Lonewolf Execute Summary
Added on 2022-11-16
4 Pages1786 Words449 Views
DIGITAL EVIDENCE - REL TO COURT CASE 014234
Lonewolf Execute Summary
On the day of <blank>, Mr. James Cloudy was apprehended in his place of residence as a result of a tip
from a concerned family member. Both an arrest and search warrants were issued by a federal judge and
served by federal, state and municipal police agencies. Among the evidence seized from Mr. Cloudy’s
domicile were firearms, $325,000 in US currency and various electronics. The items included a laptop
with an unencrypted data hard disk with volumes that contained both operating system, personal files and
various data artifacts that are of significant interest to the authorities of all law enforcement agencies
involved prosecuting attorneys within multiple jurisdictions and homeland security. The laptop was
acquired in a shutdown state and was not in hibernate mode.
The scope of objectives for the forensic evaluation includes:
A forensic analysis of Mr. Cloudy’s laptop was ordered in accordance with above mentioned federal
warrants and the evaluation of digital copies of his hard drive(s) and other storage media will be made.
A write blocker will be utilized to preserve the integrity of the original hard disk, and a digital image will
be created for later analysis utilizing FTK which is supported by case law as a tool-set that is admissible
in court for digital forensic analysis.
A chain of custody from the time of acquisition, analysis and until dissemination in the presence of jurors
during the trial shall be maintained.
Evidence will be catalogued by brand, make and model, serial number, physical characteristics and
secured in the custody of federal investigators for the duration of the legal proceedings.
The scope of the analysis does not include:
Opinions regarding the guilt or innocence of the individual(s) who utilized the laptop.
Evidence Acquisition Procedures
The investigating agency utilizes industry standard tools, techniques and methodology to handle, preserve
process, and analyze physical and digital evidence.
Crime Scene Technician Joe Schnuffy and Agent Stone initially secured the laptop on at xx:xx xM.
Evidence and Integrity Verification
The image hash checksum was checked against the original, MD5 checksum hashed values show no
alterations to data was made.
b1fbb5a40ce1fd4a1ac8663117ea5ac0 :: LoneWolf - Copy.E01
DIGITAL EVIDENCE - REL TO COURT CASE 01
Lonewolf Execute Summary
On the day of <blank>, Mr. James Cloudy was apprehended in his place of residence as a result of a tip
from a concerned family member. Both an arrest and search warrants were issued by a federal judge and
served by federal, state and municipal police agencies. Among the evidence seized from Mr. Cloudy’s
domicile were firearms, $325,000 in US currency and various electronics. The items included a laptop
with an unencrypted data hard disk with volumes that contained both operating system, personal files and
various data artifacts that are of significant interest to the authorities of all law enforcement agencies
involved prosecuting attorneys within multiple jurisdictions and homeland security. The laptop was
acquired in a shutdown state and was not in hibernate mode.
The scope of objectives for the forensic evaluation includes:
A forensic analysis of Mr. Cloudy’s laptop was ordered in accordance with above mentioned federal
warrants and the evaluation of digital copies of his hard drive(s) and other storage media will be made.
A write blocker will be utilized to preserve the integrity of the original hard disk, and a digital image will
be created for later analysis utilizing FTK which is supported by case law as a tool-set that is admissible
in court for digital forensic analysis.
A chain of custody from the time of acquisition, analysis and until dissemination in the presence of jurors
during the trial shall be maintained.
Evidence will be catalogued by brand, make and model, serial number, physical characteristics and
secured in the custody of federal investigators for the duration of the legal proceedings.
The scope of the analysis does not include:
Opinions regarding the guilt or innocence of the individual(s) who utilized the laptop.
Evidence Acquisition Procedures
The investigating agency utilizes industry standard tools, techniques and methodology to handle, preserve
process, and analyze physical and digital evidence.
Crime Scene Technician Joe Schnuffy and Agent Stone initially secured the laptop on at xx:xx xM.
Evidence and Integrity Verification
The image hash checksum was checked against the original, MD5 checksum hashed values show no
alterations to data was made.
b1fbb5a40ce1fd4a1ac8663117ea5ac0 :: LoneWolf - Copy.E01
DIGITAL EVIDENCE - REL TO COURT CASE 01
DIGITAL EVIDENCE - REL TO COURT CASE 014234
The Chain of Custody was established from the time the search warrant was served until the evidence is
to be presented in court. See reference Case 014234 - EVIDENCE CHAIN OF CUSTODY
TRACKING FORM. Digital copies of the apprehended hard disk in the Encase/E01 image file format
were created utilizing a hardware write blocker and FTK imager software.
System Information:
Hardware Analysis
File and Folder Analysis
The volume and subsequent file systems had no encipherment technology or algorithms applied, and was
therefore is readable without any additional measures than the ones mentioned above.
The Cloudy Manifesto.docx is a file located on Mr. Cloudy’s hard drive that makes reference the
government failing to protect its citizens and one being responsible for their own “safety and protection”.
