Length: Maximum of 4 A4 pages in total.
Task: This assessable workshop is designed to get you thinking about how you may approach the case study assignment. Using the case study outline, your task is to prepare a plan (using Microsoft Word) that describes your understanding, method and intentions for undertaking the actual investigation. Remember, at this point in time (your hypothetical) line manager has not yet approved you to commence the investigation. Hence, you are outlining all the facts to obtain formal permission to proceed with the investigation.
|Evidence of appropriate grammar, punctuation and proof-reading?||/2|
|Intended processes are communicated effectively?||/8|
|Chosen, method and processes are appropriate for case study under investigation?||/8|
|Plan is professionally formatted?||/2|
In the state of Western Australia it is illegal to access, own or distribute digital content relating to ‘cats’. Jane, the network administrator for the Daily Planet was reviewing network traffic logs when she noticed that an employee may have been accessing digital content relating to cats. The network administrator informed their line manager (Ash), and Ash notified the police. A junior police officer attended the company’s premises and assessed the network traffic logs, confirming that there is a high probability that digital content relating to cats had been accessed via a computer owned by an individual named Clark. Police obtained the necessary documents and seized the equipment relating to the allegation.
The suspect Clark was formally interviewed and denied accessing any content relating to cats. To date, Clark does not have a criminal record. Paul Ekman was coincidentally onsite during the interview, and was asked to examine the video of the interview. Paul made a statement suggesting that Clark’s micro facial expressions didn’t quite “add up”. Clark was interviewed again, but this time used the malware defence. Paul Ekman and the forensic investigators concluded that “something wasn’t quite right”, and they concluded that this would be a suitable challenge for you, the new recruit within the department.
You have been assigned the task of examining a “forensic image” of the suspect’s laptop which was seized with the appropriate warrants and imaged using forensically sound practices. At this point in time, there is insufficient evidence to make any generalisations or conclusions regarding the case. The network logs conclusively suggest that Clark’s computer was used to access the illegal content.
Unfortunately, the junior forensic investigator who obtained a “forensic image” of the computer only performed a logical acquisition. To make matters worse, the junior investigator accidently, securely wipe the laptop’s entire hard drive. Fortunately, the logical acquisition was undertaken in a forensically sound manner and can still be used within the investigation. The MD5 hash of the forensic image is “044288459e2fd193e446eec8de0acdd9”.
For solution, connect with our online professional.