ComputerScienceExpert
$18/per page/
There are three parts to this project and I am stuck I have tried asking for help from my professor and it has not gone anywhere. I have attached the document for all three parts with the questions and requirements.
Project: System Forensics, and Investigation
Purpose
The purpose of this project is to provide an opportunity for students to apply forensic investigation
competencies gained throughout this course. Students can work in groups of 2 – 3, but each student will
turn in each part. Required Source Information and Tools
The following tools and resources will be needed to complete this project: Course textbook Internet access Computer with Paraben P2 Commander installed Outlook.pst (an e-mail archive used in Project Part 2) Mac OS JSmith.img (a Mac OS X image file used in Project Part 3)
Note: Check with your instructor if you do not have access to Paraben P2 Commander. You may be able
to download a trial version or use other software, such as Forensic Toolkit (FTK) or EnCase
Forensic to complete this project. Learning Objectives and Outcomes
You will: Explain the rationale for computer forensic activities.
Explain computer forensic investigation procedures.
Evaluate sources of evidence.
Analyze laws related computer forensics.
Apply tools used in forensic investigations.
Analyze digital evidence.
Report findings.
Assess business considerations related to computer forensic investigations. Deliverables Part 1: Preparing for a Forensic Investigation (Week 6 – 17 points)
o Answer the questions in the “Tasks” section
o Document should be in APA Paper format
o 300 words, minimum
Part 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation (Week 8 – 17
points)
o Document the processes followed
o No minimum word length, but ensure proper attention is given to the procedures Bulleted or Number list, recommended with verbose (detailed) documentation Screen captures
o NOT APA Paper Format
Part 3: Analyzing Evidence from Mac OS X (Week 10 -- 35 points)
o Document the findings with detail in APA Paper format
o 600 words, minimum Part 1: Preparing for a Forensic Investigation
Scenario You are an employee at D&B Investigations, a firm that contracts with individuals, companies, and
government agencies to conduct computer forensics investigations. D&B employees are expected to
observe the following tenets, which the company views as the foundation for its success: Give concerted attention to clients’ needs and concerns.
Follow proper procedures and stay informed about legal issues.
Maintain the necessary skill set to apply effective investigative techniques using the latest
technologies. Your manager has just scheduled a meeting with an important prospective client, and she has asked you
to be part of the team that is preparing for the meeting. The prospective client is Brendan Oliver, a wellknown celebrity. Last night, Mr. Oliver’s public relations team discovered that someone obtained three
photos that were shot on his smartphone, and tried to sell the photos to the media. Due to the sensitive
nature of the photos, Mr. Oliver and his team have not yet contacted law enforcement. They would like
to know if D&B can provide any guidance or support related to the investigation—or, at the very least, if
D&B can help them prevent similar incidents from occurring in the future. At this time, they do not know
how the photos were acquired. The public relations team is wondering if a friend, family member, or
employee could have gained direct access to Mr. Oliver’s phone and obtained the photos that way,
although the phone is usually locked with a passcode when Mr. Oliver is not using it. In addition, Mr.
Oliver e-mailed the photos to one other person several months ago; he has not spoken with that person
in the last few weeks, but he does not believe that person would have shared the photos with anyone
else.
Your manager plans to use this initial meeting with Mr. Oliver and his public relations team to establish
rapport, learn more about the case, and demonstrate the firm’s expertise. The company sees this as an
opportunity to build future business, regardless of whether they are retained to help with the
investigation of this case.
Tasks To help the team prepare for the meeting, your manager asks you (and your colleagues) to consider and
record your responses the following questions: What is the nature of the alleged crime, and how does the nature of the crime influence a
prospective investigation?
Based on the limited information provided in the scenario, what is the rationale for launching an
investigation that uses computer forensic activities? Would D&B and/or law enforcement need
additional information in order to determine if they should proceed with an investigation? Why or
why not?
What would you share with the client about how investigators prepare for and conduct a computer
forensics investigation? Identify three to five key points that are most relevant to this case.
What sources of evidence would investigators likely examine in this case? Provide concrete
examples and explain your rationale.
What should the client, investigators, and others do—or not do—to ensure that evidence could be
used in a court of law? Using layman’s terms, explain laws and legal concepts that should be
taken into account during the collection, analysis, and presentation of evidence.
What questions and concerns do you think the client will have?
What questions should the team ask the client to learn more about the case and determine the
next steps? Part 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation
Scenario
D&B is conducting a very large electronic discovery (eDiscovery) investigation for a major client. This
case is so large that dozens of investigators and analysts are working on specific portions of the evidence
in parallel to save time and improve efficiency.
Since this is the first time you will be working on this type of investigation for D&B, your manager gives
you a “test” (a sample e-mail archive) so she can assess whether you need additional training before you
begin working with the rest of the team on the eDiscovery case. Your manager tells you that this archive
was extracted from a hard drive image marked “suspect,” but at present nothing more is known about the
user. She expects you to examine the archive and document all findings that might be of interest to a
forensic investigator. She explains that she will use your report to evaluate your investigation skills, logic
and reasoning abilities, and reporting methods.
Tasks Review the information about e-mail forensics and the Paraben P2 Commander E-mail Examiner
feature in the chapter titled “E-mail Forensics” in the course textbook. Using the P2 Commander E-mail Examiner, create a case file, select Add Evidence, and import
the e-mail archive (filename: Outlook.pst). P2 Commander will automatically begin sorting and
indexing if you choose that option. Search for information about the user; your goal is to learn as much as possible about who the
user is and what he or she has been doing. You may find evidence in the inbox or other
mailboxes. You can use the software features to help you keep track of the evidence you identify,
for instance, by bookmarking sections of interest and exporting attachments. Write a report in which you:
o Document your investigation methods.
o Document your findings. Explain what you found that may be of interest to a forensic
investigator, and provide your rationale for including each selection. Part 3: Analyzing Evidence from Mac OS X Scenario
Two weeks ago, D&B Investigations was hired to conduct an incident response for a major oil company in
North Dakota. The company’s senior management had reason to suspect that one or more company
employees were looking to commit corporate espionage. The incident response team went on-site, began
monitoring the network, and isolated several suspects. They captured forensic images from the machines
the suspects used. Now, your team leader has asked you to examine a forensic image captured from a
suspect’s computer, which runs the Mac OS X operating system. The suspect’s name is John Smith, and
he is one of the company’s research engineers.
Tasks Review the information on the Mac OS X file structure provided in the chapter titled “Macintosh
Forensics” in the course textbook. Using Paraben P2 Commander, create a case file and add the image the incident response team
captured (filename: Mac OS JSmith.img). Sort and review the various directories within the Mac OS X image. Look for evidence or
indicators that John Smith was or was not committing corporate espionage. This may include
direct evidence that John Smith took corporate property, as well as indirect evidence or indicators
about who the suspect is and what his activities were during work hours. You can use the
software features to help you keep track of the evidence you identify, for instance, by
bookmarking sections of interest and exporting files. Write a report in which you:
o Document your investigation methods.
o Document your findings. Explain what you found that may be relevant to the case, and
provide your rationale for each item you have identified as an indicator or evidence that
John Smith was or was not committing corporate espionage.
Analyze the potential implications of these findings for the company and for a legal case.