Develop a chain of custody form to be used within a business

Assignment Help Computer Engineering
Reference no: EM132187682

Question: Throughout this course, you will be keeping an investigative journal. The purpose of this journal is to archive any artifacts and information that may support your final projects. You will submit it as part of Milestone One and receive points within the milestone rubric for this. Additionally, it will assist you by allowing you to organize information in a chronological order that you can easily retrieve when completing the final projects in the later modules. This journal can be kept as a Word document. You can compile journal entries within the same document and submit this document as one file submission at the end of the course with your Milestone One submission.

In your investigative journal, develop a chain of custody form to be used within a business based on forensic notes for the final project.

In your investigative journal, record how data is acquired and the tools used in the final project scenario.

In your investigative journal, record how data is acquired and the tools used in the final project scenario.

In your investigative journal, record network analysis for the final project scenario.

ISE 640 Final Project Forensic Notes

Use the information in this document to help you complete your final project.

Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew's past history. An internal investigation is launched due to Drew's abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings.

Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products.

Drew Patrick is a senior manager directly involved with the overall development of ACME's excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company's research and development (R&D) database. The R&D database is maintained by ACME's information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis.

The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew's computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew's development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation.

Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew's desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question.

At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew's computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew's computer, however, Drew's account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m.

The following notes were provided by the Forensic Team:

Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick's hard drive:

- Chain of custody document was begun with the sizing of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick's computer. ? Hard drive was duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same. ? The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file structure. ? The hard drive was analyzed using Autopsy and Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed.

Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position.

CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents.

SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted.

EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions.

HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected]. Internet cache also revealed that YouTube was searched for the subjects "selling intellectual property" and "selling on the dark web." Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database.

SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for "advertising stolen data" and "hacking sql servers." These files, once revealed, were in plain text and read using Notepad.

Delivery

four and half pages single spacing not double please, correct and clear citations, submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. using 12-point Times New Roman font. You should use current APA style guidelines for your citations and reference list.

Reference no: EM132187682

Questions Cloud

If unemployment increase what happens to gdp growth : Question: If unemployment increase what happens to GDP Growth?
Increase in the growth rate of the money supply : Compared with a closed economy, an increase in the growth rate of the money supply in an open economy increases aggregate demand by a:
Develop a request for proposal plan : Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery.
What is the weighted average cost of capital : What is the weighted average cost of capital and What is the salvage cash flow of the new equipment? Include the income tax effect
Develop a chain of custody form to be used within a business : In your investigative journal, develop a chain of custody form to be used within a business based on forensic notes for the final project.
Summarize the attack using given data : For each of the three articles you selected, summarize the attack. Include the date of the attack, the type of attack, who or what was affected.
List the files in the current directory : These labs should be performed on the Kali Linux operating system that you installed in Before you begin this lab, log in to it and exercise the following.
Overview of key issues addressed in the section : Analysis and Critical Thinking Thoughtful analysis is performed to help situate the evidence within the team argument and provide engagement with the topic
What you have done and comment on your work : Additionally, using your Week 3 discussion submission attachment (your spreadsheet using the SUM function), create two new tabs.

Reviews

Write a Review

 

Computer Engineering Questions & Answers

  What are the benefits of writing a change management policy

Why is an understanding of risk and risk management so important to an effective and successful information security program?

  Create a web site that retrieves and displays the chairs

Create a Web site that retrieves and displays the current department chairs from a database. The StudentDataBase.accdb Access database used.

  Determine the planning horizon

Describe specifically how the organization will formulate a business performance plan, as follows: Determine the planning horizon.

  Write the program code to handle as many as 40 test scores

Write the program code to handle as many as 40 test scores; however, for this assignment you will enter only the following five scores: 70, 80, 60, 80, 70

  What is the key domain if an additive cipher is used

What is the key domain if an additive cipher is used? What is the key domain if a multiplicative cipher is used? What is key domain if an affine cipher is used?

  Write a graphical user application that accept employee data

Write a graphical user application that accepts employee data to include employee name, number, pay rate, and number of hours worked.

  What are one or two of the biggest social changes

How have the recent changes in information technology affected society? Are these changes for the better, the worse, or both?

  Compare the merits and demerits of 3g and 4g technology to

there are a number of cellular phone companies each serving their own unique geographical areas. likewise they each may

  What type of regular expressions does grep support

What type of regular expressions does grep support? (BRE, ERE, or both)

  An uml class diagram for an online airline reservation

An UML CLASS diagram for an online airline reservation case study where you can choose one-way flight or round flight choose the number of passengers

  What is meant by two-key lockout and n-key rollover

What are the factors to be considered for interfacing a hex keyboard to a microcontroller?

  Write a shell script that calculates information for content

In this assignment, you will write a shell script that calculates the following information for the contents of a given directory.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd