Digital Forensics: Steps Taken as an Expert Forensic Examiner
VerifiedAdded on 2023/06/15
|14
|4268
|500
AI Summary
This article discusses the steps taken by an expert forensic examiner in a digital forensics investigation. It includes advice to the CEO, an interview process, and formal interim letter of findings. The investigation involves collecting evidence such as a desktop, mobile phone, USB drive, CDs, email logs, internet traffic logs, and printer logs. The article also recommends upgrading the data security of the company.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: DIGITAL FORENSICS
Digital Forensics
Name of the Student
Name of the University
Author Note
Digital Forensics
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1DIGITAL FORENSICS
Question 1: Steps taken as an expert forensic examiner
Advice to the CEO
I would advise the CEO Mr. Sanchez to restrict any access to the USB memory stick, the
CDs and the mobile phone that was collected from the Mr. Smith’s Desk area. These steps are
necessary to safeguard the evidence against any external threats (Taylor, Fritsch and Liederbach
2014). Any alteration to the data would be disastrous for the investigation. The CEO suspects
that the USB memory stick contains confidential data stolen from the company. The CDs may or
may not be relevant to the case at all. However, I would rather examine every evidence than
ignore critical information. Therefore, I would request Mr. Sanchez to keep all the evidence that
he has gathered in a secure place and not tamper with them. This step is crucial for holding the
evidence credible in court (Grimm, Capra and Joseph 2017). Otherwise if the evidence is found
to be tampered with at any phase of the investigation, the culprit will get away and we would not
be able to prove his guilt (Mauet. and Wolfson 2015). Investigations of any criminal activity
often creates a struggle for cooperation from the employees (Boddy 2014). Thus, I would
strongly recommend the active participation of the CEO and the senior executives to aid in
achieving full co-operation from the employees of the company. On hearing that the server is
kept in an open cabinet, I immediately requested Mr. Sanchez to lock the cabinet to the Titanic01
server. The data stored on the server is of utmost importance for the investigation as the email
logs and the internet activity logs are stored on that server. Mr. Smith’s workstation must be kept
powered on. This would keep all the current computer processes active until I arrive. The
printers should not be switched off however they must be prevented from unauthorized printing
of any confidential document by Mr. Burman or any other associate of Mr. Smith who have not
surfaced yet. I would also request Mr. Sanchez to provide me with the email logs. Any
Question 1: Steps taken as an expert forensic examiner
Advice to the CEO
I would advise the CEO Mr. Sanchez to restrict any access to the USB memory stick, the
CDs and the mobile phone that was collected from the Mr. Smith’s Desk area. These steps are
necessary to safeguard the evidence against any external threats (Taylor, Fritsch and Liederbach
2014). Any alteration to the data would be disastrous for the investigation. The CEO suspects
that the USB memory stick contains confidential data stolen from the company. The CDs may or
may not be relevant to the case at all. However, I would rather examine every evidence than
ignore critical information. Therefore, I would request Mr. Sanchez to keep all the evidence that
he has gathered in a secure place and not tamper with them. This step is crucial for holding the
evidence credible in court (Grimm, Capra and Joseph 2017). Otherwise if the evidence is found
to be tampered with at any phase of the investigation, the culprit will get away and we would not
be able to prove his guilt (Mauet. and Wolfson 2015). Investigations of any criminal activity
often creates a struggle for cooperation from the employees (Boddy 2014). Thus, I would
strongly recommend the active participation of the CEO and the senior executives to aid in
achieving full co-operation from the employees of the company. On hearing that the server is
kept in an open cabinet, I immediately requested Mr. Sanchez to lock the cabinet to the Titanic01
server. The data stored on the server is of utmost importance for the investigation as the email
logs and the internet activity logs are stored on that server. Mr. Smith’s workstation must be kept
powered on. This would keep all the current computer processes active until I arrive. The
printers should not be switched off however they must be prevented from unauthorized printing
of any confidential document by Mr. Burman or any other associate of Mr. Smith who have not
surfaced yet. I would also request Mr. Sanchez to provide me with the email logs. Any
2DIGITAL FORENSICS
investigation on digital forensics must be kept a secret for as long as possible to preserve the
data, which otherwise might be deleted by the associates of the culprit (Scheindlin 2016). I
would also require some oral evidence through the interview process (Graham et al. 2016). Thus.
I would request the CEO to arrange for interviews with himself, an HR personnel and an IT
personnel. It must be made clear that the agenda for the interview is for evidence collection only.
They can even have the presence of a third party during the interview. I would also advice Mr.
