Forensic Investigation Report: Cyber Bullying Case Data Analysis
VerifiedAdded on 2022/08/19
|11
|2129
|75
Report
AI Summary
This forensic investigation report details the analysis of digital evidence related to a cyber bullying case. The report outlines the investigation process, from the initial identification of evidence to the final conclusions. It covers key aspects such as the identification of values and veracity requirements, assessment procedures, and the acquisition and evaluation of digital evidence. The report also delves into the observation of evidence, search and seizure operations, and the processing location of the evidence. A significant portion of the report is dedicated to the chain of custody, examination of evidence, and data handling, including extraction and content analysis. The analysis includes details on user activity, downloads, browser history, and deleted files, leading to a conclusion about the suspect's actions and intent. The report references relevant literature and provides a comprehensive overview of the forensic investigation process, offering valuable insights into digital evidence analysis and cybercrime investigation.
Running head- FORENSIC INVESTIGATION REPORT
Forensic Investigation Report
Name of the Student
Name of the University
Author Note
Forensic Investigation Report
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1Forensic Investigation Report
Table of Contents
Title................................................................................................................................2
Identification..................................................................................................................2
Values.........................................................................................................................2
Veracity Requirement................................................................................................3
Assessment.................................................................................................................3
Acquisition.................................................................................................................3
Evaluation..................................................................................................................4
Observation................................................................................................................4
Search and seizure..........................................................................................................4
Processing Location...................................................................................................5
Chain of Custody............................................................................................................5
Examination of the Evidence.........................................................................................6
Preparation.................................................................................................................6
Extraction...................................................................................................................6
Data Handling............................................................................................................6
Content for the Analysis.................................................................................................6
Conclusion......................................................................................................................8
Reference......................................................................................................................10
Table of Contents
Title................................................................................................................................2
Identification..................................................................................................................2
Values.........................................................................................................................2
Veracity Requirement................................................................................................3
Assessment.................................................................................................................3
Acquisition.................................................................................................................3
Evaluation..................................................................................................................4
Observation................................................................................................................4
Search and seizure..........................................................................................................4
Processing Location...................................................................................................5
Chain of Custody............................................................................................................5
Examination of the Evidence.........................................................................................6
Preparation.................................................................................................................6
Extraction...................................................................................................................6
Data Handling............................................................................................................6
Content for the Analysis.................................................................................................6
Conclusion......................................................................................................................8
Reference......................................................................................................................10
2Forensic Investigation Report
Title
This report is an investigation report of the various connections of the computer and
further helps in the recovery of a few information that might be helpful in the case. The
persistence of this report is to deliver the inspection process, discoveries, and commendations
from various evidence related to cyber bullying that resulted into the case where the person
has lost all the data information and was using it illegally (Valjarevic & Venter 2015). The
data delivers for the appearance step of an examination. Further, the digital forensic values,
approaches, values, and legal matters are specified that may affect the verdict of the court.
This written report delivers the detailed structure of the evidence as presented in the Digital
Evidence Package. The attention of this report is on the collection of digital evidence (Carrier
& Spafford 2014).
Identification
The succeeding ideas, values, and standards charted below are the base upon which
the investigation is based. The shared values as charted by the legal community in order to
provide a conclusion to the evidence that is collected through the investigation (Jafari & Satti,
2015). This report identifies all the aspects of that evidence that might be useful for the court.
Values
The following values and principles are outlined below that is the base for the
investigation. The basic principles followed are:
No alteration of the original data.
Investigation processes are conducted on the original data
Title
This report is an investigation report of the various connections of the computer and
further helps in the recovery of a few information that might be helpful in the case. The
persistence of this report is to deliver the inspection process, discoveries, and commendations
from various evidence related to cyber bullying that resulted into the case where the person
has lost all the data information and was using it illegally (Valjarevic & Venter 2015). The
data delivers for the appearance step of an examination. Further, the digital forensic values,
approaches, values, and legal matters are specified that may affect the verdict of the court.
This written report delivers the detailed structure of the evidence as presented in the Digital
Evidence Package. The attention of this report is on the collection of digital evidence (Carrier
& Spafford 2014).
