Digital Forensics Report: Investigation and Analysis of Case 014234

Verified

Added on 2022/11/16

AI Summary

This report presents the executive summary of a digital forensics investigation, focusing on Case 014234, involving the apprehension of Mr. James Cloudy. The investigation, prompted by a family member's tip, led to the seizure of Mr. Cloudy's laptop, firearms, currency, and electronics. The forensic analysis, conducted under federal warrants, involved creating a digital image of the hard drive using FTK, ensuring the integrity of the data with a write blocker, and maintaining a strict chain of custody. The analysis revealed a document, "planning.docx," detailing potential targets, escape routes, and the acquisition of weapons and ammunition. Key individuals of interest include the crime scene technician, chief investigator, Mr. Cloudy's brother, and Mr. Cloudy himself, whose psychological profile suggests megalomania and meticulous planning. The investigation also acknowledges limitations, such as the absence of direct evidence like the gun itself, and the subjective interpretation of the evidence. The report concludes with a discussion on the importance of the evidence collected and the implications of the suspect's intent.

DIGITAL EVIDENCE - REL TO COURT CASE 014234
Lonewolf Execute Summary
On the day of <blank>, Mr. James Cloudy was apprehended in his place of residence as a result of a tip
from a concerned family member. Both an arrest and search warrants were issued by a federal judge and
served by federal, state and municipal police agencies. Among the evidence seized from Mr. Cloudy’s
domicile were firearms, $325,000 in US currency and various electronics. The items included a laptop
with an unencrypted data hard disk with volumes that contained both operating system, personal files and
various data artifacts that are of significant interest to the authorities of all law enforcement agencies
involved prosecuting attorneys within multiple jurisdictions and homeland security. The laptop was
acquired in a shutdown state and was not in hibernate mode.
The scope of objectives for the forensic evaluation includes:
A forensic analysis of Mr. Cloudy’s laptop was ordered in accordance with above mentioned federal
warrants and the evaluation of digital copies of his hard drive(s) and other storage media will be made.
A write blocker will be utilized to preserve the integrity of the original hard disk, and a digital image will
be created for later analysis utilizing FTK which is supported by case law as a tool-set that is admissible
in court for digital forensic analysis.
A chain of custody from the time of acquisition, analysis and until dissemination in the presence of jurors
during the trial shall be maintained.
Evidence will be catalogued by brand, make and model, serial number, physical characteristics and
secured in the custody of federal investigators for the duration of the legal proceedings.
The scope of the analysis does not include:
Opinions regarding the guilt or innocence of the individual(s) who utilized the laptop.
Evidence Acquisition Procedures
The investigating agency utilizes industry standard tools, techniques and methodology to handle, preserve
process, and analyze physical and digital evidence.
Crime Scene Technician Joe Schnuffy and Agent Stone initially secured the laptop on at xx:xx xM.
Evidence and Integrity Verification
The image hash checksum was checked against the original, MD5 checksum hashed values show no
alterations to data was made.
b1fbb5a40ce1fd4a1ac8663117ea5ac0 :: LoneWolf - Copy.E01
DIGITAL EVIDENCE - REL TO COURT CASE 01

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

DIGITAL EVIDENCE - REL TO COURT CASE 014234
The Chain of Custody was established from the time the search warrant was served until the evidence is
to be presented in court. See reference Case 014234 - EVIDENCE CHAIN OF CUSTODY
TRACKING FORM. Digital copies of the apprehended hard disk in the Encase/E01 image file format
were created utilizing a hardware write blocker and FTK imager software.
System Information:
Hardware Analysis
File and Folder Analysis
The volume and subsequent file systems had no encipherment technology or algorithms applied, and was
therefore is readable without any additional measures than the ones mentioned above.
The Cloudy Manifesto.docx is a file located on Mr. Cloudy’s hard drive that makes reference the
government failing to protect its citizens and one being responsible for their own “safety and protection”.
It also makes reference to people who were victims of the government. Evidence of this document could
be indicative of Mr. Cloudy’s political opinions and motives.
Our analysis of the files contained on the disk indicates that Mr. Cloudy had created a document entitled
“planning.docx” that made reference to “targets” and the phrase “must have good escape route”,
“preferably near airport” and that “must be gun free zone”. Mr. Cloudy had also made references to
“guns”, and a specific model – the Kel-Tec Sub-2000 with a dollar amount which could be construed as a
price along with the words “black market”. He also referenced 9mm ammunition with a number of
“1000” which could be a quantity and a price of “$360”. There is a correlation between the firearm and
ammunition mentioned, as the Kel-Tec Sub-2000 – manufactured by Kel-Tec CNC Industries can be
chambered in 9mm. The document also mentions “tear away clothing”, “latex gloves” and “cash” in the
same section and the jury will have to correlate those three items with Mr. Cloudy’s possible motives.
The document has another bulleted section that is entitled “escape” and makes reference to “no
extradition countries” like Indonesia and Vietnam with a preference for direct flights. There is a final
section that in the document that is entitled “Release” and it makes reference to the phrase “home free”.
It also referenced a couple of addresses that have political affiliation or are meeting places for political
Persons of Interest
Joe Schnuffy- Crime scene technician was the first at the scene, his actions (omission or commission)
will decide the strength of the evidence collected and how well the crime scene, including the
evidence, is preserved to sustain a criminal case.
Agent Victor Stone, Badge number 452- Is the chief investigator in the case and has submitted the
first evidence and information that the prosecution can rely on to sustain its case. The success or
failure of the case and prevention of the crime by having the main suspect incarcerated based on the
DIGITAL EVIDENCE - REL TO COURT CASE 01
Device/
Model
Device Serial
Number Description Device Serial
Number Capacity
n/a n/a Hard drive UID:
1C233FA33C1C2A38 32 GB

