Forensic investigation into digital evidence.
Digital Forensic Technology
Perform a forensic investigation into digital evidence.
Assessed Learning Objectives
LO3 – Analyse, interpret and report on digital evidence
LO4 – Use and extend a technical vocabulary necessary to interact with stakeholders in a digital forensic investigation
Learning to write concisely is an important skill to develop and is useful throughout your academic and professional career. Your mark will be penalised heavily if you exceed the word counts or page limits.
You should use Microsoft Word to complete this assignment. If you use a word processor other than Microsoft Word then you should check to ensure that the document layout is the same as Microsoft Word. Microsoft Word is also available through the University remote access portal page.
Constraints: 6 pages + contemporaneous notes
Feedback: Up to 3 weeks after submission
Weight: 50% of the module mark
Audience: Non-technical client/investigation commissioner
You are provided with an evidence file available on Blackboard.
Perform and report on individual parts of a digital forensic investigation.
• Check that the disk acquisition has been performed correctly
• Maintain investigative documentation
• Use forensic tools to analyse and interpret digital data.
• Create an expert report containing the findings from your investigation
• Keep contemporaneous notes
This is a simulated investigation and doesn’t include the analysis of lots of irrelevant data. The evidence that is provided is small and doesn’t include any tricks. You will however need to interpret the data/evidence and draw your own conclusions based on the evidence you find.
You will create an expert report to communicate your findings. See the scenario below for further information about your investigation. You will keep notes of your investigative actions contemporaneously; they should be as long as is necessary but should reflect your investigation process accurately.
You are a forensic investigator working for the UCLAN High Tech Crime Unit. You have been contacted by the Managing Director of the company ‘Vamos Solutions’. One of their employees has been accused of stealing company secrets.
The employee has attempted to smuggle company secrets out of the work building by copying company secrets onto a USB data storage device. While leaving the building the employee was detained by on-site security and the USB storage device was discovered. This USB storage device has been processed by a forensic imaging technician and the forensic image has been obtained.
You have been provided with a virtual machine that contains the forensic image of the USB data storage device. This is called exhibit CST/001. The virtual machine is available for download via Blackboard, and is available under CO4514->Assignment 3->cst-001.zip. This is a ZIP file that contains a virtual machine, and the files must be extracted from the ZIP file before they can be accessed.
You have been asked to answer the following questions.
Question 1 – Is there any evidence to suggest that the company secrets have been copied onto the USB pen?
Question 2 – Is there any evidence to suggest that the suspect has tried to hide any data?
Question 3 – Any evidence to suggest the reason why the suspect has attempted to steal this data?
Question 4 – What further evidence may be needed by the investigation team to support any of the facts discovered during your investigation?
Note: question 4 is not about the evidence that you will find during your investigation; it is about identifying what further evidence could possibly be found if you had access to other evidence sources (for example, the suspect’s office computer).