Cyber Forensics Investigations Process
Order ID: 89JHGSJE83839 Style: APA/MLA/Harvard/Chicago Pages: 5-10 Instructions:
Case Study
This case study provides the opportunity to walk through the cyber forensics investigation.
process. Through this exercise, the goal is to outline how to execute the investigative plan,
determine tools needed to conduct the forensics analysis, and conduct a basic computer
forensics investigation. See the Assignment Requirements section on the last page for details
on what is needed to do for this final case study.
Company background information
ACE Consulting has approximately 500 employees in six cities in a regional area (Memphis,
TN; Knoxville, Atlanta, GA; Paducah, KY; Little Rock AR; and Mobile, AL. The main office is
in Nashville TN, which houses 200 of the employees. The main office is located in a suburb
neighborhood where physical security is not considered a concern.
Their IT infrastructure is as follows:
· They use a mix of Microsoft and Linux servers and PCs with a number of Mac
computers used for the various consulting they do. They use Active Directory, have an
Apache Web Server for the Internet web site, four servers used as file storage (one in
each office), four servers housing applications used for various consulting activities, a
training server, five MS SQL database servers, and Office 365 for email.
· There are 20 Windows 2008 servers in the main office, twelve of which are
virtualized on three physical servers.
· There are 15 Linux servers all virtualized.
· System updates and patches are run from the main office. Most systems get
Microsoft updates once a month, but some are missed. Also, most third party
products (e.g., Adobe PDF & Flash) are not kept up to date.
· Each satellite office has 3-4 servers for storing files and running local applications.
o Each office has its own, decentralized wireless network connected to the
production network.
· Some employees has a desktop or laptop PC running Windows 10. While others
are using Macbook Pro with OSx 10. HR personnel have laptops for conducting
interviews as well as posting job openings and conducting research for the
owners.
· The network sits behind a gateway router and firewall. Antivirus is in use, but is not
automatically updated across the company. Employees often work remotely and only
use their login and password to gain access to the corporate systems.
Case Scenario
Last month, a number of clients reported having their proprietary information and research
and development showing up in competitors hands. Additionally, some employees have
noted they have noticed unusual activities in personal accounts and personal email. You
have been hired by ACE Consulting Chief Operations Officer (COO), Brad Richards as an
independent investigator to look into some company owned computers and devices to
determine if there is a leak or an insider in the company. All formal reports will go directly to
him.
There are two primary targets:
1. James Brown is a project manager who has worked at the main office for ten years.
He has worked his way up through the organization and has access to all systems,
since hes the go-to guy to help with any consulting issues. Hes also been known
to be disgruntled about senior leaders and has been open about his feelings. Brown
reports to the Projects Manager, Nathan Brim. He uses a laptop computer at the
office and remotely. It is described below:
a. Dell Latitude 3793 Core i7 M640, 16GB, 500GB HDD, Windows 10
Professional 64-bit
b. The BIOS Make is Dell Inc, and Serial Number is H127845
c. There is a PCI Video card, internal sound card, internal network interface,
and two internal USB ports.
d. You found a SanDisk 8GB USB flash drive on his desk along with numerous
data DVDs.
e. He has a personal Google mail (Gmail) account, which he accesses regularly
from his laptop, as well as Google Drive.
f. In reviewing the PCs hard drive, it is noticed that 400GB can be seen or
accessed and it is suspected it may contain a hidden drive/partition since it
has VersaCrypt installed.
2. Sam Abrams is a new member on the IT support team, having started at ACE six
months ago. He supports project managers with the general computer operations
and troubleshoots issues they have. He has full access to the projects tracking
system and database in order to support remote users. He reports to Jane Sims, the
manager of IT. He uses a company standard desktop PC.
a. Dell OptiPlex 760 Intel® Core 2 Duo CPU E8400, 8GB, 500GB HDD,
DVDRW, Windows 10 Professional 64-bit
b. The BIOS Make is Dell Inc, A03, date is , and Serial Number is UF284153.
c. There is a PCI Video card, internal sound card, internal 100Mb network
interface, and three internal USB ports.
d. In addition to his corporate email account, he also has a Yahoo account that
he accesses from his PC. From his IE7 browser history, you can also tell he
uses Facebook, Craigslist, and Dropbox.
Other Personnel:
Jack Lewis is the IT Director for ACE. He is responsible for maintaining all of the
servers and network equipment.
Shelly Johnson is the HR Director and is responsible for all personnel matters.
Assignment requirements:
In a formal investigative report, address all of the following. Remember, your audience is
COO. Give proper attention to wording, grammar, spelling, punctuation, structure and use
APA (American Psychological Association) for citing sources used in the report. Be sure you
show where source are used in the report with in-text citing. Make sure youre covering the
case in sufficient detail and are answering any potential questions he may ask. Lastly,
remember to put your name on your paper as the chief investigator.
1. Provide an executive summary of the case.
2. Document any assumptions for this case.
3. Provide any jurisdictional issues between the locations.
4. Provide a background synopsis of the case. This is an overall narrative of the facts of the
case. It should answer the who, what, when, why, and how of the investigation.
5. Document how the investigation would be carried out. This is a description of the
process to take for this investigation.
a. Include whether or not a search warrant will be needed and any other legal
aspects to consider.
b. Who would need to be interviewed and need to have involved? What role(s)
would each play?
c. What computer or network systems would need to have access to for analysis?
What information could each provide?
d. Would this be a live or dead acquisition of the data?
e. How would the evidence be collected and stored? What tools would be needed
for the specific platforms? Include how to ensure the chain of custody to preserve
its integrity.
f. What other information would need to be looked for in this case?
g. How would you prove innocence or guilt in this case?
6. List the tools you would need for this investigation.
a. This includes both hardware and software in your forensics toolkit.
b. How would each tool be used in your investigation?
7. The final item is the evidence list. This should include all items you processed. Each
item should be identified by:
a. Make:
b. Model:
c. Serial Number of the device (this includes individual hard drive located in a PC):
d. Removable media
e. Operating System
f. Install application(s)
g. Other identifying information associated with the asset.
RUBRIC
Excellent Quality
95-100%
Introduction 45-41 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Literature Support
91-84 points
The background and significance of the problem and a clear statement of the research purpose is provided. The search history is mentioned.
Methodology
58-53 points
Content is well-organized with headings for each slide and bulleted lists to group related material as needed. Use of font, color, graphics, effects, etc. to enhance readability and presentation content is excellent. Length requirements of 10 slides/pages or less is met.
Average Score
50-85%
40-38 points
More depth/detail for the background and significance is needed, or the research detail is not clear. No search history information is provided.
83-76 points
Review of relevant theoretical literature is evident, but there is little integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are included. Summary of information presented is included. Conclusion may not contain a biblical integration.
52-49 points
Content is somewhat organized, but no structure is apparent. The use of font, color, graphics, effects, etc. is occasionally detracting to the presentation content. Length requirements may not be met.
Poor Quality
0-45%
37-1 points
The background and/or significance are missing. No search history information is provided.
75-1 points
Review of relevant theoretical literature is evident, but there is no integration of studies into concepts related to problem. Review is partially focused and organized. Supporting and opposing research are not included in the summary of information presented. Conclusion does not contain a biblical integration.
48-1 points
There is no clear or logical organizational structure. No logical sequence is apparent. The use of font, color, graphics, effects etc. is often detracting to the presentation content. Length requirements may not be met
You Can Also Place the Order at www.collegepaper.us/orders/ordernow or www.crucialessay.com/orders/ordernow Cyber Forensics Investigations Process
Cyber Forensics Investigations Process