DIGITAL EVIDENCE - REL TO COURT CASE 014234
strength of the presented evidence.
Mr. James Cloudy’s brother- Is the one that alerted the authorities of possible problems and possibly
helped avert a catastrophic disaster. He noticed strange behavior from his brother, and out of concern
for a sibling and the public became a whistle-blower by reporting the matter. His brother may also be
called in as a witness during the trial and should possibly get protection until the matter is settled; the
evidence given by the brother will help strengthen the case, and so he is an important person of
interest in the case.
Mr. James Cloudy- Is the most important person of interest in the case; he is the accused and adduced
forensic evidence so far shows that he was planning a terror attack on innocent citizens and then plan
an escape to Bali. The suspect has also considered several scenarios in the planned attack, including
his potential demise in the process and what his friends and family might think of him. Additionally,
the forensic evidence suggests that he is megalomania that imagines his actions will somehow be
heroic, given his beliefs that the state has failed. He perceives himself to have moral superiority and
that is criminal actions will be acts of grandeur
National Convention attendees These are persons of interest by being the targets of the planned terror
attack by Mr. James Cloudy.
James Cloudy Character Information
From the forensic evidence adduced, Mr. James Cloudy is pathological megalomania; he is also an
egotist. Clearly, Mr. James Cloudy has a serious psychological disorder as he is exhibiting signs of
delusional grandeur and obsessed with demonstrating his power and ideological superiority. He is
convinced that his actions are superior and heroic, against politicians he believes have failed the
people; ditto the image of a sheep may signify the people of politicians following a path and ideology
that he feels is weak, and hence is motivation for his murderous tendencies. He is also self-centered,
considering what people; his friends and family will think of him sh0uld he be killed while executing
his heinous crime. He also demonstrates the traits of an overconfident person, believing his actions
are right, but which must be achieved using a gun (a symbol of power) and he has already considered
his defense and escape plan and route, to a country with no extradition. His overconfident trait is
reinforced by the fact that he is a lone wolf, planning and preparing to undertake the crime unaided
and alone. Mr. James Cloudy is a very smart and meticulous planner who considers a lot of scenarios
and possible outcomes; he has selected a target that would provide the biggest capital to his motives
and has already purchased an airplane ticket and planned an escape route to a country with no
extradition. Further, he has also considered being captured and how he could defend himself as well
as a scenario where he is killed. However, even though he is a very confident person, he is also not
suicidal; he considers escaping and how o defend himself, classical terrorists are suicidal and would
prefer to die in the process while making a major statement through their actions. This is reinforced
by several open tabs on his computer that shows disjointed thoughts. He is seeking maximum
damage for the least adverse effects on himself, reinforcing the trait of being a selfish megalomaniac.
However, he is intelligent enough to have his hard drive encrypted to minimize chances of being
accessed and his plans revealed beforehand.
Investigation Limitations
DIGITAL EVIDENCE - REL TO COURT CASE 01

DIGITAL EVIDENCE - REL TO COURT CASE 014234
While there is evidence of elaborate plans, there are limitations as to the motives behind is intended
actions; from a legal perspective, the adduced evidence only points to a plan that could well, be a
fantasy! There is no physical evidence of being found with a gun, physical maps of the attack, and
any communication of complicity with others that would strengthen a case. Interpretation of the
evidence adduced, in the absence of witnesses such as conspirators mean they are subject to an
interpretation by different persons. Proving premeditated murder in the absence of the tools to be
used, such as a gun is difficult because there is no strong motivation or the suspect being a member
of any known extremist group. Further, there is no evidence of co-conspirators or external funding
that could strengthen the case; the funds he has been found with cannot be traced to an external
sponsor of terror or a third party.
DIGITAL EVIDENCE - REL TO COURT CASE 01