In the state of Western Australia, it is illegal to access, own or distribute digital content relating to clowns. An allegation was been made to law enforcement whereby a witness claims to have seen an individual access clown related content within a place of work. Following the approval of formal warrants, the computer in question was seized from the work place. The computer was then forensically acquired using FTK Imager. Unfortunately, the junior investigator who obtained the ‘forensic image’ of the computer only performed a logical acquisition. To worsen the situation, the junior investigator forensically wiped the original hard drive from the computer. Fortunately, the logical acquisition was undertaken in a forensically sound manner. The suspect, Clark denies accessing clown content. However, Clark does confirm that the computer does belong to him. Clark stated that he does not always take the computer home or lock it when he is away from his desk.
You are a consultant who specialises in digital forensic investigations. You have been assigned the task of examining a ‘forensic’ image of the laptop, which was seized with correct warrants. It is currently unknown what Clark was doing with the clown content. In Clark’s opinion, the computer was infected with malware which resulted in any potential content appearing on the computer.
Your task is to investigate the supplied forensic image using appropriate tools and process and to develop and submit a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions! Your report must follow the report structure shown below.
Cover Page Unit code and title, assignment title, your name, student number, campus and tutor’s name |
Table of Contents An accurate reflection of the content within the report, generated automatically in Microsoft Word. |
Summary A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers to support or extend the extent of any crimes that have been committed. |
Issue #1 – Presentation of content relating to offence A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must characterised, explained and examined. What is the value of the evidence to the investigation? What does each piece of evidence mean? Does evidence support or negate the allegations made? |
Issue #2 – Identification Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence, which demonstrates ownership of the device or content? |
Issue #3 – Intent Was the digital content purposefully accessed/used/downloaded/installed? Was it accidental? Was it a third party? Was it malicious software? Present all evidence to support your theory. |
Issue #4 – Quantity of Files How many files of every type were present on the system? What percentage of these files relate to the offence? What does this mean for the overall investigation? |
Issue #5 – Installed Software What applications are installed that relate to the investigation? What purpose do these applications serve? Have they been used/run? Dates/times the application was used. What impact do these applications have on the investigation? |
Appendix A – Running Sheet A comprehensive running sheet (recipe) of your actions in investigating the case study. The running sheet should be presented in table form. What did you? How did you do it? What was the outcome of your action? The running sheet should be more detailed than a ‘recipe’ and allow someone to replicate your process and achieve the exact same outcome. |
Appendix B – Timeline of Events A comprehensive and chronological order of events representing the actions that resulted in the illegal activity take place, and the events thereafter. Be creative in how you present this data. Consider what is important to include and what serves no purpose. |
CRITERIA |
|
Evidence |
|
At least 5 ‘issues’ are created and adequately populated with correct evidence. |
|
Evidence is characterised (filenames, sector locations, file extensions, metadata, hashes, dates/times, allocation status, explanations, etc.) |
|
Evidence has been explained, analysed and linked appropriately to other evidence. |
|
Method and Timeline |
|
Comprehensive running sheet with clearly defined aims, methods and results. |
|
Clear use of forensic process which is repeatable and reproducible. |
|
An accurate and professional timeline of evidence, detailing critical events. |
Assignment Writing Help
Engineering Assignment Services
Do My Assignment Help
Write My Essay Services