Week 4 Lab

CCSI460 Final Forensic Lab Report

Investigator’s Name: Matthew McHann

Date of Investigation: 3/27/15

Lab Number and Title: 4: Hard Drive Image Analysis

Summary of Findings:

Denny Vette sent an email to mrbig@second.source.ru on Tuesday Jan 1, 2002 at 23:09:06 that had a pic2.jpg file attached to it. Hidden within this file was source code information that was leaked out.

Username: ewilson

FileName: realhot.jpg

File Path: Week4Image.dd\SYS-FAT16\Documents and Settings\ewilson\My Documents\My Pictures\realhot.jpg

The above file is a pornographic file and should be brought to the attention of the investigator of the case to determine the next course of action. As this could create not only a civil issues within the company but also criminal issue.

Username: spook

FileName: Dc1.xls

File Contents: This file appears to contain a manual record of email information:

Subject, Body, FromName, FromAddress, FromType, ToName, ToAddress, ToType, CCName, CCAddress, CCType, BCCNAME, BCCAddress, BCCType, BillingInformation, Categories, Importance, Mileage, and Sensitivity.

This raises a red flag, because there should be no need to manually track this type of information.

The lead investigator and company should be informed in case further investigation is required.

Details of Investigation:

Investigation into an Intelligent Imaging Solutions image to determine how their source code was exposed. Who exposed it and when it happened?

The investigation should also look for any other questionable activity including civil and criminal activities. This investigation is a mixture of private and law breaking issues. If this case turns out to be true then both civil and criminal action well have to be taken.

March 27th 2015.

1:00 AM – Downloaded the Image.zip file and extracted its contents.

1:42 AM – Noting MD5 Sum from the included MD5 Hash file

b24b5e52d27682af6634c16ce70671db

2:43: AM – Obtaining Image...