Identification
The succeeding ideas, values, and standards charted below are the base upon which
the investigation is based. The shared values as charted by the legal community in order to
provide a conclusion to the evidence that is collected through the investigation (Jafari & Satti,
2015). This report identifies all the aspects of that evidence that might be useful for the court.
Values
The following values and principles are outlined below that is the base for the
investigation. The basic principles followed are:
No alteration of the original data.
Investigation processes are conducted on the original data
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3Forensic Investigation Report
Investigation id did upon following the legislations as per laid for the investigation.
Veracity Requirement
The complete training program, digital evidence retrieval methods, and the pledge to
keep the efficiency at the highest stage for the operation. The procedure of the investigation
has been completed following the below guidelines.
Measures for intake forms, essential documents, receiving standards
Necessities in order to submit the physical evidence
Measures for listing and conveying investigations
Strategies for the processing, documenting and further conducting indication and
work products in order to process and preserve the digital evidence.
Assessment
Forensic investigator evaluated the digital evidence meticulously with deference to
the opportunity of the case and determined to take an appropriate sequence of action for the
case. Procedures are followed upon the scenario
Identification of the login details, connections and deleted files of the suspect.
Ensured accomplished request for assistance
Consultation with case investigator finished
Complete documentation of the chain of custody
Acquisition
Digital evidence, is delicate by nature and can be easily altered or damaged if not
handled properly. The digital evidence is very case sensitive and can be easily altered if
proper handling is not done (Sanchez, & Giova, 2016).. The best way to preserve such
evidence includes the copy of the original data’s and the best procedure for the examination
Investigation id did upon following the legislations as per laid for the investigation.
Veracity Requirement
The complete training program, digital evidence retrieval methods, and the pledge to
keep the efficiency at the highest stage for the operation. The procedure of the investigation
has been completed following the below guidelines.
Measures for intake forms, essential documents, receiving standards
Necessities in order to submit the physical evidence
Measures for listing and conveying investigations
Strategies for the processing, documenting and further conducting indication and
work products in order to process and preserve the digital evidence.
Assessment
Forensic investigator evaluated the digital evidence meticulously with deference to
the opportunity of the case and determined to take an appropriate sequence of action for the
case. Procedures are followed upon the scenario
Identification of the login details, connections and deleted files of the suspect.
Ensured accomplished request for assistance
Consultation with case investigator finished
Complete documentation of the chain of custody
Acquisition
Digital evidence, is delicate by nature and can be easily altered or damaged if not
handled properly. The digital evidence is very case sensitive and can be easily altered if
proper handling is not done (Sanchez, & Giova, 2016).. The best way to preserve such
evidence includes the copy of the original data’s and the best procedure for the examination
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4Forensic Investigation Report
of the documents include the preservation of such data delicately. The first evidence is
acquired in a way that guards and conserves the integrity of the evidence. Computer forensic
inspectors should evaluate digital evidence systematically with reverence to the choice of the
case to regulate the course of action that needs to be taken.
Evaluation
The prime determination of the evaluation procedure is to extract and analyze digital
evidence. Withdrawal denotes the retrieval of the data from its media. Investigation denotes
the procedure for the understanding of the recuperated data and putting it in a reasonable and
suitable format.
Observation
The observations of the evidence and the details for that are documented through the
legal dispensation. This will complete with the research of a written report of the findings.
“Search and seizure”
The search warrants were acquired after the analysis of the evidence by the
investigator upon the details for the IP addresses and login date and timings. The search
warrant certified in order to access the digital information and collect that information. The
information was kept secure in order to proceed. The replicas and all the IP addresses and the
external connections along with the deleted files are retrieved. The devices were connected to
the wifi in order to get the access and noticed that apart from a few repeated devices, there
were several other devices connected to the computer in order to access the net. The Law
administration located transferable media and various USB connections in order to trace the
computing locations. The overall situation of the area where the devices were impounded was
“free of substances that would corrupt or destroy data on those devices”. There was no
of the documents include the preservation of such data delicately. The first evidence is
acquired in a way that guards and conserves the integrity of the evidence. Computer forensic
inspectors should evaluate digital evidence systematically with reverence to the choice of the
case to regulate the course of action that needs to be taken.