Sanchez to thoroughly search Mr. Burman for any storage devices before escorting him out of
the premises for the gardening leave. Mr. Sanchez should also inform the appropriate law
authorities about the incidents of a possible data theft. This is step is vital as the culprits must be
prosecuted in the event of that any confidential data was stolen from the company (Shastri and
Sharma 2016)
The Interview
I would interview the CEO, the HR representative and the member of the IT staff
separately at first to gather oral evidence. Then I would conduct another interview with the three
of them together to identify and record any missing information.
There are several questions that I would like to ask the CEO, Mr. Sanchez. My first
question would be aimed at understanding the relationship between Mr. Smith and Mr. Sanchez.
From the scenario elaboration by Mr. Sanchez, it is evident that they were very close and even
shared professional secrets. The point of suspicion was not entirely baseless. Therefore, I would
refresh the scenario as accounted by Mr. Sanchez. This would help to identify and additional
information that may have been overlooked by Mr. Sanchez during the phone call. During the
experience recall, I would ask about his encounters with Mr. Smith and Mr. Burman. I would
also ask about his thought process that led him to think that they might have stolen data from the
investigation on digital forensics must be kept a secret for as long as possible to preserve the
data, which otherwise might be deleted by the associates of the culprit (Scheindlin 2016). I
would also require some oral evidence through the interview process (Graham et al. 2016). Thus.
I would request the CEO to arrange for interviews with himself, an HR personnel and an IT
personnel. It must be made clear that the agenda for the interview is for evidence collection only.
They can even have the presence of a third party during the interview. I would also advice Mr.
Sanchez to thoroughly search Mr. Burman for any storage devices before escorting him out of
the premises for the gardening leave. Mr. Sanchez should also inform the appropriate law
authorities about the incidents of a possible data theft. This is step is vital as the culprits must be
prosecuted in the event of that any confidential data was stolen from the company (Shastri and
Sharma 2016)
The Interview
I would interview the CEO, the HR representative and the member of the IT staff
separately at first to gather oral evidence. Then I would conduct another interview with the three
of them together to identify and record any missing information.
There are several questions that I would like to ask the CEO, Mr. Sanchez. My first
question would be aimed at understanding the relationship between Mr. Smith and Mr. Sanchez.
From the scenario elaboration by Mr. Sanchez, it is evident that they were very close and even
shared professional secrets. The point of suspicion was not entirely baseless. Therefore, I would
refresh the scenario as accounted by Mr. Sanchez. This would help to identify and additional
information that may have been overlooked by Mr. Sanchez during the phone call. During the
experience recall, I would ask about his encounters with Mr. Smith and Mr. Burman. I would
also ask about his thought process that led him to think that they might have stolen data from the
3DIGITAL FORENSICS
company. Smith did not hesitate to tell Mr. Sanchez about his endeavours after leaving the
company that is what creates confusion in the interview process. Even what is more confusing is
that he left the USB memory drive containing the list of the clients in his office. An employee
would know that he would be put on gardening leave as soon as he hands in the letter of
resignation. However, he handed his letter of resignation without clearing his desk area of any
evidence that showed his theft of data. I would then move on to question him about the research
that he has conducted on Mr, Smith and Mr. Burman’s new company and the level of threat that
Mr. Sanchez predicts if they successfully launch their company. This step is to ensure that Mr.
Sanchez had no influence over the evidence. This is relevant for the investigation as an
investigator must cover all perspectives and not fixate on a single person who may or may not be
a culprit.
The next round of interview is with the HR Director of Needful Things Ltd, Mr. Gilberto
Moody. The purpose of this interview would be to understand the attitude of the employees
towards upholding the interests of the company. The questions in this interview would address,
identify and analyze the steps taken by the human resource department to restrict the free flow of
information among the different levels of employee present within the organization. The next set
of questions that I would ask would pertain to the steps that were taken by the HR department to
create awareness among the employees about IT security and the consequences of stealing data
from the company. Most companies often fire the employees who indulge in such practices.
However, it is the responsibility of the HR department to impose rules that would compel the
company to undertake stricter actions in case of such theft.
The agenda of this interview to understand the attitude of Needful Things Ltd towards
data security as this situation has risen due to the lack of IT security in the company. I conducted
company. Smith did not hesitate to tell Mr. Sanchez about his endeavours after leaving the
company that is what creates confusion in the interview process. Even what is more confusing is
that he left the USB memory drive containing the list of the clients in his office. An employee
would know that he would be put on gardening leave as soon as he hands in the letter of
resignation. However, he handed his letter of resignation without clearing his desk area of any
evidence that showed his theft of data. I would then move on to question him about the research
that he has conducted on Mr, Smith and Mr. Burman’s new company and the level of threat that
Mr. Sanchez predicts if they successfully launch their company. This step is to ensure that Mr.
Sanchez had no influence over the evidence. This is relevant for the investigation as an
investigator must cover all perspectives and not fixate on a single person who may or may not be
a culprit.
