Ccsi460 Final Forensic Lab Report

CCSI460 Final Forensic Lab Report

Investigator’s Name:

Date of Investigation:

Lab Number and Title: Lab 4 Hard Drive Image Analysis

Summary of Findings:

Finding 1: Write a short summary paragraph for your highest priority finding.

My highest priority finding was a email from Denny to a mr.big@second.source.ru and a document listing source codes Classification: TOP Secret (see attached files)

Site visit to request a new email account

Finding 2: Write a short summary paragraph for your least important finding.

My least important findings would be the multiple files that included common data found on a work/home computer.

Details of Investigation:

Background Information Intelligent Imaging Solutions (IIS) has discovered that some of its most critical and strategic intellectual property (IP) is available for sale on the Internet. IIS is asking Donna Stewart, digital forensic expert to consult with its information security and network administrators to determine how this serious exposure occurred and to recommend appropriate actions.

11/24/12 7pm:

1. I began the forensic acquisition/imaging process of the image.dd. Prior to taking control of the image.dd, I ensured the proper search warrant was obtained, noted any identifiers, while maintaining chain of custody. Using a sterile storage media forensically wiped and verified by this examiner (MD5 hash value: b24b5e52d27682af6634c16ce70671db image.dd) using Md5sum tool version 1.2. The MD5 hash value for the examination medium yielded the same MD5 hash value as previous forensic wipes to sterilize this media.

11/24/12 7:30pm:

2. Next I used forensic analysis tool, AccessData’s Forensic Toolkit-FTK v1.81.6 build 10.04.02 to analyize the data of the image.dd file.

The file contained the following (Screenshot)

3. Using a keyword search, (source code, IIS, MSA. etc.) I was able to retrieve two files that indicate classified information...