User Account

All Pages

Write an investigation plan

Assignment Help Other Subject
Reference no: EM132305339 , Length: 10 pages

Mobile Investigations Transcript

Screen 1
You're the lead digital forensic investigator for the Glaxsom County Sheriff's Department. The department is handling a case where a local teenage girl has gone missing.

Screen 2
Sheriff Jamison informs you that the teen's iPhone was retrieved from the mother, but she does not have the passcode.

Screen 3
You also learn that the teen's mother logged into her daughter's Facebook account and saw some things that alarmed her. It seems that the teen had recently friended a man the family does not know, and the two had been engaging in flirtatious conversations over the past two weeks.

Screen 4
Lastly, Sheriff Jamison tells you that the Internet service provider has provided call logs for the teen's phone, after a search warrant for the information was served.

Screen 5
Sheriff Jamison:
"I need a report by the end of the week that details the current state of mobile incident response and investigation. You'll need an investigation plan, a forensic report based on processing the image from the phone, and an analysis of tools that I should prepare our department to use in cases like this. You're one of our lead investigators-I know you can do this."

In the steps that comprise this project, you will examine mobile investigative challenges,as well as the techniques and technologies available to perform mobile forensic examinations. First, familiarize yourself with the details of the case and the basics provided by the sheriff. Then, you will need to develop an investigation plan that describes the current state of mobile incident response and investigation. As you proceed through Project 4, you will get hands-on practice using the forensic tool MPE+ by AccessData and complete a forensic report. The next component will be a comparative analysis, in which you will describe the features of companion mobile phone forensic tools and recommend tools and techniques to use in the current investigation.The final component is a comprehensive forensic investigation report that will synthesize the investigation plan, forensic report, and comparative analysis.

Now that you know what's ahead of you, move on to the first step of the project.

Your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
• 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
• 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.
• 1.4: Tailor communications to the audience.
• 1.5: Use sentence structure appropriate to the task, message and audience.
• 1.6: Follow conventions of Standard Written English.
• 1.7: Create neat and professional looking documents appropriate for the project or presentation.
• 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
• 2.2: Locate and access sufficient information to investigate the issue or problem.
• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
• 2.4: Consider and analyze information in context to the issue or problem.
• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
• 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
• 4.4: Demonstrate diversity and inclusiveness in a team setting.
• 5.1: Demonstrate best practices in organizing a digital forensic investigation
• 5.3: Demonstrate the appropriate use of multiple digital forensic tools and techniques for imaging
• 5.4: Demonstrate an understanding of the different parts of a computer
• 5.5: Apply risk management principles to an investigation.
• 5.6: Use of multiple digital forensic tools and techniques for imaging
• 5.7: Use forensic tools and techniques to carry out an email investigation
• 6.1: Perform report creation, affidavit creation, and preparation to testify
• 6.2: Demonstrate ability to investigate mobile technology
• 6.3: Use forensic tools for investigation of multimedia technologies
• 6.4: Demonstrate the ability to gather file system evidence.
• 6.6: Perform malware analysis
• 6.7: Access encrypted data or process data and systems that have been subjected to anti-forensics techniques
• 6.9: Employ ethics throughout the forensic investigation process.
• 7.5: Evaluate encryption
• 7.7: Incorporate Geographic Information Systems into plans for conducting Digital Forensics on a network.
• 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court.
• 8.2: Incorporate international issues including culture and foreign language to plans for investigations.
• 9.1: Examine Data Storage and Transport Technologies
• 9.2: Evaluate Enterprise Architecture
• 9.3: Analyze File Systems
• 9.4: Utilize Hexadecimal and ASCII
• 9.5: Investigate Operating Systems
• 9.6: Evaluate Information Systems/Network Security

Step 1:Familiarize Yourself with the Case and Devise an Overall Plan
With a forensic investigation focused on an iPhone, you plan to undertake a series of steps to develop the report for Sheriff Jamison. You'll start with an investigation plan that describes the current state of mobile incident response and investigation. In this plan you will discuss the types of mobile phone technologies, challenges presented, and investigative techniques. The goal of this plan is to summarize the current landscape with mobile phone forensics, the guidelines for how examiners approach mobile phone evidence, the challenges posed by iPhones, limitations and constraints, and the expectations for forensic analysis of this device.

Next, you'll focus on analyzing a mobile phone image using AccessData's Mobile Phone Examiner Plus (MPE+). MPE+ is a forensics tool used to detect, collect and uncover data from iOS and Android mobile phones. As part of the AccessData suite, MPE+ integrates seamlessly with FTK, a leading tool used in digital forensic investigations. You'll use what you learned about MPE+ to complete a forensic report.

