ECOM6032 E-discovery and digital forensics Homework #1 (Continued) Due: 11pm, 8 July 2016 A Hypothetical Scenario for Digital Investigation Name:__________________ Student ID: __________________ After completing the "Hypothetical Case Scenario" questionnaire and creating the relevant digital "clues" on a USB thumb drive in relation to the case scenario, please pass your thumb drive (containing your digital clues) to another person in the class for analysis. As mentioned in the class, the digital clues must include at least one of each of the following: - • Hidden file • Deleted file • Email • Graphic file • Password-protected file • Compressed file • Web access (browser history) • Wiped file After receiving the USB thumb drive from your classmate, you can start analyzing the digital clues and then write a report (at least 2000 words) of investigation findings containing the below items: - I. Abstract (Summary paragraph of report) II. Body of Report a. Background of the case scenario b. Procedures of the examination (Data cloning, Steps of forensics analysis) c. What devices/file systems were examined? d. What specific files were examined? (type of files and count of each type) e. What content was observed in the files? f. How is the content of each file related to the case? III. Conclusion – include your Expert Opinions about all files examined and whether the owner of the thumbdrive committed any malpractice or criminal offence. IV. References (if applicable) V. Appendix, e.g. photos of the exhibits, photos/sketches of the environment where you seized the exhibits Here are the tools that you may use for conducting the forensics examination: - • AccessData FTK Imager (For conducting data cloning, previewing and recovering of evidence file content). • MD5/SHA1 hash calculator, e.g. MD5/SHA 1 hash extractor, to calculate the hash value of the extracted file. • Other software that could open the relevant file type, e.g. Microsoft office for office type documents, irfanview for graphic type file, Google chrome for chrome history files, winzip for compressed file, etc. ****** Hypothetical Case Scenario Questionnaire Synopsis of Case Is this a case to be investigated by a Private or Public (i.e., law enforcement) organization? Victim(s) Who is/are victim(s)? What happened to victim(s)? Incident What was the incident? When did the incident take place? Where did the incident take place? Who was involved in the incident? Case/Incident Scene What was the case/incident scene? Where was the case/incident scene? Evidence What evidence was collected? How was the evidence collected and turned over to investigators? Suspect(s) Are there any suspects related to this incident? If so, who is/are the suspect(s)? Has/have the suspect(s) been charged? If so, with what case or violation?