StudyDaddy Article Writing You have kicked off the District 4 Production Warehouse Move project, your contractors are in place and working on receiving the proper building permits.You originally were told the permits would only

You have kicked off the District 4 Production Warehouse Move project, your contractors are in place and working on receiving the proper building permits.You originally were told the permits would only

Digital Forensic Examination Summary Report

(For all lab assignments except Lab 0; remove red writing before submitting assignments.)

Examiner: Your name and forensics company (simulated).

______________________________________________________________________________

Case Background: Give an adequate description of the scenario as if the reader knows nothing about this case. why are you conducting this examination? who requested it? This should be more than 2-3 sentences. Use what's given to you in the lab scenario assignment to establish a quality case background.

______________________________________________________________________________

Legal Authority: (To conduct exam i.e. search warrant, consent, government / organizational property. This must be always stated in a report).

______________________________________________________________________________

Tools Used:

(It's a good idea to divide into subsections.)

Hardware

(Lab machine - your laptop or desktop).

Simulate using a hardware write-blocker if the scenario doesn't specify how the data is write protected. A write-blocker prevents any writes to the media being examined so the examiner can acquire it safely without altering original evidence.)

Software

(Include full software versions, simulate when necessary).

______________________________________________________________________________

Initial Processing (Show both acquisition and verification hash sums; list the media examined with description and serial number / see Addendum A)

Example verbiage: "The processing included inspection, photography, and anti-virus scans of the examined media. The imaging of the media created forensic evidence files for use in the subsequent forensic examination. Methods were forensically sound and verifiable based on matching hash sum values."

______________________________________________________________________________

Preliminary Findings: (Out of analyzing X number of files, X were of forensic value; briefly describe the partition and file structure of the media examined; this is a synopsis of what you found of forensic value.)

______________________________________________________________________________

Detailed Findings: (This is where most or all of the case questions can be answered along with whatever else is required in the grading deliverables. This will always be the longest part of your report. If you feel that some detailed findings would be better placed in an Addendum, that's a good place too).

Discussion Questions: The lab instructions will have discussion questions related to the specific lab. For instance, the discussion questions for Lab1 can be found on page 5 of the “CMIT 424 Lab 1 Lecture SPR16” document.

  1. Which items were properly sanitized? (What evidence indicates this?)

One or two sentence answer.

  1. Which items were not sanitized? (What evidence indicates this?)

One or two sentence answer.

  1. For storage media containing recoverable artifacts, which artifacts on that storage media require further investigation? Grounds for further investigation include:

    1. Privacy issues (i.e. contents included names, addresses, and other personally identifiable information)

    2. Customer information

    3. Company owned intellectual property

    4. Pornography, gambling, or other banned activities (unacceptable use of company resources)

    5. Criminal activity

    6. Password Protected files (including recoverable passwords)

    7. Any other activities contrary to the company’s policies or best interests

In cases where you are given such as that in question 3, you are not required to answer every question if they do not apply. For instance, if you find no issues related to privacy, you do not need to answer question 3.a. Use your best judgement.

Conclusions / Further Actions Required: (Just state the facts; recommend what other devices could be examined to further the case; recommend interviews of subjects if applicable; are there protected files that need decryption?

Do not make judgment calls or suggest punitive actions i.e. John Smith should be removed from his position; give the client the facts and let them make the decisions on what to do with the information.)

Each Addendum should start on a separate page.

Addendum A: Photos

(Simulate with pics of similar devices you find on the Internet. It is always a good idea to include a picture of the evidence you examined.)

Example:

The following is a photograph of XXXX

PICTURE(s) SHOWN HERE

The following details the forensic image processing.

Seagate Hard Drive, 250GB, Serial #12345:

Digital Forensics Examiner (DFE) created forensic evidence files of XXXX drive #XXXX.

The pre-processing hash results are presented below:

MD5 checksum: XXXX

SHA1 checksum: XXXX

The forensic processing subsequently created XXXX (X) files (simulated).

Forensic Evidence Files Created: XXX.E01 – XXXX.E04 (example with four files)

The forensic imaging process involved a post processing hash verification of the contents of the evidence file compared with the pre-processing hash. The hash analysis is presented below.

MD5 checksum: XXXX: verified

SHA1 checksum: XXXX: verified

The forensic imaging process successfully created a forensically sound and verifiable bit stream copy of the hard drive in the form of forensic evidence files.

Addendum B: Steps Taken

These are your notes on the steps you took while conducting the examination. Often, the examiner must submit their notes along with the forensic report if a case goes to court.

I recommend just numbering your steps i.e. 1, 2, 3 in chronological order.

Start with how you received the media and describe how you sterilized. For example:

1. Original USB drives and CD-Rs received from R. Jones. Items labeled and chain of custody (COC) documentation initiated.

2. Forensically sterilized target media prepared using Paladin vX.XX.XXX. After launching the Paladin tool, the target media was physically connected to the workstation running Paladin. Target media was wiped and verified using command “sudo dcfldd pattern=00 vf=/dev/sdc.” Results were a match, verifying the target media was forensically sterile.

3. describe your analysis steps

4. cont'd

Report End

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!