Evaluation
The prime determination of the evaluation procedure is to extract and analyze digital
evidence. Withdrawal denotes the retrieval of the data from its media. Investigation denotes
the procedure for the understanding of the recuperated data and putting it in a reasonable and
suitable format.
Observation
The observations of the evidence and the details for that are documented through the
legal dispensation. This will complete with the research of a written report of the findings.
“Search and seizure”
The search warrants were acquired after the analysis of the evidence by the
investigator upon the details for the IP addresses and login date and timings. The search
warrant certified in order to access the digital information and collect that information. The
information was kept secure in order to proceed. The replicas and all the IP addresses and the
external connections along with the deleted files are retrieved. The devices were connected to
the wifi in order to get the access and noticed that apart from a few repeated devices, there
were several other devices connected to the computer in order to access the net. The Law
administration located transferable media and various USB connections in order to trace the
computing locations. The overall situation of the area where the devices were impounded was
“free of substances that would corrupt or destroy data on those devices”. There was no
5Forensic Investigation Report
information on the devices that were locked and could not be traced. Although there were
some files used by the same name that was deleted.
“Processing Location”
The evidence was processed at the Regional Computer Forensics Laboratory. The lab
is a devoted digital forensic laboratory and attributed by the American Society of Crime
Laboratory (Bonomi, Casini, & Ciccotelli, 2018). The examination in the laboratory is
conducted by specialized staff who undergo the certification process. The services that are
performed are private and confidential and by nature, an impartial and independent body. The
period for processing the data was approximately done within 6 to 10 days that was allocated
to the forensic labs to analyze and locate the evidence and report the findings. The quality
provided by the labs would include the following:
Evidence is to be documented appropriately
Adequate transportation and storage of the evidence
“Storage locations are free from electromagnetic interfering and damaging constituents”
The quality and the conditions of the evidence that would be such that it would be
easily understandable and assessable.
“Chain of Custody”
The forensic investigation outlines the following areas:
System information
Detailed identification of evidence (model/serial)
User Activity and the other devices that are connected
Recent and the past log in details
All the list of downloads from recent to the pat downloads
information on the devices that were locked and could not be traced. Although there were
some files used by the same name that was deleted.
“Processing Location”
The evidence was processed at the Regional Computer Forensics Laboratory. The lab
is a devoted digital forensic laboratory and attributed by the American Society of Crime
Laboratory (Bonomi, Casini, & Ciccotelli, 2018). The examination in the laboratory is
conducted by specialized staff who undergo the certification process. The services that are
performed are private and confidential and by nature, an impartial and independent body. The
period for processing the data was approximately done within 6 to 10 days that was allocated
to the forensic labs to analyze and locate the evidence and report the findings. The quality
provided by the labs would include the following:
Evidence is to be documented appropriately
Adequate transportation and storage of the evidence
“Storage locations are free from electromagnetic interfering and damaging constituents”
The quality and the conditions of the evidence that would be such that it would be
easily understandable and assessable.
“Chain of Custody”
The forensic investigation outlines the following areas:
System information
Detailed identification of evidence (model/serial)
User Activity and the other devices that are connected
Recent and the past log in details
All the list of downloads from recent to the pat downloads
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6Forensic Investigation Report
Wifi Passwords and the other wifi networks connected to it
Installed programs and the recent searches
Recent downloads and the recent used MS doc files
File name and search details and timelines
Deleted files from the system and the other files in the recycle bin
Search filters for Bank accounts
Other applications and the list of the mismatched files.
Examination of the Evidence
Preparation
Operational directories were equipped on discrete “media where evidentiary” records
and the data are places during the procedure of the “Extraction Sufficient time assigned to the
examiner to perform forensic procedures” (Taylor et al, 2014).
Extraction
Logical extraction was accomplished on the devices. The data accessible involved
dynamic files, unallocated and the deleted files.