The next round of interview is with the HR Director of Needful Things Ltd, Mr. Gilberto
Moody. The purpose of this interview would be to understand the attitude of the employees
towards upholding the interests of the company. The questions in this interview would address,
identify and analyze the steps taken by the human resource department to restrict the free flow of
information among the different levels of employee present within the organization. The next set
of questions that I would ask would pertain to the steps that were taken by the HR department to
create awareness among the employees about IT security and the consequences of stealing data
from the company. Most companies often fire the employees who indulge in such practices.
However, it is the responsibility of the HR department to impose rules that would compel the
company to undertake stricter actions in case of such theft.
The agenda of this interview to understand the attitude of Needful Things Ltd towards
data security as this situation has risen due to the lack of IT security in the company. I conducted
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4DIGITAL FORENSICS
this interview with the Head of the IT department, Mr. Brett Jensen in the presence of his lawyer,
Ms. Tina Perez. The presence of a lawyer had greatly limited the amount of questions that I
could ask Mr. Jensen. Thus, to start off slowly, I started the interview by asking him about the
desktop configurations that is used at the company, the frequency at which the software is
updated, the reasons behind not implementing any strict IT policies. Then I started asking about
the flaws in the IT security and the lack of any activities that would boost IT security. I
questioned about the open cabinet of Titanic01 and the reason for not locking it physically. My
next question is to understand the reason behind using the same server for storing client
contracts, email logs, internet traffic logs and printer logs. Keeping all the information in the
same place poses a very risk towards the loss of data if the server fails. Anyone of the employees
can access the server with the intention of wiping the data stored in the server. The next
questions that I would ask is related to the lack of restrictions for USB device usage along with
the lack of firewall restrictions. Employees accessing the internet and using their USB devices
unrestricted are prone to cause detriment to the interests of the company (Neugschwandtner,
Beitler and Kurmus 2016). I was informed that Mr. Smith was against the IT security measures.
Therefore, my next question would be to understand that why the management was not officially
informed about this aspect of Mr. Smith.
Investigation, Action and Recommendations
I was presented with the desktop and mobile phone of Mr. Smith. The desktop and the
mobile phone were switched on. Thus, I proceeded to take their photographs to keep proof of the
devices that I was about to investigate (Tun et al. 2016). I also took photographs of the USB
drive and the CDs that were found on Mr. Smith’s desk to preserve the chain of evidence. The
excel and the word files present on the desktop and the USB drives were password protected
this interview with the Head of the IT department, Mr. Brett Jensen in the presence of his lawyer,
Ms. Tina Perez. The presence of a lawyer had greatly limited the amount of questions that I
could ask Mr. Jensen. Thus, to start off slowly, I started the interview by asking him about the
desktop configurations that is used at the company, the frequency at which the software is
updated, the reasons behind not implementing any strict IT policies. Then I started asking about
the flaws in the IT security and the lack of any activities that would boost IT security. I
questioned about the open cabinet of Titanic01 and the reason for not locking it physically. My
next question is to understand the reason behind using the same server for storing client
contracts, email logs, internet traffic logs and printer logs. Keeping all the information in the
same place poses a very risk towards the loss of data if the server fails. Anyone of the employees
can access the server with the intention of wiping the data stored in the server. The next
questions that I would ask is related to the lack of restrictions for USB device usage along with
the lack of firewall restrictions. Employees accessing the internet and using their USB devices
unrestricted are prone to cause detriment to the interests of the company (Neugschwandtner,
Beitler and Kurmus 2016). I was informed that Mr. Smith was against the IT security measures.
Therefore, my next question would be to understand that why the management was not officially
informed about this aspect of Mr. Smith.
Investigation, Action and Recommendations
I was presented with the desktop and mobile phone of Mr. Smith. The desktop and the
mobile phone were switched on. Thus, I proceeded to take their photographs to keep proof of the
devices that I was about to investigate (Tun et al. 2016). I also took photographs of the USB
drive and the CDs that were found on Mr. Smith’s desk to preserve the chain of evidence. The
excel and the word files present on the desktop and the USB drives were password protected
5DIGITAL FORENSICS
(Prayudi, Ashari and Priyambodo 2014). I need to make image copies of the desktop’s hard disk
and the USB drive before I can work on cracking the passwords of the files to uncover more
evidence (Hitchcock, Le-Khac and Scanlon 2016). I took screen shots of the ongoing processes
on the desktop. Only the default system processes were running at that time. I thoroughly
checked for any destructive programs that might corrupt the system on unauthorized boot up
(Stevens 2015). This process took a lot of time as there are many programs that remain hidden
from view and only activate when the sufficient requirements are met. After confirming the
absence of such programs, I disassembled the desktop. This step did not take much time as the
desktop was a standard one. I noted down the serial numbers printed on the individual computer
parts after taking their photographs (Prayudi, Ashari and Priyambodo 2018). There was a total of
seven parts that includes monitor, CPU cabinet, motherboard, RAM, hard disk, keyboard and
mouse. The CDs were unreadable and thus I would require the software available at my lab to
make them readable. I noted the USB drive and the CDs before packing them up as evidence.
