Original source of fact pattern: https://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
1. A Computer Forensic investigator generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorized access or not.
2. Computer Forensics investigators work as a team to investigate the incident and conduct the forensic analysis by using various methodologies (e.g. Static and Dynamic) and tools (e.g. FTK or Encase) to ensure the computer network system is secure in an organization.
3. A successful Computer Forensic investigator must be familiar with various laws and regulations related to computer crimes in their country (e.g. Computer Misuse Act 1990, the UK) and various computer operating systems (e.g. Windows, Linux) and network operating systems (e.g. Win NT).
4. Public investigations and Private or Corporate investigations are the two distinctive categories that fall under Computer Forensics investigations. Public investigations will be conducted by government agencies, and private investigations will be conducted by private computer forensic team.
1. A new start-up SME (small-medium enterprise) based in Luton has recently begun to notice anomalies in its accounting and product records.
2. This SME has also noticed that their competitors seem to be developing products that are very similar to what they are doing which suggests potential intellectual property theft.
3. SME has undertaken an initial check of system log files, and there are several suspicious entries and IP addresses with a large amount of data being sent outside the company firewall.
4. SME has also recently received several customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.
5. The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full scale malware/forensic investigation.
6. As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised either internally or externally and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.
7. The company uses Windows 10 for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.
8. The company provides mobile devices (Apple iOS) to its employees and the iPhones are considered corporate assets.
9. The company also as several employees who use non-corporate mobile devices for work but they are not considered corporate assets.
10. The company uses Microsoft Exchange with an enterprise email server environment where every employee has their own corporate email account.
11. The company’s network is composed of routers, firewalls, hubs, and active directory domain servers.
12. Many of the employees also carry tech-wearables e.g. FitBit, smart watches, etc that can be plugged into a computer via a USB port for charging and/or for data transfer.
13. The company has several employees in the United States and several in the European Union region (EU) e.g. two of them are in Germany.
14. Your task, as an attorney and a trained forensic investigator, is to supervise a digital forensics investigation to see whether you can prepare a case against the perpetrators.
15. This task may require investigating all employees including emails, the network, mobile devices, computers, etc.
16. In addition to overseeing an investigation you are asked to advise the company of its legal rights e.g. what the company may or may not do especially if you are planning to collect devices or emails.
Your deliverable in this assignment is a 3-page report (no more than 3 pages please) discussing how you would approach the following Digital Forensic Investigation. As part of this report you should also:
1. Outline and discuss the methodology that you will use.
2. Provide a reasoned argument as to why the particular methodology (or methodologies) chosen is relevant.
3. Identify key facts and identify key considerations to consider from a technical / forensic standpoint that the company should consider.
4. Identify key facts and identify key considerations to consider from a legal standpoint that the company should consider.
5. Discuss in detail (step by step) the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence.
6. Be sure to back your reasoning with case law as applicable.
1. Spend some time thinking about how you want to frame this.
2. Look at your textbooks – and the chapters covered. Perhaps that would give you a good roadmap.
3. There are many obvious and non-obvious devices here. Spend some time listing there as well as perhaps think of others that may be included (but was not explicitly) called out.
4. Refresh your memory on the order of volatility, this may help you prioritize.
5. Are there some potential resources that I did not include in this fact pattern, but you think should be considered (one good example might be capture of email accounts from the back-end e.g. Exchange server).
Why did I assign you this?
Many real-world cybersecurity incidents have a lot of moving parts and you may be asked to quickly formulate a plan while ensuring it has a legal foundation. This is a good exercise as to how you can learn to put everything together. In addition, I think this might make a great interview segment for you where you can demonstrate to a potential employer of how much you have learned!
This is also an open-ended assignment so many of you may approach this differently. This is fine so long you are mindful of the important forensic principles that we have learned together.
Plagiarism Free Papers
All our papers are original and written from scratch. We will email you a plagiarism report alongside your completed paper once done.
All papers are submitted ahead of time. We do this to allow you time to point out any area you would need revision on, and help you for free.
A title page preceeds all your paper content. Here, you put all your personal information and this we give out for free.
Without a reference/bibliography page, any academic paper is incomplete and doesnt qualify for grading. We also offer this for free.
Originality & Security
At Homework Sharks, we take confidentiality seriously and all your personal information is stored safely and do not share it with third parties for any reasons whatsoever. Our work is original and we send plagiarism reports alongside every paper.
24/7 Customer Support
Our agents are online 24/7. Feel free to contact us through email or talk to our live agents.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
We work around the clock to see best customer experience.
Our prces are pocket friendly and you can do partial payments. When that is not enough, we have a free enquiry service.
Admission help & Client-Writer Contact
When you need to elaborate something further to your writer, we provide that button.
We take deadlines seriously and our papers are submitted ahead of time. We are happy to assist you in case of any adjustments needed.
Your feedback, good or bad is of great concern to us and we take it very seriously. We are, therefore, constantly adjusting our policies to ensure best customer/writer experience.