Data Handling
No hidden data were found, although numerous data was deleted from the device with
the same name. Specific issues relating to the documents could not be found, such as the
following:
Compressed files
Password-protected files
Encrypted files
Wifi Passwords and the other wifi networks connected to it
Installed programs and the recent searches
Recent downloads and the recent used MS doc files
File name and search details and timelines
Deleted files from the system and the other files in the recycle bin
Search filters for Bank accounts
Other applications and the list of the mismatched files.
Examination of the Evidence
Preparation
Operational directories were equipped on discrete “media where evidentiary” records
and the data are places during the procedure of the “Extraction Sufficient time assigned to the
examiner to perform forensic procedures” (Taylor et al, 2014).
Extraction
Logical extraction was accomplished on the devices. The data accessible involved
dynamic files, unallocated and the deleted files.
Data Handling
No hidden data were found, although numerous data was deleted from the device with
the same name. Specific issues relating to the documents could not be found, such as the
following:
Compressed files
Password-protected files
Encrypted files
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7Forensic Investigation Report
Content for the Analysis
The main objective of the suspect as per investigated included the access of the
academic materials in an unauthorized way.
The prime intention included tampering the evidence by deleting the files that may be
created due to unauthorized access.
The IP addresses show that there were other various connections from where the net
was connected in order to get the access that is stated as unauthorized.
The system was an internal system of the suspect and used individually, but the other
connections impose a doubt of extracting wifi connections from other places in order
to get the access of the academic files as per created by the student.
There were many downloads, and the downloaded files are of same nature, and as per
the user activity, 19 different USB connections are noticed along with six different
WLAN and the fact that this is a system for private use establishes a doubt for the
different usages. The number of windows searched included 803889 that is huge in
number for independent use.
The first log in was noted on 11/26/2019, and the window was shut down on 5:47:25,
and apart from a single device, other devides were connected such as the Vando
product, Intel Corp and USB specifically Sandisk.
The images for the following are stated below that stated the most recent user activity
from the lowest to the highest.
There were nearly 142 downloads recently all of the user names as Tasha that
included various internet sites on the same name and the oldest files for the
downloads included that of Tasha’s academic files.
Content for the Analysis
The main objective of the suspect as per investigated included the access of the
academic materials in an unauthorized way.
The prime intention included tampering the evidence by deleting the files that may be
created due to unauthorized access.
The IP addresses show that there were other various connections from where the net
was connected in order to get the access that is stated as unauthorized.
The system was an internal system of the suspect and used individually, but the other
connections impose a doubt of extracting wifi connections from other places in order
to get the access of the academic files as per created by the student.
There were many downloads, and the downloaded files are of same nature, and as per
the user activity, 19 different USB connections are noticed along with six different
WLAN and the fact that this is a system for private use establishes a doubt for the
different usages. The number of windows searched included 803889 that is huge in
number for independent use.
The first log in was noted on 11/26/2019, and the window was shut down on 5:47:25,
and apart from a single device, other devides were connected such as the Vando
product, Intel Corp and USB specifically Sandisk.
The images for the following are stated below that stated the most recent user activity
from the lowest to the highest.
There were nearly 142 downloads recently all of the user names as Tasha that
included various internet sites on the same name and the oldest files for the
downloads included that of Tasha’s academic files.
8Forensic Investigation Report
Five different wifi connections are found along with the saved passwords for such
easy usage for the suspect in order to use retrieve the old files and tamper the files of
Tasha.
The recycle bin included five documents for the annotation and few recovery files
saved by Tasha.
638 installed programs are noticed, among which the most recent activities include
MS word documents.
The Browser History had 1522 files and the most recent chrome searches include 669
documents that are the application as perused by Tasha and other types of data about
the procedure for the forensic demonstrations of the digital evidence and the way of
retrieving them.
There are 142 recent downloads discovered that most were goggle sites on the subject
of assignment and included mainly assignment ideas.
The Most recent used MS files include 213 documents about the forensic sessions and
criminology sessions.
Few scanned files were noted that was saved in different partitions, mainly the drive
D, E and F.
The file names that were searched mostly included the Windows WinSxS files.
There were 11144 deleted files among which few could be retrieved. The deleted files
that could be retrieved included, i.e. files. There were 46, i.e. files scanned and traced.
