User Account

All Pages

What is the value of the evidence to the investigation

Assignment Help Case Study
Reference no: EM131692712 , Length: 25

Background

In the state of Western Australia it is illegal to access, own or distribute digital content relating to ‘cats'.Jane, the network administrator for the Daily Planet was reviewing network traffic logs when shenoticed that an employee may have been accessing digital content relating to cats. The network administrator informed their line manager (Ash), and Ash notified the police. A junior police officerattended the company's premises and assessed the network traffic logs,confirming that there is a high probability that digital content relating to cats had been accessed via a computer owned by an individual named Clark. Police obtained the necessary documents and seized the equipment relating to the allegation.

The suspectClark was formally interviewed and denied accessing any content relating to cats. To date, Clark does not have a criminal record.Paul Ekman was coincidentally onsite during the interview, and was asked to examine the video of the interview. Paul made a statement suggesting that Clark's micro facial expressions didn't quite "add up". Clark was interviewed again, but this time used the malware defence.Paul Ekman and the forensic investigators concluded that "something wasn't quite right", and they concluded that this would be a suitable challenge for you, the new recruit within the department.

You have been assigned the task of examining a "forensic image"of the suspect'slaptop which was seized with the appropriate warrants and imaged using forensically sound practices.At this point in time, there is insufficient evidence to make any generalisations or conclusions regarding the case. The network logs conclusively suggest that Clark's computer was used to access the illegal content.

Unfortunately, the junior forensic investigator who obtained a "forensic image" of the computer only performed a logical acquisition. To make matters worse, the junior investigator accidently, securely wipe the laptop's entire hard drive. Fortunately, the logical acquisition was undertaken in a forensically sound manner and can still be used within the investigation. The MD5 hash of the forensic image is "044288459e2fd193e446eec8de0acdd9".

Task
Your task is to investigate the suppliedforensic image using appropriate tools and forensic process and to develop and submit a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions!

Report Structure

Cover Page
Unit code and title, assignment title, your name, student number, campus and tutor's name

Table of Contents
This must accurately reflect the content of your report and must be generated automatically in Microsoft Word with page numbers.

Summary
A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers to support or extend the extent of any crimes that have been committed.

Issue #1 - Presentation of content relating to offence
A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must characterised, explained and examined. What is the value of the evidence to the investigation? What does each piece of evidence mean?

Issue #2 - Identification
Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence which demonstrates ownership of the device or content?

Issue #3 - Intent
Was the content of interest purposefully accessed, downloaded, installed etc.? Was it accidental? What it a third party? Was it malicious software? Present all evidence to support your theory.

Issue #4 - Quantity of Files
How many files of every type were present. What percentage of these files relate to the offence? What does this mean for the overall investigation?

Issue #5 - Installed Software
What are the installed application relating to the investigation? What purpose do these application serve? Have they been used? Dates/times the application was used? What impact do these applications have on the investigation?

Additional Task Information
- Start early and plan ahead, you may need to spend some time experimenting with various tools. If a tool or method fails to result in a successful outcome you should still document this action in your running sheet.Each tool has its own strengths and limitations.
- Each report will be unique and presented in its own way.
- Scrutinise the marking key, and ask any questions you may have EARLY in the semester!
- Look for clues/hints in the investigation. Strategically placed clues/hints have been created in this fictitious case study to help you along the way.
- It is not expected that you find every piece of evidenceand nor do you have to. Furthermore, should there password protected or encrypted content - you do not necessarily have to break/decrypt it to successfully progress with the investigation.
- Remember to ensure the integrity of the image being investigated. You should continually demonstrate that you have maintained integrity throughout your investigation.
- Consider what you are trying to find and what you need to negate. The background information of this document, provides carefully developed clues.

