Detailed Assignment Description for Forensic Report #2
The purpose of this assignment is to determine if you can
CMIT 424 Forensic Report #2Scenario
James Randell, president and owner of Practical Applied Gaming Solutions, Inc. (PAGS), contacted you to request additional assistance in handling a sensitive matter regarding the unexpected resignation of a senior employee of his company. In your previous investigation, you learned that Mr. Randell had become concerned about an employee’s resignation after receiving a report that Mr. George Dean (also known as Jeorge Dean), the company’s Assistant Chief Security Officer, left a voice mail tendering his resignation effective immediately.
After agreeing to accept this case, you met face to face with Mr. Randell and Mr. Singh at the PAGS offices in Rockville, MD. At that meeting you executed (signed) an investigation agreement (contract) and received a sealed envelope from Mr. Singh which contain a USB drive. The original copy of Mr. Dean’s signed employment agreement was provided for your inspection by Mr. Singh but you were not allowed to take a copy with you.
During your meeting with the client, Mr. Randell, and the head of HR, Mr. Singh, youalso learned that:
Your contract with PAGS directs that you examine the contents of the entire USB drive and then prepare a report. The client wants to know if there is any indication of any activities by any persons which would violate the company’s employment agreement (see item #2 above). In addition to your report, you are also required to provide copies of files and information of forensic interest which were recovered by you from the USB drive.
Notes for the Student:
Acquisition / Forensic Imaging Report (USB)
Forensically sterile media was created using Sumuri Paladin and then used for the imaging operation as the target media. The sterile state was verified using DCFLDD’s verify file command (sudodcflddvf=/dev/sdx pattern=00 where sdx is the drive designator for the USB).
Imaging operation was performed using FTK Imager.
Note: for your forensic report, you must determine whether or not you will report the imaging operation as onsite or in-lab. In both cases, your chain of custody should show transfer of a USB containing the evidence from the PAGS premises to your forensic lab location. If you perform the imaging operation onsite, you will report that you immediately returned the original media (USB from sealed envelope) to Mr. Singh.
Created ByAccessData® FTK® Imager 188.8.131.52
Acquired using: ADI184.108.40.206
Case Number: PAGS03
Evidence Number: PAGS03
Unique description: vmdk
Information for C:\CMIT424\PAGS03\PAGS03_12162014:
Physical Evidentiary Item (Source) Information:
Source Type: Physical
Bytes per Sector: 512
Sector Count: 20,971,520
Image Type: Raw (dd)
Source data size: 10240 MB
Sector count: 20971520
MD5 checksum: f311a2152887024bdd0b9155b94c4db6
SHA1 checksum: af6c44766b188ece5ff5d91677e8adf11168a61e
Acquisition started: Tue Dec 16 17:08:13 2014
Acquisition finished: Tue Dec 16 17:13:42 2014
Image Verification Results:
Verification started: Tue Dec 16 17:13:44 2014
Verification finished: Tue Dec 16 17:15:52 2014
MD5 checksum: f311a2152887024bdd0b9155b94c4db6 : verified
SHA1 checksum: af6c44766b188ece5ff5d91677e8adf11168a61e : verified
Examination of the Evidence (Procedure) for Forensic Report #2
Before You Begin:
Note: the Delivery Package Inventory lists the files the examiner has created and is delivering to the client. It is NOT a listing of the evidence files.
Utilize the reporting features of the forensic applications (example: bookmarks) but bear in mind that automated reports do not replace the final forensic report. Use this information, however, to enhance your report in the form of addendums or by inserting relevant information into the report template to illustrate/justify your findings.
Grading Information for Forensic Report #2
The rubric for this assignment is attached to the assignment folder entry. The information below provides additional information about content and format requirements. This assignment is graded on a 100 point basis and is worth 15% of the final course grade.
Comprehensive forensic reports are written in narrative format. You should use a professional layout for your pages. APA style compliance is not required but, you may find that the APA formatting guidelines are appropriate and provide a professional appearance for fonts, margins, sections, paragraphs, etc.
Outline / Required Content Items:
The paragraph below each item lists the full performance or “A” level requirements for that item.
Provided an overview section that contains an excellent summary of the case. The overview appropriately used information from the scenario. Clearly identified and accurately phrased the case questions.
Provided an excellent summary of the examiner’s findings at or near the beginning of the report. Clearly and accurately summarized the findings related to each case question. Provided clear and concise answers to the case questions.
Demonstrated excellence in the handling, management, and documentation of the case. Submission included evidence tagging/labeling, transfer of evidence between the client and the examiner, full provenance of the evidence (as known to the examiner), chain of custody documentation, delivery package inventory, transmittal letter, and hand receipts.
Provided an excellent, thorough report detailing the conduct of a client interview and all information obtained through direct questions of the individuals who were involved or had knowledge of the incident or evidence. Correctly executed and reported upon the onsite examination (if any). Reporting includes properly labeled pictures or images of the site and all evidence.
Report correctly explains how the forensic duplicates of the original evidence were created (or explains how this would have been done in cases where an E01 file was provided for the examination). The report includes an appendix which provides an understandable policy which governs the acquisition and forensic imaging of evidence. The policy includes requirements for wiping media (forensic sterilization) prior to use for duplication.
Report provides an excellent (correct and thorough) explanation of how the examiner analyzed the structure of the physical and logical media. Provides pictures, measurements, and descriptions of the physical media. Provides a logical analysis which includes partition types, file system types, partition names. Analysis included MBR or BPB or VBR, partitioning, root directory structure, and evidence of wiping / formatting (if any). Provides information about file systems contained within partitions (name, type, etc.).
Conducted and reported upon a thorough and procedurally correct examination of active and deleted files and folders in all partitions. Identifies, recovers, and presents important files which provide answers to case questions or otherwise support the examiner’s findings. Examination report includes discussion of findings related to the following:
Conducted and reported upon a thorough and procedurally correct examination of the media which included recovery of files and contents thereof through file carving, password recovery, locating and recovering hidden messages or hidden information. Conducted appropriate keyword searches and reported upon both positive and negative results for all of the above.
Demonstrates excellence in compliance with ethical and procedural requirements for the conduct of forensics examinations. Report package includes correct and appropriate statements showing ethical use of software and hardware (licensing / authorized use / anti-virus protection). Provided 3 or more policy statements regarding compliance with standard practices, e.g. wiping media, evidence tagging, transfer of evidence, etc. Provided a glossary and bibliography. Provided a brief resume showing examiner’s experience and credentials.
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.No formatting, grammar, spelling, or punctuation errors. Appropriately uses footnotes or end notes (or other form of citations).
Our motto is deliver assignment on Time. Our Expert writers deliver quality assignments to the students.
Get reliable and unique assignments by using our 100% plagiarism-free.
Get connected 24*7 with our Live Chat support executives to receive instant solutions for your assignment.
Get Help with all the subjects like: Programming, Accounting, Finance, Engineering, Law and Marketing.
Get premium service at a pocket-friendly rate at AssignmentHippo
I was struggling so hard to complete my marketing assignment on brand development when I decided to finally reach to the experts of this portal. They certainly deliver perfect consistency and the desired format. The content prepared by the experts of this platform was simply amazing. I definitely owe my grades to them.