Mr. Sanchez accessed the desktop and the USB drive before I arrived at the scene. Thus, to
establish the chain of custody, I formally transferred the evidence from him to me (Prayudi and
Sn 2015). This step was necessary as it would enable the prosecutor to present the evidence in
the court without getting dismissed. I documented every piece of evidence collected from the
company (Gilani, Kozak and Innes 2017). The evidence that I collected included one desktop,
one mobile phone, one USB thumb drive, three CDs, email logs, printer logs, Internet traffic
logs, VoIP call logs and one year of Vodafone bills. The email logs can be investigated for
analyzing the emails that were exchanged between Mr. Smith and Mr. Burman. Emails between
other entities can also be investigated to identify any other accomplices. Digital evidence often
fails to hold in court due to improper evidence handling. The VoIP call logs and the logs
(Prayudi, Ashari and Priyambodo 2014). I need to make image copies of the desktop’s hard disk
and the USB drive before I can work on cracking the passwords of the files to uncover more
evidence (Hitchcock, Le-Khac and Scanlon 2016). I took screen shots of the ongoing processes
on the desktop. Only the default system processes were running at that time. I thoroughly
checked for any destructive programs that might corrupt the system on unauthorized boot up
(Stevens 2015). This process took a lot of time as there are many programs that remain hidden
from view and only activate when the sufficient requirements are met. After confirming the
absence of such programs, I disassembled the desktop. This step did not take much time as the
desktop was a standard one. I noted down the serial numbers printed on the individual computer
parts after taking their photographs (Prayudi, Ashari and Priyambodo 2018). There was a total of
seven parts that includes monitor, CPU cabinet, motherboard, RAM, hard disk, keyboard and
mouse. The CDs were unreadable and thus I would require the software available at my lab to
make them readable. I noted the USB drive and the CDs before packing them up as evidence.
Mr. Sanchez accessed the desktop and the USB drive before I arrived at the scene. Thus, to
establish the chain of custody, I formally transferred the evidence from him to me (Prayudi and
Sn 2015). This step was necessary as it would enable the prosecutor to present the evidence in
the court without getting dismissed. I documented every piece of evidence collected from the
company (Gilani, Kozak and Innes 2017). The evidence that I collected included one desktop,
one mobile phone, one USB thumb drive, three CDs, email logs, printer logs, Internet traffic
logs, VoIP call logs and one year of Vodafone bills. The email logs can be investigated for
analyzing the emails that were exchanged between Mr. Smith and Mr. Burman. Emails between
other entities can also be investigated to identify any other accomplices. Digital evidence often
fails to hold in court due to improper evidence handling. The VoIP call logs and the logs
6DIGITAL FORENSICS
obtained from the mobile phone bill can be analyzed to firmly demonstrate the connection
between Mr. Smith and Mr. Burman. The bill is paid by the company and thus giving the
permission to analyzing it falls completely within the jurisdiction of the company. Digital
evidence often becomes inadmissible in court as the opposing prosecutor might label them as
tampered (Curry 2015). To prevent such an event from happening in this case, I would keep the
evidence under my custody for only three days and then transfer them to the law enforcements
for safe keeping. During this time, I would make image copies of the data and create a clone of
the confiscated mobile phone. Any investigation must be executed on these copies.
There are mainly two recommendations that I would provide Mr. Sanchez I would
recommend the CEO to keep the investigation as low profile as possible. The presence of more
accomplices of Mr. Smith must not be disregarded. Therefore, if the accomplices hear of the
news of the investigations, then it would be difficult to track them inside the company. Some of
the employees might leak the information to the media thus Mr. Sanchez must prevent these
situation by maintaining a tight lid on the information. This is to prevent media coverage, which
basically arises because of employees talking to the media (Jewkes 2015). Media coverage of
this situation would not only adversely affect the reputation of the company, it will also advertise
the lack of data security at Needful Things Ltd. to outside attackers (McCombs 2014). My next
recommendation would be aimed at upgrading the data security of the company. My
investigation has revealed that data theft took place as no proper security regulations was
implemented. Separate servers can be used for storing company data and for storing the different
logs. The server cabinet must be kept locked to prevent any authorized access to the storage
space. Firewall must be used to block any Internet traffic that is not required for the operations of
the company.
obtained from the mobile phone bill can be analyzed to firmly demonstrate the connection
between Mr. Smith and Mr. Burman. The bill is paid by the company and thus giving the
permission to analyzing it falls completely within the jurisdiction of the company. Digital
evidence often becomes inadmissible in court as the opposing prosecutor might label them as
tampered (Curry 2015). To prevent such an event from happening in this case, I would keep the
evidence under my custody for only three days and then transfer them to the law enforcements
for safe keeping. During this time, I would make image copies of the data and create a clone of
the confiscated mobile phone. Any investigation must be executed on these copies.