Then, you'll conduct a comparison analysis that scans the environment to evaluate, compare, and contrast three mobile phone forensic tools-companion tools to MPE-that could be used to address the concerns Sheriff Jamison identified in the case. This comparative analysis will culminate in your recommendation of a mobile phone forensic tool that best fits the needs of this investigation.

The final step is a comprehensive forensic investigation report to Sheriff Jamison that includes the investigation plan, as well as reports from the MPE+ investigation with your findings, the comparative tool analysis, and case overviews and conclusions.

Step 2: Write an Investigation Plan
As a preliminary step in the process, Sheriff Jamison asks you to write an investigation plan identifying how you, as the digital forensics investigator, can assist with the case by examining the missing girl's iPhone for footprints, and by providing a description of the considerations and mobile investigative challenges associated with mobile forensics and mobile platforms, including third party applications, security measures, communication interfaces, and sensors. As a reporting technique, this plan should include the following:
• where mobile phone data may be extracted from
• what types of mobile phone data might be present
• how mobile phone data can be retrieved from an iPhone
• how the data will be forensically preserved and analyzed
• mobile phone applications that may hold useful information to this case
• how the evidence will be handled in anticipation of court admissibility

Based on your experience and expertise, you know to include deep diving to locate deleted and locked data and timelines, as well as geographic information systems and Bring Your Own Device. As you prepare to scan for tools to use in this investigation, you outline the need to look at the phone (SIM/USIM), and any additional memory (SD/memory cards), for Call Logs, Text and SMS Messages, Call Logs, Text and Sms Messages, Contacts, Graphics, Web History, Location Information, Wi-Fi Connections call logs, text and SMS messages, contacts, graphics, web history, location information, Wi-Fi connections and application data. The goal of this plan is to summarize the current landscape with mobile phone forensics and mobile incident response and investigation, the guidelines for how examiners approach mobile phone evidence, the challenges posed by iPhones, limitations and constraints, and the expectations for forensic analysis of this device.

Construct an investigation plan that addresses the concerns listed above. An investigation plan would typically be four to six pages, not including images and references. Use APA format and submit your plan to Sheriff Jamison (your instructor) for review and feedback. You will include the investigation plan in your forensic investigation report. Now you are ready to begin your investigation!

Step 3: Process Mobile Phone Image and Prepare a Forensic Report
NOTE: (I WILL CONDUCT LAB, however you can touch on MPE+ platforms,you will describe and compare MPE+ to three other Mobile Phone Forensic tools.)

Now that you have an investigation plan, you are prepared to begin the analysis of the iPhone. You'll need to review some investigation instructions, then access the virtual lab to obtain the Mobile Phone Image; it is a subset of a full iPhone image. The mobile phone forensics tool that you will be using is MPE+ by AccessData. Features of MPE+ include data carving, deleted data recovery, application data extraction and analysis, SQLite database browsing, and filteringoptions. MPE+ is designed to run on PCs and provide examiners with analysis reports.

You open the case that contains the processed Mobile Phone Image, conduct the laboratory investigation, and prepare a forensic report. The forensic report should include screenshots and information on mobile phone data, including the following:
• the evidence handling and processing steps that you use
• responses to the questions (in the lab)
• screenshots and/or other forensic artifacts to support each response
• summary and other case documentation (e.g., tools used, version, and image hashes)
Prepare a forensic report based on the MPE+ template. You will include it in your forensic investigation report.
In the next step, you will describe and compare MPE+ to three other Mobile Phone Forensic tools.

Step 4: Write a Comparative Analysis Report on Digital Forensic Tools for Mobile Phone Forensics.

So far you constructed an investigation plan and analyzed the Mobile Phone Image from the missing girl's iPhone. In this step, you will complete a comparative analysis report, focused on the evaluation of three companion tools to MPE+ that could be used in the digital forensics investigation and analysis of a mobile phone.
In this report you will identify and explain three alternative mobile phone forensic tools for the analysis of mobile phones:
1. assess how the three mobile phone forensic tools compare to MPE+ and one another
2. assess how three mobile phone forensic tools differ from MPE+ and one another
3. summarize the similarities and differences in all four tools
The outcome will be a comprehensive identification and review of four (including MPE+) Mobile Phone forensic tools that Sheriff Jamison can use to select a tool for future investigations involving mobile phones. The structure of your analysis report should include the following:
• Introduction (clearly state the purpose of your analysis)
• Body
o Main idea statement
o Description of mobile phone forensic tools
o Evaluation of advantages and disadvantages of each tool
o Recommendation of a tool for future investigations
• Conclusion
• Appendices
• References
• Tables
A comparative analysis would typically be four to six pages, not including appendices and references. Use APA format. You will include the comparative analysis in your forensic investigation report.

