Professional Documents
Culture Documents
The Final Expert Project is a practical case in which the student must demonstrate the
technical, methodological and legal concepts acquired during the course. The following
documents are expected as deliverables:
A computerized expert report, as the student would present it to a court, with the results
obtained from their analyzes and their conclusions.
The chain of custody of the evidence analyzed as if the expert had carried out the acquisition
in situ. It should be explained where the copy was made, how the extraction was carried out
and the result of the digital signature or cryptographic hash.
Optionally, an additional document where the student can explain those details of his
analysis that he did not want to include in the expert report, such as considerations about
why he does some analysis and not others, results that he has not wanted to include or
problems that he has found.
Case description
On a business trip, Mr. Informant received an offer from Spy Conspirator to leak sensitive
information related to the technology being developed at Iaman Informant's company.
Given Mr. Informant's delicate financial and personal situation, he accepted the offer and
began to think about a detailed escape plan.
During the planning of the way in which said information was to be leaked, the company
receives information that makes it suspect that Mr. Informant and Mr. Conspirator
exchanged various emails pretending to be part of an employment relationship between
their respective companies. It is also suspected that part of the stolen information was
leaked through cloud storage systems.
The company hires a computer expert to perform a forensic analysis of the seized
information.
Material
Excerpt from the company's security policy (included at the end of this statement).
Image of the USB memory seized from Mr. Informant when the company left
(memoria_USB.zip).
Image of Mr. Informant's corporate computer hard drive. It must be downloaded from the
following links:
https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
z.001
https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
z.002
https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
z.003
Note: this TFE is based on the forensic scenario posted at the following URL:
https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html
However, some questions have been changed and more materials have been provided. It is
mandatory to adhere to the material and questions in this statement.