There are mainly two recommendations that I would provide Mr. Sanchez I would
recommend the CEO to keep the investigation as low profile as possible. The presence of more
accomplices of Mr. Smith must not be disregarded. Therefore, if the accomplices hear of the
news of the investigations, then it would be difficult to track them inside the company. Some of
the employees might leak the information to the media thus Mr. Sanchez must prevent these
situation by maintaining a tight lid on the information. This is to prevent media coverage, which
basically arises because of employees talking to the media (Jewkes 2015). Media coverage of
this situation would not only adversely affect the reputation of the company, it will also advertise
the lack of data security at Needful Things Ltd. to outside attackers (McCombs 2014). My next
recommendation would be aimed at upgrading the data security of the company. My
investigation has revealed that data theft took place as no proper security regulations was
implemented. Separate servers can be used for storing company data and for storing the different
logs. The server cabinet must be kept locked to prevent any authorized access to the storage
space. Firewall must be used to block any Internet traffic that is not required for the operations of
the company.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7DIGITAL FORENSICS
8DIGITAL FORENSICS
Question 2: Formal Interim Letter of Findings
Among the evidence that I collected from Needful Things Ltd., there was a desktop, a
mobile phone, a USB drive, three CDs, email logs, Internet traffic logs and printer logs. I
generated image copies of the evidence to prevent any damage to the original evidence. This step
is essential as digital evidence can be easily in admissible in court of any signs of damage or
alteration is observed (Fiorino, Gavoille and Padovano 2015). Therefore, I used these image
copies for my investigation (Dang-Nguyen et al. 2015). The mobile phone must be cloned before
I can investigate its contents. However, as the mobile did not belong to the company, I had to
wait for sufficient permission from the respective authorities who would give me approval for
cloning the phone. Without proper approval, any incriminating evidence gathered from the phone
would not be admissible in court. The call logs, the phone book and different media file can be
extracted from the phones (Cahyani et al. 2017). This data can be used to confirm the alleged
connection between Mr. Smith and Mr. Burman. The phone book cannot be used in court as a
person can have a colleague’s phone number in his contact list however the frequency of contact
between them would prove to be useful. Text messages stored in the phone can also be extracted
to investigate and analyze the different text messages that were sent and received by Mr. Smith.
Incriminating evidence can present itself from anywhere and thus the sources must be properly
investigated. I would keep the evidence under my custody for three days and then hand them
over to the respective authorities after the imaging and the cloning process is completed. The
hard disk and the USB drive contains different types of data such as document, spreadsheet,
music, videos and system. Among all these data types, the ones that were password protected
were the excel and the document files. I intend to use different password cracking software to
unlock those files. The data to obtained from the document and the excel files are very
Question 2: Formal Interim Letter of Findings
Among the evidence that I collected from Needful Things Ltd., there was a desktop, a
mobile phone, a USB drive, three CDs, email logs, Internet traffic logs and printer logs. I
generated image copies of the evidence to prevent any damage to the original evidence. This step
is essential as digital evidence can be easily in admissible in court of any signs of damage or
alteration is observed (Fiorino, Gavoille and Padovano 2015). Therefore, I used these image
copies for my investigation (Dang-Nguyen et al. 2015). The mobile phone must be cloned before
I can investigate its contents. However, as the mobile did not belong to the company, I had to
wait for sufficient permission from the respective authorities who would give me approval for
cloning the phone. Without proper approval, any incriminating evidence gathered from the phone
would not be admissible in court. The call logs, the phone book and different media file can be
extracted from the phones (Cahyani et al. 2017). This data can be used to confirm the alleged
connection between Mr. Smith and Mr. Burman. The phone book cannot be used in court as a
person can have a colleague’s phone number in his contact list however the frequency of contact
between them would prove to be useful. Text messages stored in the phone can also be extracted
to investigate and analyze the different text messages that were sent and received by Mr. Smith.
