Professional Documents
Culture Documents
biz-Jean
Forensic Report
By:
Marcus Lionel Holland
June 18
2020
Legal Aspects to Consider
2
Investigation of the M57.biz Exfiltration
Questions to be Answered:
• When did Jean create the spreadsheet?
• How did it get from her computer to the competitor’s
website?
• Who else within M57.biz may be involved?
3
Process and Tools used to Collect and Analyze Data
Tools:
• Forensic Toolkit
• Autopsy
Process of verification:
• Using FTK, it verified the hashes
to ensure the file had not been
corrupted. The MD5 and SHA1
hash matched perfectly. This
ensures all evidence being
reviewed is 100% accurate.
• Autopsy was chosen for analyzing
the data because if its ability
create a timeline of events and
produce an image of Jean’s hard
drive
4
Findings
Creation of Answer to Question 1:
Jean’sSpreadsheet
• Autopsy revealed when Jan
created her spreadsheet.
5
Findings
Answer to Question 2:
• A keyword search for the name of
spreadsheet revealed the spreadsheet
never left Jean’s computer until it was
sent in this email which appears to be
Alison. It even ends with Alison’s name
in the signature. It appears the
spreadsheet ended up on the rival’s
website not long after the spreadsheet
was sent from Jean’s computer on July
19, 2008.
• In the email, a “from” address includes
tuckgorge@gmail.com which was
interesting.
• A keyword search of
tuckgorge@gmail.com revealed many
more unknown address that had been
intercepting Jean’s emails
6
Findings Cont.
Jean’s Acquittal
7
Findings Cont.
Answer to Question 3:
• Due to the phishing attack employees
appeared to be involved including.
Entities “Involved”
• Jean - CFO
• Alison - President
• Carol - Programmer
• Bob – Programmer
8
alex@m57.biz
Expert Opinion
Email
marcusholland@sandiego.edu