User Account

All Pages

Conducting internal computing investigations and forensics

Assignment Help Other Subject
Reference no: EM133913109

Digital Forensics

Lab: Digital forensics investigation

Practical Tasks 1:

The case in this project involves a suspicious death. Joshua Zarkan found his girlfriend's dead body in her apartment and reported it. The first responding law enforcement officer seized a USB drive. A crime scene evidence technician skilled in data acquisition made an image of the USB drive with ProDiscover and named it C1Prj01.eve. Following the acquisition, the technician transported and secured the USB drive and placed it in a secure evidence locker at the police station. You have received the image file from the detective assigned to this case. He directs you to examine it and identify any evidentiary artifacts that might relate to this case. To process this case, follow these steps to evaluate what's on the image of the USB drive:

1. Start ProDiscover Basic. (If you're using Windows Vista or later, right-click the ProDiscover desktop icon and click Run as administrator.)

2. In the Launch Dialog box, click the New Project tab, if necessary. Enter a project number. If your company doesn't have a standard numbering scheme, you can use the date followed by the number representing the case that day in sequence, such as 20190124 01.

3. Enter C1Prj01 as the project name, enter a brief description of the case, and then click Open.

4. To add an image file, click Action from the menu, point to Add, and click Image File.

5. Navigate to your work folder, click C1Prj01.eve, and then click Open. If the Auto Image Checksum message box opens, click Yes.

6. In the tree view, click to expand Content View. Click to expand Images, and then click the pathname containing the image file. In the work area, notice the files that are listed.

7. Right-click any file and click View to start the associated program, such as Word or Excel. View the file, and then exit the program.

8. If you decide to export a file, right-click the file and click Copy File.(Note: Creating a separate folder for exports is a good idea to keep your files organized.) In the Save As dialog box that opens, navigate to the location where you want to save the file, and then click Save.

9. To save the project to view later, click File, Save Project from the menu. The default project name is the one you entered in Step 3. Select the drive and folder (WorknChap01nProjects, for example), and then click Save. After you have finished examining the files, exit ProDiscover Basic and save the project again, if prompted.

Practical Tasks 2

In this project, you work for a large corporation's IT security company. Your duties include conducting internal computing investigations and forensics examinations on company computing systems. A paralegal from the Law Department, Ms. Jones, asks you to examine a USB drive belonging to an employee who left the company and now works for a competitor. The Law Department is concerned that the former employee might possess sensitive company data. Ms. Jones wants to know whether the USB drive contains anything significant. In addition, she informs you that the former employee might have had access to confidential documents because a co-worker saw him accessing his manager's computer on his last day of work. These confidential documents consist of 24 files with the text "book." She wants you to locate any occurrences of these files on the USB drive's bit-stream image. To process this case, make sure you have extracted the C1Prj02.eve file to your work folder, and then follow these steps:

1. Start ProDiscover Basic. In the New Project tab, enter a project number, the project name C1Prj02, and a project description, and then click Open. It's a good idea to get in the habit of saving the project immediately, so click File, Save Project from the menu, and save the file in your work folder (WorknChap01nProjects).

2. Click Action from the menu, point to Add, and click Image File. Navigate to and click C1Prj02.eve in your work folder, and then click Open. If the Auto Image Checksum message box opens, click Yes.

3. In the tree view, click to expand Content View, if necessary. Click to expand Images, and then click the pathname containing the image file. In the work area, examine the files that are listed.

4. To search for the keyword "book," click the Search toolbar button to open the Search dialog box.

5. If necessary, click the Content Search tab, and then click the ASCII option button and the Search for the pattern(s) option button type book in the list boxforsearchkeywords.UnderSelecttheDisk(s)/Image(s)youwanttosearch in, click the drive you' researching(see Figure1),and then click OK.

6. In the tree view, click to expand Search Results, if necessary, and then click Content Search Results to specify the type of search. Figure 1-25 shows the search results pane. Get top-rated assignment help now.

7. Next, open the Search dialog box again, click the Cluster Search tab, and run the same search. Note that it takes longer because each cluster on the drive is searched.

8. In the tree view, click Cluster Search Results, and view the search results pane. Remember to save your project and exit ProDiscover Basic before starting the next case.

9. When you're finished, write a memo to Ms. Jones with the following information: the filenames in which you found a hit for the keyword and, if the hit occurred in unallocated space, the cluster number.

Reference no: EM133913109

Questions Cloud

Could the virus ascend into the brain within the axons : Now let's assume the virus infects the entire olfactory receptor cell. Could the virus ascend into the brain within the axons or cell extensions of these cells?
Mostly for non-violent crimes : There is a 300-bed nursing home in the path of the fire. county jail with nearly 800 residents currently incarcerated, mostly for non-violent crimes
What part of nervous system controls this type of muscle : Blood pressure is controlled by smooth muscle cells in the vessel causing his blood vessels to either dilate or constrict.
What part of the nervous system controls cardiac muscle : What part of the nervous system controls cardiac muscle (i.e., heart muscle)?
Conducting internal computing investigations and forensics : ITSC3004 Digital Forensics, Victorian Institute of Technology - Examine a USB drive belonging to an employee who left the company and now works
How should you complete the query : You are investigating an incident by using Microsoft 365 Defender. How should you complete the query?
How does the human body keep itself in balance : In this unit, you will complete the lab titled Homeostatic Control: How does the human body keep itself in balance?
Experienced incivility at workplace : You experienced incivility at workplace being new graduate for seeking help from unit manager. Looking back on the situation, now as a more experienced nurse,
Which cpp statements are the easiest to translate : Which C++ statements are the easiest to translate, and which ones seem to be the most difficult?

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd