Ccsi460 Final Lab Report

CCSI460 Final Forensic Lab Report

Investigator’s Name:

Date of Investigation:

Lab Number and Title: Course Project: Final Forensics Report

Summary of Findings:

Humpty D. Dumpty acquired the source code using COPS and TSK. He emailed Jimbo to let him know he had acquired the data and would drop it off that night. I believe Jimbo is either a current or former employee, as it says in Humpty’s email that it was where Jimbo had told him it would be. The source code was also found under Humpty D. Dumpty’s directory.

Maxwell Smart is involved with child pornography, as an email referencing a picture with child pornography was sent to Big Boy. The pornographic material was hidden using steghide. I also found 3 photographs and possibly one other that would be considered child pornography under Maxwell Smart’s directory.

I found evidence to suggest Ebinezzer Scrooge is involved with Joe and D. King in a bid rigging scheme. I found an email from Joe to Ebinezzer Scrooge stating that it was his turn and he would bid high. I also found a memo from Ebinezzer Scrooge to D. King stating that Joe is bidding high, so they were getting the contract but they had “no one left who knew the tech pieces”. (Side note: Both Scrooge and Joe work for the same company, don’t bid rigging schemes usually involve different companies?) Something to note: having “no one left who knew the tech pieces” suggest that someone was recently fired? If so, it could provide motive for stealing the source code. I also found a .txt document under Scrooge’s directory to popeye requesting money. I couldn’t find any other evidence to support this was related though.

Step 1:

1. How was source code disclosed?

Both programs COPS and TSK were found under Humpty D. Dumpty’s directory. I believe COPS was used to find a loophole in the security, next TSK was used to find the source code. The source code was disclosed by physically passing the data at a meeting point,...