Reference no: EM131692712

Questions Cloud

Evaluate the likelihood of traditional corporations : Evaluate the likelihood of traditional corporations using social responsibility as an effective competitive strategy
Probability that sample mean will fall in population mean : An economist wishes to estimate the average family income in a certain population. The population standard deviation is known to be $4,500, and the economist.
Discuss a secondary positive reinforcer : discussion post participation. Using your rubric, evaluate your own overall participation in the discussion forums during this course
Explain how decision style can effect on the decision : Explain how decision style can effect on the decision makers think and react to a problem
What is the value of the evidence to the investigation : Forensic Investigation Case Study - What is the value of the evidence to the investigation? What does each piece of evidence mean
What are the principles and techniques of debriefing : What are the principles and techniques of debriefing? Identify the global initiatives for improving international crisis intervention services?
Find the proportion of all mutual funds : Determine the probability that another random sample would lead to a sample proportion as low as or lower than the one obtained by the analyst.
Indicate the number of operands for instruction : Assign opcodes and indicate the number of operands for each instruction. When your instructions are stored in memory
Reflect on insights you had while creating the rubric : Reflect on insights you had while creating the rubric and while evaluating your own performance using the rubric

Reviews

len1692712

10/26/2017 8:02:03 AM

APA Referencing Style to be followed Images have to be downloaded: unit computer ,forensics assessments section. Have to find 16 Evidences from the Images & explain how the evidences were found (Have asked the client to share the Login Link) Use software autopsy for finding evidences

len1692712

10/26/2017 7:57:45 AM

The submission must be a Microsoft Word document.You are only submitting 1 document through blackboard.You do not need an ECU assignment cover sheet.Do not submit more than 1 document as these will not be assessed. Late submission If you submit your assignment after the due date, then you will be penalised in accordance with the standard ECU regulations of 5% of the maximum mark, for every work day that your assignment is late. If your assignment is submitted more than 5 days late, then you will be awarded a mark of 0 for the assignment.

len1692712

10/26/2017 7:57:21 AM

Marking Key CRITERIA MARK Evidence (20 marks) ‘Issues’ are adequately populated with appropriate evidence /8 Evidence is characterised (filenames, sector locations, file extensions, metadata, hashes, dates/times, allocation status etc.) /8 Evidence has beenexplainedand analysed appropriately /4 Method and Timeline (20 marks) Comprehensive running sheet with clearly defined aims, methods and results /8 Clear use of forensic process which is repeatable and reproducible /6 Accurate and professional timeline of evidence /6

Write a Review

Case Study Questions & Answers

  What led to starbucks challenges

How has Starbucks grown their business? What led to Starbucks' challenges? What mistakes did Starbucks make? How do you recommend Starbucks move forward? What needs to be done

  Students are reminded to read pages related to assessment

students are reminded to read pages related to assessment rules including rules for dishonest work in the bcs student

  Discuss the specific issue and secondary issues

Discuss specific issue and secondary issues, and explain how they relate. Explain your reasoning and support your analysis with research from journal articles.

  Identify the roles associated with an outsourcing proposal

Identify the business issues leading Schaeffer to consider outsourcing. Identify the specific risks and benefits to the proposed outsourcing proposal. Identify the roles and resources associated with an outsourcing proposal.

  Analyze information available to the miami police department

Analyze the information available to the Miami Police Department and the flow of information from California to Florida. Explain at least four ways that this information is shared between local and/or federal agencies.

  Commercial asset management

Develop students' knowledge in the law and practice of strategic asset, corporate real estate, commercial property and facilities management

  Implementing change in HR management - habitus case study

Implementing Change in HR Management coursework - Habitus case study. Type a brief email to Habitus outlining the current presenting problems as you see them to be included in your report

  What went wrong with the tufs investment

Should Northern have invested in TUFS? What went wrong with the TUFS investment and what can be done to prevent these problems in the future? What does Northern need to do to realize the benefits that were projected for TUFS?

  How teoco strategically responded to competitive environment

Discuss how TEOCO has strategically responded to its competitive environment and internal capabilities? What strengths and weaknesses do you perceive Jain's management style lends to TEOCO's overall effectiveness

  Case study - tom and the injured man on the roadside

Case Study: Tom and the injured man on the roadside. Assess Tom's chances of successfully defending this action for negligence on the basis of the Civil Liability Act 2002 (NSW), taking account of the rules of statutory interpretation and the relev..

  Write a paper about opening your new dunkin donuts locations

Write a paper about Case Study "Opening Your New Dunkin Donuts Locations". explain your chosen job design, organizational design, your recruiting strategy and methods, and your training.

  Should northern have invested in tufs

Discussion Questions - Should Northern have invested in TUFS"? What went wrong with the TUFS investment and what can be done to prevent these problems in the future

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd