Forensic Examination and Expert Witness Report: Digital Investigation

You are required to carry out a forensic examination of the evidence file that you have been supplied with and forensically examine its contents. You will need to produce an expert witness report that describes the formal investigation methodology that you followed and presents your findings. It is therefore essential that you follow a formal investigation procedure.

You will have to describe in detail the methodology that you followed in order to analyze the evidence file. You will have to identify and describe the procedures for all the different phases of your investigation including the tools you used for the analysis.

Your findings should be presented in a factual way, following the guidelines that were discussed in class. Your findings should include any relevant information that was discovered during your investigation. You should illustrate your analysis with screen dumps of the tools you used.

Your expert witness report should be no more than 2000 words.

You also need to produce contemporaneous notes that reflect the work you have undertaken and justify how you maintained the chain of custody. It is advisable you make use of a specialist tool to securely record your digital notes. Your contemporaneous notes should be submitted as an Appendix to the expert witness report and there is no word count for the notes.

Contemporaneous notes:

Hints:

1.Remember to include time/date, action taken, picture reference, person doing the proceedings.

2.Consider  any  data  that  is  directly  linked  with  the  computer  system.  Such  as  any  evidential  computer  storage  components  (e.g.  unplugged  USB  flash  memory,  CDs.),  computer  storage  media (e.g. hard disk).

3.Consider  the  physical  evidence,  anything  that  can  be  seen  or  touched.  For  instance,  a  fraudster’s case may identify ‘tools’ that have been used from the fraudster. Examples include computer  peripherals  (e.g.  a  printer  could  retain  a  copy  of  data  in  memory),  telephone  devices,   personal   belongings  (e.g.   receipts,   notes),   litterbins   (e.g.   non   shredded   bank   statements),  card  cloning  devices,  video  screening  equipment  (e.g.  hidden  cameras),  digital cameras (e.g. stalking for possible victims).  

Submission Requirements:

Your report should be prepared as follows:

The same font should be used throughout. We would prefer you to use 12-point Times, though any reasonable alternative (such as Arial) will be accepted.

Lines should be single-spaced, with between 1/2 a line and a whole line of extra space after each paragraph.

Margins: at least 20mm left and right; 25mm top and bottom.

This Assignment assesses the following module Learning Outcomes:

1.Advanced current concepts and issues of information environment risks, vulnerabilities and threats.

2.Managing an information environment in terms of deterrence, detection, protection and reaction to access.

3.A systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena under the context of a risk and threat assessment.

4.Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.

5.Use initiative to autonomously conduct and manage a risk assessment of a complex and unpredictable environment.

6.Demonstrating a systematic approach of creatively applying security standards to unfamiliar contexts for solving problems.