Scribd Logo
Upload

Welcome to Scribd!

  • Objective

    Uploaded by

    reputation.com.ng
    5 views2 pages
    The Final Expert Project requires students to demonstrate technical, methodological, and legal concepts through a simulated computer forensics case. Students must submit: 1) An expert report presenting analysis results and conclusions as if for a court. 2) Documentation of the chain of custody for any evidence analyzed, such as where copies were made and how extractions were performed. 3) An optional additional document explaining analysis details not included in the report, like why certain analyses were or weren't performed and problems encountered.

    Original Description:

    proj objective

    Original Title

    objective

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Final Expert Project requires students to demonstrate technical, methodological, and legal concepts through a simulated computer forensics case. Students must submit: 1) An expert report presenting analysis results and conclusions as if for a court. 2) Documentation of the chain of custody for any evidence analyzed, such as where copies were made and how extractions were performed. 3) An optional additional document explaining analysis details not included in the report, like why certain analyses were or weren't performed and problems encountered.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    Objective

    Uploaded by

    reputation.com.ng
    The Final Expert Project requires students to demonstrate technical, methodological, and legal concepts through a simulated computer forensics case. Students must submit: 1) An expert report presenting analysis results and conclusions as if for a court. 2) Documentation of the chain of custody for any evidence analyzed, such as where copies were made and how extractions were performed. 3) An optional additional document explaining analysis details not included in the report, like why certain analyses were or weren't performed and problems encountered.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    objective

    The Final Expert Project is a practical case in which the student must demonstrate the
    technical, methodological and legal concepts acquired during the course. The following
    documents are expected as deliverables:

    A computerized expert report, as the student would present it to a court, with the results
    obtained from their analyzes and their conclusions.
    The chain of custody of the evidence analyzed as if the expert had carried out the acquisition
    in situ. It should be explained where the copy was made, how the extraction was carried out
    and the result of the digital signature or cryptographic hash.
    Optionally, an additional document where the student can explain those details of his
    analysis that he did not want to include in the expert report, such as considerations about
    why he does some analysis and not others, results that he has not wanted to include or
    problems that he has found.

    Case description

    Iaman Informant works as manager of the technology development area of a large


    international company.

    On a business trip, Mr. Informant received an offer from Spy Conspirator to leak sensitive
    information related to the technology being developed at Iaman Informant's company.
    Given Mr. Informant's delicate financial and personal situation, he accepted the offer and
    began to think about a detailed escape plan.

    During the planning of the way in which said information was to be leaked, the company
    receives information that makes it suspect that Mr. Informant and Mr. Conspirator
    exchanged various emails pretending to be part of an employment relationship between
    their respective companies. It is also suspected that part of the stolen information was
    leaked through cloud storage systems.

    Motivated by these suspicions, it is decided to initiate an investigation and inform Mr.


    Informant of it. Immediately after this conversation, he is informed of his suspension of
    employment and a sealing of his corporate computer is initiated. During said sealing, a USB
    memory is located on his work table, which is saved. Mr. Informant declares that this is
    personal and his property.

    The company hires a computer expert to perform a forensic analysis of the seized
    information.
    Material

    The material provided for analysis is as follows:

    Excerpt from the company's security policy (included at the end of this statement).
    Image of the USB memory seized from Mr. Informant when the company left
    (memoria_USB.zip).
    Image of Mr. Informant's corporate computer hard drive. It must be downloaded from the
    following links:
    https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
    z.001
    https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
    z.002
    https://www.cfreds.nist.gov/data_leakage_case/images/pc/cfreds_2015_data_leakage_pc.7
    z.003

    Note: this TFE is based on the forensic scenario posted at the following URL:

    https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html

    However, some questions have been changed and more materials have been provided. It is
    mandatory to adhere to the material and questions in this statement.

    You might also like