Professional Documents
Culture Documents
Finalproject
Finalproject
Contents
Abstract ......................................................................................................................................................... 3
Background to the Case ................................................................................................................................ 4
Questions Asked Relevant to the Case ......................................................................................................... 4
Search and seizer and transport of evidence ................................................................................................. 4
Exhibits Submitted for Analysis ............................................................................................................... 4
Further Questions Relevant to the Case .................................................................................................... 4
Chain of Custody ...................................................................................................................................... 4
Evidence to Search For ................................................................................................................................. 5
List of Criminal Offence ............................................................................................................................... 5
Files of Value to the Case & Examination Details ....................................................................................... 5
Corporate Breach .......................................................................................................................................... 6
Analysis Results ............................................................................................................................................ 6
Conclusion .................................................................................................................................................... 8
Generated Material........................................................................................................................................ 9
References ................................................................................................................................................... 10
3
DIGITAL FORENSIC REPORT
Abstract
“The purpose of digital forensics is to answer investigative or legal questions to prove or
disprove a court case. To ensure that innocent parties are not convicted and that guilty parties are
convicted” (n.d). This paper serves as the expert report provided by me, the digital forensic
investigator. In the case, company confidential information has been released to a competing
company. The confidential spreadsheet was created by a company employee, Jean. Jean claims
that the spreadsheet was requested by the company president, Alison, whereas Alison claims to
not know what Jean is talking about. The question lies on how this information left Jean’s
computer and whether Jean is guilty. As a forensic investigator, I have collected and analyzed
data in the case and produced the following report to present my findings and recommendations.
4
DIGITAL FORENSIC REPORT
Chain of Custody
Item Date/Time Released By Received By Comments/Location
#
1. 7/21/2008 Jean Jones Security Collected and stored to be
6:00am analyzed. Stored at M57.biz HQ
in a locked cabinet
2 7/21/2008 Security Security Security created an imaged
8:00am evidence file of Jean’s computer
2. 7/21/2008 Security Jessica Romio Security transferred the imaged
12:00pm file to Jessica to be analyzed
5
DIGITAL FORENSIC REPORT
The timeline begins with an email from Alison telling Jean not to send her emails with links in
them on 7/6/2008. Shortly after the email is sent, Alison sends Jean an email with links in it, to
which Jean responds that she thought she didn’t want her sending any links. About a week after,
Jean emails Alison whether she should be emailing her at the alex@m57.biz email or the
alison@m57.biz email, this creates confusion for Jean as she receives responses from both
6
DIGITAL FORENSIC REPORT
emails. On 7/19/2008 at 4:32pm, Jean receives an email from who she believes is Alison because
the name displays as “alison@m57.biz” however the email is from “tuckgeorge@gmail.com”.
This email requests that Jean sends a background check of their current employees. Jean does not
initially respond, and the email once again asks for the file a few hours later. On 7/19/2008 at
6:29pm, Jean responds to tuckgeorge@gmail.com, who she believes to be Alison, with the
confidential spreadsheet.
Corporate Breach
It has been concluded that Jean did commit a corporate breach and violated company policy by
sending out a confidential email with the personal information of employees, outside of the
company. However, I do not believe this was done intentionally. Based off of the emails between
Jean and Alison and someone posing to be Alison, it can be determined that Jean was the victim
of a targeted phishing attack.
Analysis Results
I used FTK Imager for my analysis of Jean’s evidence files. After loading the evidence file into
FTK Imager, the first thing I did was verify the hash to ensure the integrity of the files.
Once the file was located, I began searching for any evidence of communication to another
individual to identify when the file was sent out. I was able to locate the .pst file within Jean’s
computer image and I exported the Outlook items and opened them within Outlook.
7
DIGITAL FORENSIC REPORT
The following image shows when a spoofed email account, posing as Alison, asked for the
spreadsheet.
The following image shows exactly when Jean sent the email to who she thought was Alison.
8
DIGITAL FORENSIC REPORT
Lastly, the following email came from Alison’s actual account and shows that she was confused
and did not request any type of confidential spreadsheet.
Conclusion
• I was able to recover all the data relevant to the investigation and maintain the integrity of
the data by verifying the hash values.
• I was able to read through all the email files using Microsoft Outlook to see the dates and
times of the mail, as well as who it was sent to
• I was able to conclude that there was evidence of the confidential spreadsheet on Jean’s
computer at 7/20/2008 1:28am.
• The digital evidence does not lead me to believe that the leak of the file was done
intentionally. I believe that Jean was targeted in a phishing attack and she unknowingly
send the information outside of the company, believing it was being sent to the company
president, Alison.
9
DIGITAL FORENSIC REPORT
• This explains why Jean believes she was innocent and claimed that Alison requested the
file, it also explains Alison’s confusion as she did not know what Jean was talking about
since someone was acting as her to gain information from Jean.
• I would recommend that M57, as a company, employs better security training to ensure
phishing attacks do not occur. Firewalls and additional security systems would also help
to block attacks like phishing, as well as spam and malware.
Generated Material
• Microsoft Word document of Digital Forensic Report and Findings
• Evidence found on exhibits
10
DIGITAL FORENSIC REPORT
References
Forensic Analysis and Examination Planning. (n.d.). Retrieved June 21, 2020, from
https://resources.infosecinstitute.com/category/computerforensics/introduction/areas-of-
study/forensic-science/forensic-analysis-and-examination-planning/