CO4507 Digital Forensic Investigation

Please keep in mind that this is a simulated investigation and does not include an entire storage device. As a result, you have only been provided with a subset of the files you would expect to see in a real-world investigation involving a USB storage device. While the evidence does not contain any tricks, you will be required to interpret the data/evidence and draw your own conclusions based on the evidence that you will find. You are required to answer the following questions in your expert report:

Question 1: Does the USB storage device image contain any evidence of the company secrets? If yes, please provide copies of this evidence, including the file name, and the file’s location/storage path.

Question 2: Has the suspect attempted to hide any of the evidence on the USB storage device? If yes, please discuss the approaches/techniques used to hide data, along with the hidden evidence found on the storage device.

Question 3: Have you uncovered any evidence to suggest why the suspect has attempted to steal the company secrets?

In addition, your expert report should document the individual parts of a digital forensic investigation you have undertaken. For example:

• Check that the disk acquisition has been performed correctly

• Maintain investigative documentation

• Use forensic tools to analyse and interpret digital data

• Create an expert report containing the findings from your investigation

• Keep investigative notes

The length of your investigative notes should reflect your investigation process accurately.