Step 5: Submit Your Final Report
You have conducted an exhaustive analysis of the missing teen's iPhone. Sheriff Jamison is looking forward to seeing your forensic investigation report. It is time to synthesize the investigation plan, lab analysis with MPE+, and comparative analysis elements into a single, cohesive document that includes
• an introduction including the purpose of the report
• an incident summary
• your investigation plan
• all pieces of evidence and your findings from the forensic report
• your comparative analysis
• a conclusion
• supporting documentation
o screenshots from MPE+ lab
o references
o tables and graphics

The report summary/abstract should include an overview and a paragraph explaining your experience working through the case. Be sure to describe mobile investigative challenges and the techniques and technologies available to perform mobile forensic examinations.The report should flow easily from an introduction, which explains the reason for the report and investigation, to a conclusion, which summarizes the previous steps and supports recommendations for future investigations. Sign and date the final report, and initial and date each page. Make sure the report has your name, course number and section, and date.

Before you submit your assignment, review the competencies below. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
• 1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
• 1.2: Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation.
• 1.3: Provide sufficient, correctly cited support that substantiates the writer's ideas.
• 1.4: Tailor communications to the audience.
• 1.5: Use sentence structure appropriate to the task, message and audience.
• 1.6: Follow conventions of Standard Written English.
• 1.7: Create neat and professional looking documents appropriate for the project or presentation.
• 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
• 2.2: Locate and access sufficient information to investigate the issue or problem.
• 2.3: Evaluate the information in a logical and organized manner to determine its value and relevance to the problem.
• 2.4: Consider and analyze information in context to the issue or problem.
• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
• 4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
• 4.4: Demonstrate diversity and inclusiveness in a team setting.
• 5.1: Demonstrate best practices in organizing a digital forensic investigation
• 5.3: Demonstrate the appropriate use of multiple digital forensic tools and techniques for imaging
• 5.4: Demonstrate an understanding of the different parts of a computer
• 5.5: Apply risk management principles to an investigation.
• 5.6: Use of multiple digital forensic tools and techniques for imaging
• 5.7: Use forensic tools and techniques to carry out an email investigation
• 6.1: Perform report creation, affidavit creation, and preparation to testify
• 6.2: Demonstrate ability to investigate mobile technology
• 6.3: Use forensic tools for investigation of multimedia technologies
• 6.4: Demonstrate the ability to gather file system evidence.
• 6.6: Perform malware analysis
• 6.7: Access encrypted data or process data and systems that have been subjected to anti-forensics techniques
• 6.9: Employ ethics throughout the forensic investigation process.
• 7.5: Evaluate encryption
• 7.7: Incorporate Geographic Information Systems into plans for conducting Digital Forensics on a network.
• 8.1: Employ ethics when planning and conducting forensic investigations, and when testifying in court.
• 8.2: Incorporate international issues including culture and foreign language to plans for investigations.
• 9.1: Examine Data Storage and Transport Technologies
• 9.2: Evaluate Enterprise Architecture
• 9.3: Analyze File Systems
• 9.4: Utilize Hexadecimal and ASCII
• 9.5: Investigate Operating Systems
• 9.6: Evaluate Information Systems/Network Security

Attachment:- Project Details.rar

Reference no: EM132305339

Questions Cloud

Review problem-functionality of a jail versus prison : The main difference in the functionality of a jail versus prison for an inmate is the length of their sentence. Jails tend to keep prisoners for a much shorter.
Write a summary review of the important materials : n doing so, write a summary review of the important materials presented. Following APA format (title page, content pages, reference page), double spaced.
Should workers and refugees who have lived in a country : PSC 307: Should workers and refugees who have lived in a country for a long period of time eventually be transitioned from short term visas to a more long-term
What steps and actions might be taken by the communities : The Department of Homeland Security's 2014 Quadrennial Homeland Security Review identifies six strategic challenges (found on page 28 of this document).
Write an investigation plan : Develop coherent paragraphs or points so that each is internally unified and so that each functions as part of the whole document or presentation
How does cj roberts describe the changes : What argument does CJ Roberts make about the role of the Court in deciding too many issues involving public policy?
What is the history of right to work laws : What is the history of 'Right to Work' laws? Where did they come from? Who proposed them and why? Has their purpose or effect changed since original inception?
Develop a thesis statement pertaining to the assigned film : Identify three (3) scenes from the film that support your thesis statement. Briefly explain your choices of scenes and how the scenes specifically support.
What do you think about arbitration : What do you think about arbitration? Does it protect the interest of the litigants? What about the fact that the dominant party usually selects which person.

Reviews

len2305339

5/14/2019 3:28:59 AM

Attached is the assignment details, I have reference material with follow on attachments. If there's any questions please reach out. Thanks

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd