603 Plan and establish compliance management systems Assessment Task 2
- BSBCOM603 Plan and establish compliance management systems Assessment Task 3
- BSBFIM501 Manage Budgets And Financial Plans Assessment Task 1
- BSBHRM602 Manage Human Resources Strategic Planning
- BSBINM601 Manage Knowledge and Information
- BSBWOR501 Assessment Task 3 Plan Personal Development Plan Project
- BSBMGT517 Manage Operational Plan
- BSBWHS521 Ensure a Safe Workplace For a Work Area
- BSBWRK510 Manage employee relations
- BUSS1030 Accounting, Business and Society
- CAB202 Microprocessors and Digital Systems Course Help
- CHC40213 Certificate IV in Education Support
- CHCAGE001 Facilitate the empowerment of older people
- CHCAGE005 Provide support to people living with dementia
- CHCCCS023 Support independence and wellbeing
- CHCCCS025 Support relationships with carers and families
- CHCCOM005 Communicate and CHCLEG001 Work Legally Ethically
- CHCDIS002 Follow established person-centred behaviour supports
- CHCECE019 Early Childhood Education and Care
- CHCHCS001 Provide home and community support services
- COMP10002 Foundations of Algorithms
- COMP90038 Algorithms and Complexity
- COSC2633/2637 Big Data Processing
- COSC473 Introduction to Computer Systems
- CPCCBC5011A Manage Environmental Management Practices And Processes In Building And Construction
- CPCCBC5018A Apply structural Principles Medium rise Construction
- CSE3OSA Assignment 2019
- ELEC242 2019 Session 2
- ENN543 Data Analytics and Optimisation
- ENN543 Data Analytics and Optimisation Semester 2, 2019
- FINM202 Financial Management Assessment 3 Group Report
- Forensic Investigation Case Study ECU University
- HA2042 Accounting Information Systems T2 2019
- HC1010 Holmes Institute Accounting For Business
- HC2112 Service Marketing and Relationship Marketing Individual Assignment T2 2019
- HC2121 Comparative Business Ethics & Social Responsibility T2 2019
- HI5002 Holmes Institute Finance for Business
- HI5003 Economics for Business Trimester 2 2019
- HI5004 Marketing Management T1 2020 Individual Report
- HI5004 Marketing Management T1 2020 Group Report
- HI5004 Holmes Institute Marketing Management
- HI5014 International Business across Borders Assignment 1
- HI5014 International Business across Borders
- HI5017 Managerial Accounting T2 2019
- HI5017 Managerial Accounting T1 2019
- HI5019 Tutorial Questions 1
- HI5019 Strategic Information Systems for Business and Enterprise T1 2020
- HI5019 Holmes Institute Strategic Information Systems T2
- HI5019 T2 2019
- HI5019 T1 2019
- HI5020 Corporate Accounting T3 2019
- HI5020 Corporate Accounting T2 2019
- HI6005: Management and Organisations in a Global Environment
- HI6006 Tutorial questions
- HI6006 Competitive Strategy Individual T1 2020
- HI6006 Holmes Institute Competitive Strategy
- HI6006 Competitive Strategy T3 2019
- HI6007 Statistics for business decisions
- HI6007 Assessment 2 T1 2020
- HI6007 T1 2019
- HI6008 T2 2019
- HI6008 Holmes Institute Research Project
- HI6025 Accounting Theory and Current Issues
- HI6026 Audit, Assurance and Compliance Course Help
- HI6026 Audit, Assurance and Compliance
- HI6027 business and corporate law tutorial Assignment T1 2021
- HI6027 Business and Corporate Law T3 2019
- HI6027 Business and Corporate Law T2 2019
- HI6028 Taxation Theory, Practice and Law T2 2021
- Hi6028 taxation theory, practice and law Final Assessment t1 2021
- HI6028 Taxation Theory, Practice and Law T2 2019
- HI6028 Taxation Theory T1 2019
- HI6028 Taxation Law Holmes
- HLTAAP001 Recognise healthy body systems
- HLTWHS002 Follow safe practices for direct client care
- HOTL5003 Hotel Property and Operations
- HPS771 - Research Methods in Psychology A
- HS2021 Database Design
- ICTICT307 Customise packaged software applications for clients
- IFN619 Data Analytics for Strategic Decision Makers
- INF80028 Business Process Management Swinburne University
- ISY2005 Case Study Assessment 2
- ISYS326: Information Systems Security Assignment 2, Semester 2, 2019
- ITAP3010 Developing Data Access Solutions Project
- ITECH1103- Big Data and Analytics – Lab 3 – Working with Data Items
- ITECH1103- Big Data and Analytics Assignment Semester 1, 2020
- ITECH 5500 Professional Research and Communication
- Kent Institute Australia Assignment
- MA5830 Data Visualisation Assignment 2
- MGMT7020 Project Management Plan
- Mgt 301 Assessment 3
- MGT215 Project Management Individual Assignment
- MIS102 Data and Networking Course Help
- MITS4002 Object Oriented Software Development
- MITS5002 Software Engineering Methodology
- MKT01760 Tourism Planning Environments Assessment 4
- MKT01760 Tourism Planning Environments
- MKT01906 International Tourism Systems
- MKT5000 Marketing Management S2 2019
- MNG03236 Report Writing SCU
- MRE5003 Industrial Techniques In Maintenance Management Assignment 4
- MRE5003 Industrial Techniques In Maintenance Management Assignment 3
- MRE5003 Industrial Techniques In Maintenance Management
- Network Security and Mitigation Strategies Answers
- NIT2213 Software Engineering Course
- NSB231 Integrated Nursing Practice Assessment Task 1
- Science Literacy Assessment 4
- SIT323 Practical Software Development T 2, 2019
- SIT718 Using aggregation functions for data analysis
- SITXCOM002 Show Social and Cultural Sensitivity
- TLIL5055 Manage a supply chain
- TLIR5014 Manage Suppliers
- USQ ACC5502 Accounting and Financial Management
- UTS: 48370 Road and Transport Engineering Assessment 2
- CHCAGE001 Facilitate the empowerment of older people
- CHCAGE005 Provide support to people living with dementia
- CHCCCS011 Meet personal support needs
- CHCCCS015 Provide Individualised Support
- CHCCCS023 Support independence and wellbeing
- CHCCCS025 Support relationships with carers and families
- CHCCOM005 Communicate and work in health or community services
- CHCDIS001 Contribute to ongoing skills development
- CHCDIS002 Follow established person-centred behaviour supports
- CHCDIS003 Support community participation and social inclusion
- CHCDIS005 Develop and provide person-centred service responses
- CHCDIS007 Facilitate the empowerment of people with disability
- CHCDIS008 Facilitate community participation and social inclusion
- CHCDIS009 Facilitate ongoing skills development
- CHCDIS010 Provide person-centred services
- CHCDIV001 Work with diverse people
- CHCHCS001 Provide home and community support services
- CHCLEG001 Work legally and ethically
- CHCLEG003 Manage legal and ethical compliance
- HLTAAP001 Recognise healthy body systems
- HLTAID003 Provide First Aid
- HLTHPS007 Administer and monitor medications
- HLTWHS002 Follow safe work practices for direct client care
- CORPFIN 7101 managerial finance assignment answers
- Assignment 2 Introduction to Digital Forensics
- MGT603 Systems Thinking Assessment 1
- MGT603 Systems Thinking Assessment 2
- Hi5017 Managerial Accounting T1 2021
- HI6028 Taxation Theory, Practice and Law T1 2021
- OODP101 Assessment Task 3 T1 2021
- ITNE2003R Network Configuration and Management Project