Incriminating evidence can present itself from anywhere and thus the sources must be properly
investigated. I would keep the evidence under my custody for three days and then hand them
over to the respective authorities after the imaging and the cloning process is completed. The
hard disk and the USB drive contains different types of data such as document, spreadsheet,
music, videos and system. Among all these data types, the ones that were password protected
were the excel and the document files. I intend to use different password cracking software to
unlock those files. The data to obtained from the document and the excel files are very
9DIGITAL FORENSICS
significant in making or breaking the allegations against Mr. Smith and Mr. Burman. The excel
files might contain the client data that Mr. Sanchez suspects have been stolen from the company
and the document files might contain conversations between Mr. Smith and Mr. Burman or some
planning process that they might have undertaken before resigning from the company. Thus, the
data from these files are vital for the case. I would also request an unlocked copy of the client
files from Mr. Sanchez through his lawyer to compare the data that has been extracted (Kebande
and Venter 2015). The client files that are present on the server of Needful Things Ltd. must be
obtained through the proper channels to prove its viability. These files are the key elements that
governs this case and must not be altered in any way. I would also check for any signs of
alteration to the files. Checking for such information is easy as I would only have to check for
the date those files were created and any date of modification to corresponding it with the details
provided by Mr. Sanchez. The CDs that I attained from the company were analyzed. Upon
examination two of them were found blank however, one of them contained different documents
that contained the details of operation of Needful Things Ltd, the organizational structure and the
roles fulfilled by different executives. Mr. Burman and several other executives were highlighted
in this file. Thus, it is evident that Mr. Smith might have used this to recruit personnel for his
company. As per my understanding these files hold the most importance in this case. However,
these files must be linked to the suspects by analyzing the several other evidences that has been
collected from the company. There were three sets of logs that I recovered from the Tiranic01,
Internet traffic logs, printer logs and email logs. I can extract the internet activity from the
Internet activity logs. This is essential to trace the online activities of Mr. Smith and Mr.
Burman. Their internet activity can effectively elaborate the steps that they have taken during
creating their own company. Internet activity however does not hold much significance in court
significant in making or breaking the allegations against Mr. Smith and Mr. Burman. The excel
files might contain the client data that Mr. Sanchez suspects have been stolen from the company
and the document files might contain conversations between Mr. Smith and Mr. Burman or some
planning process that they might have undertaken before resigning from the company. Thus, the
data from these files are vital for the case. I would also request an unlocked copy of the client
files from Mr. Sanchez through his lawyer to compare the data that has been extracted (Kebande
and Venter 2015). The client files that are present on the server of Needful Things Ltd. must be
obtained through the proper channels to prove its viability. These files are the key elements that
governs this case and must not be altered in any way. I would also check for any signs of
alteration to the files. Checking for such information is easy as I would only have to check for
the date those files were created and any date of modification to corresponding it with the details
provided by Mr. Sanchez. The CDs that I attained from the company were analyzed. Upon
examination two of them were found blank however, one of them contained different documents
that contained the details of operation of Needful Things Ltd, the organizational structure and the
roles fulfilled by different executives. Mr. Burman and several other executives were highlighted
in this file. Thus, it is evident that Mr. Smith might have used this to recruit personnel for his
company. As per my understanding these files hold the most importance in this case. However,
these files must be linked to the suspects by analyzing the several other evidences that has been
collected from the company. There were three sets of logs that I recovered from the Tiranic01,
Internet traffic logs, printer logs and email logs. I can extract the internet activity from the
Internet activity logs. This is essential to trace the online activities of Mr. Smith and Mr.
Burman. Their internet activity can effectively elaborate the steps that they have taken during
creating their own company. Internet activity however does not hold much significance in court
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10DIGITAL FORENSICS
as the opposing lawyer can easily dismiss the evidence as someone else’s activity on the
desktops of Mr. Smith and Mr. Burman (Goodison, Davis and Jackson 2015). Thus, to link their
activities, I extracted the data from the email logs and the printer logs. This would aid in pointing
out that it was in fact them who were using the systems and no one else. The email logs would
establish the number of emails shared between the Mr. Smith and Mr. Burman. The emails
shared between can also be obtained by accessing their email accounts. However, the specific
permissions must be obtained before undertaking such a step (Boucher and Kuange 2015). I
would provide all the data that I gathered, after investigating the evidence to the respective
authorities for further processing. After receiving the respective permissions, I would be able to
extract the emails from the user accounts to analyze the frequency and the content of
communication between the two suspects. I documented my every single step and the processes
that I used to extract data from the evidence. This is vital for preserving the evidence and for
maintaining the chain of custody. I would also provide these details along with the evidence to
demonstrate that the correct investigative methods and procedures have been followed by me and
that at no stage of the process was any evidence compromised or altered in any way (Graham
2016).