It also makes reference to people who were victims of the government. Evidence of this document could
be indicative of Mr. Cloudy’s political opinions and motives.
Our analysis of the files contained on the disk indicates that Mr. Cloudy had created a document entitled
“planning.docx” that made reference to “targets” and the phrase “must have good escape route”,
“preferably near airport” and that “must be gun free zone”. Mr. Cloudy had also made references to
“guns”, and a specific model – the Kel-Tec Sub-2000 with a dollar amount which could be construed as a
price along with the words “black market”. He also referenced 9mm ammunition with a number of
“1000” which could be a quantity and a price of “$360”. There is a correlation between the firearm and
ammunition mentioned, as the Kel-Tec Sub-2000 – manufactured by Kel-Tec CNC Industries can be
chambered in 9mm. The document also mentions “tear away clothing”, “latex gloves” and “cash” in the
same section and the jury will have to correlate those three items with Mr. Cloudy’s possible motives.
The document has another bulleted section that is entitled “escape” and makes reference to “no
extradition countries” like Indonesia and Vietnam with a preference for direct flights. There is a final
section that in the document that is entitled “Release” and it makes reference to the phrase “home free”.
It also referenced a couple of addresses that have political affiliation or are meeting places for political
Persons of Interest
Joe Schnuffy- Crime scene technician was the first at the scene, his actions (omission or commission)
will decide the strength of the evidence collected and how well the crime scene, including the
evidence, is preserved to sustain a criminal case.
Agent Victor Stone, Badge number 452- Is the chief investigator in the case and has submitted the
first evidence and information that the prosecution can rely on to sustain its case. The success or
failure of the case and prevention of the crime by having the main suspect incarcerated based on the
DIGITAL EVIDENCE - REL TO COURT CASE 01
Device/
Model
Device
Serial
Number
Description Device Serial
Number Capacity
n/a n/a Hard drive
UID:
1C233FA33C1C2
A38
32 GB
The Chain of Custody was established from the time the search warrant was served until the evidence is
to be presented in court. See reference Case 014234 - EVIDENCE CHAIN OF CUSTODY
TRACKING FORM. Digital copies of the apprehended hard disk in the Encase/E01 image file format
were created utilizing a hardware write blocker and FTK imager software.
System Information:
Hardware Analysis
File and Folder Analysis
The volume and subsequent file systems had no encipherment technology or algorithms applied, and was
therefore is readable without any additional measures than the ones mentioned above.
The Cloudy Manifesto.docx is a file located on Mr. Cloudy’s hard drive that makes reference the
government failing to protect its citizens and one being responsible for their own “safety and protection”.
It also makes reference to people who were victims of the government. Evidence of this document could
be indicative of Mr. Cloudy’s political opinions and motives.
Our analysis of the files contained on the disk indicates that Mr. Cloudy had created a document entitled
“planning.docx” that made reference to “targets” and the phrase “must have good escape route”,
“preferably near airport” and that “must be gun free zone”. Mr. Cloudy had also made references to
“guns”, and a specific model – the Kel-Tec Sub-2000 with a dollar amount which could be construed as a
price along with the words “black market”. He also referenced 9mm ammunition with a number of
“1000” which could be a quantity and a price of “$360”. There is a correlation between the firearm and
ammunition mentioned, as the Kel-Tec Sub-2000 – manufactured by Kel-Tec CNC Industries can be
chambered in 9mm. The document also mentions “tear away clothing”, “latex gloves” and “cash” in the
same section and the jury will have to correlate those three items with Mr. Cloudy’s possible motives.
The document has another bulleted section that is entitled “escape” and makes reference to “no
extradition countries” like Indonesia and Vietnam with a preference for direct flights. There is a final
section that in the document that is entitled “Release” and it makes reference to the phrase “home free”.
It also referenced a couple of addresses that have political affiliation or are meeting places for political
Persons of Interest
Joe Schnuffy- Crime scene technician was the first at the scene, his actions (omission or commission)
will decide the strength of the evidence collected and how well the crime scene, including the
evidence, is preserved to sustain a criminal case.
Agent Victor Stone, Badge number 452- Is the chief investigator in the case and has submitted the
first evidence and information that the prosecution can rely on to sustain its case. The success or
failure of the case and prevention of the crime by having the main suspect incarcerated based on the
DIGITAL EVIDENCE - REL TO COURT CASE 01
Device/
Model
Device
Serial
Number
Description Device Serial
Number Capacity
n/a n/a Hard drive
UID:
1C233FA33C1C2
A38
32 GB
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Digital forensics | Question and Answerlg...
|18
|1393
|19
Electronic and Digital Forensic: Study Material with Solved Assignmentslg...
|13
|3903
|74
Data acquisition methods for digital forensicslg...
|11
|1180
|18
Digital Forensics Quizlg...
|5
|667
|443
Computer Forensic Analysis 2022lg...
|15
|1541
|23
MN624 Assignment on Digital Forensicslg...
|11
|1309
|17