Ccsi460 Week 4 Ilab

CCSI460 Final Forensic Lab Report

Investigator’s Name:

Date of Investigation:

Lab Number and Title: 4: Hard Drive Image Analysis

Summary of Findings:

Denny Vette (dvette@hotmail.com) sent an email to mrbig@second.source.ru on Tuesday Jan 1, 2002 at 23:09:06 -0500 that contained an attachment, pic2.jpg. Hidden within this attachment was source code information that was leaked out (see Stegout-contents).

Other findings of Note:

Username: ewilson

FileName: realhot.jpg

File Path: Week4Image.dd\SYS-FAT16\Documents and Settings\ewilson\My Documents\My Pictures\realhot.jpg

The above file is a pornographic file and should be brought to the attention of the lead investigator / prosecution / company to determine the next course of action, as this could create civil issues within the company related to sexual harassment (at the very least).

Username: spook

FileName: Dc1.xls

File Contents: This file appears to contain a manual record of email information: Subject, Body, FromName, FromAddress, FromType, ToName, ToAddress, ToType, CCName, CCAddress, CCType, BCCNAME, BCCAddress, BCCType, BillingInformation, Categories, Importance, Mileage, and Sensitivity (spelling error on Sensitivity maintained from the file)

This raises a red flag, because there should be no need to manually track this type of information. All of the messages are Security / Network / Hacking related.

The lead investigator / prosecutor / company should be informed in case further investigation is required.

Details of Investigation:

Investigation into an Intelligent Imaging Solutions image to determine how their source code was exposed. Who exposed it and when it happened.

The investigation should also look for any other questionable activity including civil and criminal activities.

Also noting that at the start of the investigation, this is when warrant /subpoena information and details would be verified to determine the...