The evidence that I collected and examined are kept separately along with the originals to
enable any third-party investigator to research on my findings and confirm my results. The court
will transfer the evidence that I have collected to other examiners for further investigation and
for receiving a second opinion on the findings of the case. The detailed logs would also help in
this matter as the step by step procedures that I have followed would demonstrate the integrity
with which I have handled the evidence.
as the opposing lawyer can easily dismiss the evidence as someone else’s activity on the
desktops of Mr. Smith and Mr. Burman (Goodison, Davis and Jackson 2015). Thus, to link their
activities, I extracted the data from the email logs and the printer logs. This would aid in pointing
out that it was in fact them who were using the systems and no one else. The email logs would
establish the number of emails shared between the Mr. Smith and Mr. Burman. The emails
shared between can also be obtained by accessing their email accounts. However, the specific
permissions must be obtained before undertaking such a step (Boucher and Kuange 2015). I
would provide all the data that I gathered, after investigating the evidence to the respective
authorities for further processing. After receiving the respective permissions, I would be able to
extract the emails from the user accounts to analyze the frequency and the content of
communication between the two suspects. I documented my every single step and the processes
that I used to extract data from the evidence. This is vital for preserving the evidence and for
maintaining the chain of custody. I would also provide these details along with the evidence to
demonstrate that the correct investigative methods and procedures have been followed by me and
that at no stage of the process was any evidence compromised or altered in any way (Graham
2016).
The evidence that I collected and examined are kept separately along with the originals to
enable any third-party investigator to research on my findings and confirm my results. The court
will transfer the evidence that I have collected to other examiners for further investigation and
for receiving a second opinion on the findings of the case. The detailed logs would also help in
this matter as the step by step procedures that I have followed would demonstrate the integrity
with which I have handled the evidence.
11DIGITAL FORENSICS
Reference List
Boddy, C.R., 2014. Corporate psychopaths, conflict, employee affective well-being and
counterproductive work behaviour. Journal of Business Ethics, 121(1), pp.107-121.
Boucher, S. and Kuange, B., 2015. Email evidence-now you see it, now you don’t.
Cahyani, N.D.W., Martini, B., Choo, K.K.R. and Al‐Azhar, A.K.B.P., 2017. Forensic data
acquisition from cloud‐of‐things devices: windows Smartphones as a case study. Concurrency
and Computation: Practice and Experience, 29(14).
Curry, M., 2015. Evidence: Science in court: Challenging the value of expert evidence. LSJ: Law
Society of NSW Journal, (15), p.84.
Dang-Nguyen, D.T., Pasquini, C., Conotter, V. and Boato, G., 2015, March. Raise: A raw
images dataset for digital image forensics. In Proceedings of the 6th ACM Multimedia Systems
Conference (pp. 219-224). ACM.
Fiorino, N., Gavoille, N. and Padovano, F., 2015. Rewarding judicial independence: Evidence
from the Italian constitutional court. International review of law and economics, 43, pp.56-66.
Gilani, H.R., Kozak, R.A. and Innes, J.L., 2017. Chain of custody certification involvement by
the British Columbia value-ad
Goodison, S.E., Davis, R.C. and Jackson, B.A., 2015. Digital evidence and the US criminal
justice system. Identifying Technology and Other Needs to More Effectively Acquire and Utilize
Digital Evidence. Priority Criminal Justice Needs Initiative. Rand Corporation.
Graham, J.R., Harvey, C.R., Popadak, J.A. and Rajgopal, S., 2016. Corporate culture: The
interview evidence.
Reference List
Boddy, C.R., 2014. Corporate psychopaths, conflict, employee affective well-being and
counterproductive work behaviour. Journal of Business Ethics, 121(1), pp.107-121.
Boucher, S. and Kuange, B., 2015. Email evidence-now you see it, now you don’t.
Cahyani, N.D.W., Martini, B., Choo, K.K.R. and Al‐Azhar, A.K.B.P., 2017. Forensic data
acquisition from cloud‐of‐things devices: windows Smartphones as a case study. Concurrency
and Computation: Practice and Experience, 29(14).
Curry, M., 2015. Evidence: Science in court: Challenging the value of expert evidence. LSJ: Law
Society of NSW Journal, (15), p.84.
Dang-Nguyen, D.T., Pasquini, C., Conotter, V. and Boato, G., 2015, March. Raise: A raw
images dataset for digital image forensics. In Proceedings of the 6th ACM Multimedia Systems
Conference (pp. 219-224). ACM.
Fiorino, N., Gavoille, N. and Padovano, F., 2015. Rewarding judicial independence: Evidence
from the Italian constitutional court. International review of law and economics, 43, pp.56-66.
Gilani, H.R., Kozak, R.A. and Innes, J.L., 2017. Chain of custody certification involvement by
the British Columbia value-ad
Goodison, S.E., Davis, R.C. and Jackson, B.A., 2015. Digital evidence and the US criminal
justice system. Identifying Technology and Other Needs to More Effectively Acquire and Utilize
Digital Evidence. Priority Criminal Justice Needs Initiative. Rand Corporation.
Graham, J.R., Harvey, C.R., Popadak, J.A. and Rajgopal, S., 2016. Corporate culture: The
interview evidence.
12DIGITAL FORENSICS
Graham, M.H., 2016. Handbook of Federal Evidence.
