CO4507 Digital Forensic Investigation
Task:
Please keep in mind that this is a simulated investigation and does not include an entire storage device. As a result, you have only been provided with a subset of the files you would expect to see in a real-world investigation involving a USB storage device. While the evidence does not contain any tricks, you will be required to interpret the data/evidence and draw your own conclusions based on the evidence that you will find. You are required to answer the following questions in your expert report:
Question 1: Does the USB storage device image contain any evidence of the company secrets? If yes, please provide copies of this evidence, including the file name, and the file’s location/storage path.
Question 2: Has the suspect attempted to hide any of the evidence on the USB storage device? If yes, please discuss the approaches/techniques used to hide data, along with the hidden evidence found on the storage device.
Question 3: Have you uncovered any evidence to suggest why the suspect has attempted to steal the company secrets?
In addition, your expert report should document the individual parts of a digital forensic investigation you have undertaken. For example:
• Check that the disk acquisition has been performed correctly
• Maintain investigative documentation
• Use forensic tools to analyse and interpret digital data
• Create an expert report containing the findings from your investigation
• Keep investigative notes
The length of your investigative notes should reflect your investigation process accurately.