Digital Forensic Case Study: Investigating a Company Financial Fraud
Added on 2023-01-16
23 Pages3253 Words98 Views
4-10-2019
Contents
Abstract................................................................................................................................1
Introduction..........................................................................................................................1
Case Study Summary...........................................................................................................2
Computer and Forensic Tool Statistics................................................................................2
Investigation........................................................................................................................2
Conclusion and Future Work.............................................................................................21
Abstract
This report conducted during the assignment. The assignment we will work on a case
study, we will work digital case study software, that help gather evidence and deliver
facts .Any questions or concerns pertaining to the acquisition of the evidence can be
found in his/her report.
Introduction
In this project we will work on forensic tools . These tools are Autospy and TrID for
case analysis. In this report we work on case study of a company financial fraud The
report kicks off with a brief description of what this technique of digital forensics is all
about and why is it required in modern data-centric and digital era. Further, it other
evidences could be used to inspect and examine a reported wrongdoing.
Abstract................................................................................................................................1
Introduction..........................................................................................................................1
Case Study Summary...........................................................................................................2
Computer and Forensic Tool Statistics................................................................................2
Investigation........................................................................................................................2
Conclusion and Future Work.............................................................................................21
Abstract
This report conducted during the assignment. The assignment we will work on a case
study, we will work digital case study software, that help gather evidence and deliver
facts .Any questions or concerns pertaining to the acquisition of the evidence can be
found in his/her report.
Introduction
In this project we will work on forensic tools . These tools are Autospy and TrID for
case analysis. In this report we work on case study of a company financial fraud The
report kicks off with a brief description of what this technique of digital forensics is all
about and why is it required in modern data-centric and digital era. Further, it other
evidences could be used to inspect and examine a reported wrongdoing.
Case Study Summary
Mcme Industries’ Monika is being investigated under the fear that he may be offering
proprietary company information to a competitor in exchange for a job.
Computer and Forensic Tool Statistics
The computer was removed from its position in MCME Industries at 4/4/19 9:29:03 PM
where it was carted out to a nearby secure forensics facility. Once settled at the forensics
lab the hard drive was imaged to begin the research and testing. The image of the hard
drive was tested using the program EnCase Forensic Edition Version 4.17b by Guidance
Software. This program has been proven in the court of law to provide valid and accurate
results when scanning and analyzing a system. We use TrID and autopsy software for
forensic digital analysis
Investigation
The following was the procedure that I took to extract what data I found to be relevant to
the case.
I created a new case called Case Study. I added to this case the already captured image
file (C:\forensicsfile\winlabencase.image) by going to File Add Device, clicking
sessions, and clicking on add evidence file.
With the case loaded I immediately set the time zone by right clicking on the image
Modify Time Zone. From the following screen I selected the time zone that I was
working in. This is done to adjust the evidence to all correlate in the same time zone.
Mcme Industries’ Monika is being investigated under the fear that he may be offering
proprietary company information to a competitor in exchange for a job.
Computer and Forensic Tool Statistics
The computer was removed from its position in MCME Industries at 4/4/19 9:29:03 PM
where it was carted out to a nearby secure forensics facility. Once settled at the forensics
lab the hard drive was imaged to begin the research and testing. The image of the hard
drive was tested using the program EnCase Forensic Edition Version 4.17b by Guidance
Software. This program has been proven in the court of law to provide valid and accurate
results when scanning and analyzing a system. We use TrID and autopsy software for
forensic digital analysis
Investigation
The following was the procedure that I took to extract what data I found to be relevant to
the case.
I created a new case called Case Study. I added to this case the already captured image
file (C:\forensicsfile\winlabencase.image) by going to File Add Device, clicking
sessions, and clicking on add evidence file.
With the case loaded I immediately set the time zone by right clicking on the image
Modify Time Zone. From the following screen I selected the time zone that I was
working in. This is done to adjust the evidence to all correlate in the same time zone.
The next step was to recover any hidden or deleted folders on the system. Doing this step
now would allow my searches to be more complete in the future and determine if there
were any actions taken to hide or destroy evidence. In order to do this I right clicked on
the image Recover Folders.
I ran a script next to determine the specifications about the computer because I had not
been the one to create the image from the suspect machine. The script comes preloaded
into EnCase V4. I went to View Scripts and selected the Initialize Case script which
prompted me to enter information of the investigator and person conducting the
examination. Once the information was entered the script asks where I would like the
data saved. I chose to add it to the bookmark section under the folder Encase Computer
Analysis Report. I also needed to check which information I would want present. I
chose to display the Windows version and registration, time zone settings, network
information, user information, and last shutdown time. The report generated can be
found on the following page. The important information pulled from the report is that the
machine is running a FAT16 file system with Windows 10. The total capacity of the
partition is only 22MB. Now that this information has been discovered I can begin my
investigation. For this case study we use Autopsy software . The autopsy software uses
two images for compare ; these are store before and after case study. The step are given
bellow
Autopsy software is provide gui interface .
Data Carving techniques.
now would allow my searches to be more complete in the future and determine if there
were any actions taken to hide or destroy evidence. In order to do this I right clicked on
the image Recover Folders.
I ran a script next to determine the specifications about the computer because I had not
been the one to create the image from the suspect machine. The script comes preloaded
into EnCase V4. I went to View Scripts and selected the Initialize Case script which
prompted me to enter information of the investigator and person conducting the
examination. Once the information was entered the script asks where I would like the
data saved. I chose to add it to the bookmark section under the folder Encase Computer
Analysis Report. I also needed to check which information I would want present. I
chose to display the Windows version and registration, time zone settings, network
information, user information, and last shutdown time. The report generated can be
found on the following page. The important information pulled from the report is that the
machine is running a FAT16 file system with Windows 10. The total capacity of the
partition is only 22MB. Now that this information has been discovered I can begin my
investigation. For this case study we use Autopsy software . The autopsy software uses
two images for compare ; these are store before and after case study. The step are given
bellow
Autopsy software is provide gui interface .
Data Carving techniques.
We Import two dd image files extracted from bz2 files to Autopsy and run ‘Ingest
Module’‘PhotoRec Carver.'.
Module’‘PhotoRec Carver.'.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Digital Forensic Case Study Analysis and Findingslg...
|19
|1141
|55
Digital Forensic Analysis Reportlg...
|11
|2371
|86
Digital Forensics Discussion 2022lg...
|4
|752
|23
Computer Forensics: Investigation, Resources, and Toolslg...
|57
|7403
|287
SANS SIFT Tools: Forensic Analysis on Windows and Linux Systemslg...
|13
|851
|96
Digital Forensics Report for EMTS Organizationlg...
|28
|2503
|371