Grimm, P.W., Capra, D.J. and Joseph, G.P., 2017. Authenticating Digital Evidence. Baylor L.
Rev., 69, p.1.
Hitchcock, B., Le-Khac, N.A. and Scanlon, M., 2016. Tiered forensic methodology model for
Digital Field Triage by non-digital evidence specialists. Digital Investigation, 16, pp.S75-S85.
Jewkes, Y., 2015. Media and crime. Sage.
Kebande, V. and Venter, H.S., 2015, July. A functional architecture for cloud forensic readiness
large-scale potential digital evidence analysis. In European Conference on Cyber Warfare and
Security (p. 373). Academic Conferences International Limited.
Mauet, T.A. and Wolfson, W.D., 2015. Trial evidence. Wolters Kluwer Law & Business.
McCombs, M., 2014. Setting the agenda: Mass media and public opinion. John Wiley & Sons.
Neugschwandtner, M., Beitler, A. and Kurmus, A., 2016, April. A transparent defense against
USB eavesdropping attacks. In Proceedings of the 9th European Workshop on System
Security (p. 6). ACM.
Prayudi, Y., Ashari, A. and Priyambodo, T.K., 2014. Digital evidence cabinets: A proposed
framework for handling digital chain of custody. International Journal of Computer
Applications, 107(9).
Prayudi, Y., Ashari, A. and Priyambodo, T.K., 2018. Multiview business model for describing a
mechanism of handling physical and digital evidence in digital forensics. Journal of Theoretical
& Applied Information Technology, 96(2).
Scheindlin, S., 2016. Electronic Discovery and Digital Evidence in a Nutshell. West Academic.
Graham, M.H., 2016. Handbook of Federal Evidence.
Grimm, P.W., Capra, D.J. and Joseph, G.P., 2017. Authenticating Digital Evidence. Baylor L.
Rev., 69, p.1.
Hitchcock, B., Le-Khac, N.A. and Scanlon, M., 2016. Tiered forensic methodology model for
Digital Field Triage by non-digital evidence specialists. Digital Investigation, 16, pp.S75-S85.
Jewkes, Y., 2015. Media and crime. Sage.
Kebande, V. and Venter, H.S., 2015, July. A functional architecture for cloud forensic readiness
large-scale potential digital evidence analysis. In European Conference on Cyber Warfare and
Security (p. 373). Academic Conferences International Limited.
Mauet, T.A. and Wolfson, W.D., 2015. Trial evidence. Wolters Kluwer Law & Business.
McCombs, M., 2014. Setting the agenda: Mass media and public opinion. John Wiley & Sons.
Neugschwandtner, M., Beitler, A. and Kurmus, A., 2016, April. A transparent defense against
USB eavesdropping attacks. In Proceedings of the 9th European Workshop on System
Security (p. 6). ACM.
Prayudi, Y., Ashari, A. and Priyambodo, T.K., 2014. Digital evidence cabinets: A proposed
framework for handling digital chain of custody. International Journal of Computer
Applications, 107(9).
Prayudi, Y., Ashari, A. and Priyambodo, T.K., 2018. Multiview business model for describing a
mechanism of handling physical and digital evidence in digital forensics. Journal of Theoretical
& Applied Information Technology, 96(2).
Scheindlin, S., 2016. Electronic Discovery and Digital Evidence in a Nutshell. West Academic.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13DIGITAL FORENSICS
Shastri, A. and Sharma, P., 2016, March. Data vault: A security model for preventing data theft
in corporate. In Proceedings of the Second International Conference on Information and
Communication Technology for Competitive Strategies (p. 142). ACM.
Stevens, J., Absolute Software Corp, 2015. Offline data delete with false trigger protection. U.S.
Patent 9,154,499.
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice
Hall Press.
Tun, T., Price, B., Bandara, A., Yu, Y. and Nuseibeh, B., 2016, September. Verifiable Limited
Disclosure: Reporting and Handling Digital Evidence in Police Investigations. In Requirements
Engineering Conference Workshops (REW), IEEE International (pp. 102-105). IEEE.
Shastri, A. and Sharma, P., 2016, March. Data vault: A security model for preventing data theft
in corporate. In Proceedings of the Second International Conference on Information and
Communication Technology for Competitive Strategies (p. 142). ACM.
Stevens, J., Absolute Software Corp, 2015. Offline data delete with false trigger protection. U.S.
Patent 9,154,499.
Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice
Hall Press.
Tun, T., Price, B., Bandara, A., Yu, Y. and Nuseibeh, B., 2016, September. Verifiable Limited
Disclosure: Reporting and Handling Digital Evidence in Police Investigations. In Requirements
Engineering Conference Workshops (REW), IEEE International (pp. 102-105). IEEE.
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.