Although there was no name for the cybersecurity, exam answers or the bank details
in the deleted files.
Few mismatched and files were retrieved that was not important for the purview of
the case.
Five different wifi connections are found along with the saved passwords for such
easy usage for the suspect in order to use retrieve the old files and tamper the files of
Tasha.
The recycle bin included five documents for the annotation and few recovery files
saved by Tasha.
638 installed programs are noticed, among which the most recent activities include
MS word documents.
The Browser History had 1522 files and the most recent chrome searches include 669
documents that are the application as perused by Tasha and other types of data about
the procedure for the forensic demonstrations of the digital evidence and the way of
retrieving them.
There are 142 recent downloads discovered that most were goggle sites on the subject
of assignment and included mainly assignment ideas.
The Most recent used MS files include 213 documents about the forensic sessions and
criminology sessions.
Few scanned files were noted that was saved in different partitions, mainly the drive
D, E and F.
The file names that were searched mostly included the Windows WinSxS files.
There were 11144 deleted files among which few could be retrieved. The deleted files
that could be retrieved included, i.e. files. There were 46, i.e. files scanned and traced.
Although there was no name for the cybersecurity, exam answers or the bank details
in the deleted files.
Few mismatched and files were retrieved that was not important for the purview of
the case.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9Forensic Investigation Report
Conclusion
In conclusion to the above facts and scenario as per noted the suspect did try to
tamper with the academic information in an unauthorized way, but the motive could not be
attained as there was no connection to the funds that are misplaced. The suspect used the
information in an unauthorized way, but there was no implication for the funds or the answers
that were not retrieved by the suspect.
Conclusion
In conclusion to the above facts and scenario as per noted the suspect did try to
tamper with the academic information in an unauthorized way, but the motive could not be
attained as there was no connection to the funds that are misplaced. The suspect used the
information in an unauthorized way, but there was no implication for the funds or the answers
that were not retrieved by the suspect.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10Forensic Investigation Report
Reference
Bonomi, S., Casini, M., & Ciccotelli, C. (2018). B-coc: A blockchain-based chain of custody
for evidences management in digital forensics. arXiv preprint arXiv:1807.10359.
Carrier, B., & Spafford, E. H. (2004). An event-based digital forensic investigation
framework. In Digital forensic research workshop (pp. 11-13).
Jafari, F., & Satti, R. S. (2015). Comparative analysis of digital forensic models. Journal of
Advances in Computer Networks, 3(1), 82-86.
Sanchez, P. L. P., & Giova, G. (2016). Digital Chain of Custody Quality
Assessment. International Journal of Computer Science and Network Security
(IJCSNS), 16(4), 41.
Taylor, M., Haggerty, J., Gresty, D., Almond, P., & Berry, T. (2014). Forensic investigation
of social networking applications. Network Security, 2014(11), 9-16.
Valjarevic, A., & Venter, H. S. (2015). A comprehensive and harmonized digital forensic
investigation process model. Journal of forensic sciences, 60(6), 1467-1483.
Reference
Bonomi, S., Casini, M., & Ciccotelli, C. (2018). B-coc: A blockchain-based chain of custody
for evidences management in digital forensics. arXiv preprint arXiv:1807.10359.
Carrier, B., & Spafford, E. H. (2004). An event-based digital forensic investigation
framework. In Digital forensic research workshop (pp. 11-13).
Jafari, F., & Satti, R. S. (2015). Comparative analysis of digital forensic models. Journal of
Advances in Computer Networks, 3(1), 82-86.
Sanchez, P. L. P., & Giova, G. (2016). Digital Chain of Custody Quality
Assessment. International Journal of Computer Science and Network Security
(IJCSNS), 16(4), 41.
Taylor, M., Haggerty, J., Gresty, D., Almond, P., & Berry, T. (2014). Forensic investigation
of social networking applications. Network Security, 2014(11), 9-16.
Valjarevic, A., & Venter, H. S. (2015). A comprehensive and harmonized digital forensic
investigation process model. Journal of forensic sciences, 60(6), 1467-1483.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.