Digital Forensic Investigation. PRACTICAL CONNECTION ASSIGNMENT
Original source of fact pattern: https://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
- A Computer Forensic investigator generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorized access or not.
- Computer Forensics investigators work as a team to investigate the incident and conduct the forensic analysis by using various methodologies (e.g. Static and Dynamic) and tools (e.g. FTK or Encase) to ensure the computer network system is secure in an organization.
- A successful Computer Forensic investigator must be familiar with various laws and regulations related to computer crimes in their country (e.g. Computer Misuse Act 1990, the UK) and various computer operating systems (e.g. Windows, Linux) and network operating systems (e.g. Win NT).
- Public investigations and Private or Corporate investigations are the two distinctive categories that fall under Computer Forensics investigations. Public investigations will be conducted by government agencies, and private investigations will be conducted by private computer forensic team.
- A new start-up SME (small-medium enterprise) based in Luton has recently begun to notice anomalies in its accounting and product records.
- This SME has also noticed that their competitors seem to be developing products that are very similar to what they are doing which suggests potential intellectual property theft.
- SME has undertaken an initial check of system log files, and there are several suspicious entries and IP addresses with a large amount of data being sent outside the company firewall.
- SME has also recently received several customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.
- The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full scale malware/forensic investigation.
- As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised either internally or externally and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.
- The company uses Windows 10 for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.
- The company provides mobile devices (Apple iOS) to its employees and the iPhones are considered corporate assets.
- The company also as several employees who use non-corporate mobile devices for work but they are not considered corporate assets.
- The company uses Microsoft Exchange with an enterprise email server environment where every employee has their own corporate email account.
- The company’s network is composed of routers, firewalls, hubs, and active directory domain servers.
- Many of the employees also carry tech-wearables e.g. FitBit, smart watches, etc that can be plugged into a computer via a USB port for charging and/or for data transfer.
- The company has several employees in the United States and several in the European Union region (EU) e.g. two of them are in Germany.
- Your task, as an attorney and a trained forensic investigator, is to supervise a digital forensics investigation to see whether you can prepare a case against the perpetrators.
- This task may require investigating all employees including emails, the network, mobile devices, computers, etc.
- In addition to overseeing an investigation you are asked to advise the company of its legal rights e.g. what the company may or may not do especially if you are planning to collect devices or emails.
Your deliverable in this assignment is a 2-page report discussing how you would approach the following Digital Forensic Investigation. As part of this report you should also:
- Outline and discuss the methodology that you will use.
- Provide a reasoned argument as to why the particular methodology (or methodologies) chosen is relevant.
- Identify key facts and identify key considerations to consider from a technical / forensic standpoint that the company should consider.
- Identify key facts and identify key considerations to consider from a legal standpoint that the company should consider.
- Discuss in detail (step by step) the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence.
- Be sure to back your reasoning with case law as applicable.