What is the nature of the alleged crime, and how does the nature of the crime influence a prospective investigation?

Learning Goal: I’m working on a cyber security report and need an explanation and answer to help me learn.PurposeThe purpose of this project is to provide an opportunity for students
to apply forensic investigation competencies gained throughout this
course.DeliverablesPlease choose ANY THREE PARTS from the following six parts and complete the report for your chosen three parts. Part 1: Preparing for a Forensic InvestigationPart 2: Analyzing an E-mail Archive for an Electronic Discovery InvestigationPart 3: Analyzing Evidence from Mac OS X Part 4: Decoding an FTP Protocol Session for Forensic EvidencePart 5: Identifying and Documenting Evidence from a Forensic InvestigationPart 6: Conducting an Incident Response Investigation for a Suspicious Login WE MUST USE THESE RESOURCESThe following tools and resources will be needed to complete this
project (They are found in the virtual lab access that accompanies the
textbook)Course textbook
Internet access
Computer with ParabenÒ P2 Commander installed
pst (an e-mail archive used in Project Part 2)
Mac OS JSmith.img (a Mac OS X image file used in Project Part 3)
Lab access to labs 8, 9, and 10.
Part 1: Preparing for a Forensic Investigation ScenarioYou are an employee at D&B Investigations, a firm that contracts
with individuals, companies, and government agencies to conduct computer
forensics investigations. D&B employees are expected to observe the
following tenets, which the company views as the foundation for its
success:Give concerted attention to clients’ needs and concerns.
Follow proper procedures and stay informed about legal issues.
Maintain the necessary skill set to apply effective investigative techniques using the latest technologies.
Your manager has just scheduled a meeting with an important
prospective client, and she has asked you to be part of the team that is
preparing for the meeting. The prospective client is Brendan Oliver, a
well-known celebrity. Last night, Mr. Oliver’s public relations team
discovered that someone obtained three photos that were shot on his
smartphone, and tried to sell the photos to the media. Due to the
sensitive nature of the photos, Mr. Oliver and his team have not yet
contacted law enforcement. They would like to know if D&B can
provide any guidance or support related to the investigation—or, at the
very least, if D&B can help them prevent similar incidents from
occurring in the future. At this time, they do not know how the photos
were acquired. The public relations team is wondering if a friend,
family member, or employee could have gained direct access to Mr.
Oliver’s phone and obtained the photos that way, although the phone is
usually locked with a passcode when Mr. Oliver is not using it. In
addition, Mr. Oliver e-mailed the photos to one other person several
months ago; he has not spoken with that person in the last few weeks,
but he does not believe that person would have shared the photos with
anyone else.Your manager plans to use this initial meeting with Mr. Oliver and
his public relations team to establish rapport, learn more about the
case, and demonstrate the firm’s expertise. The company sees this as an
opportunity to build future business, regardless of whether they are
retained to help with the investigation of this case.TasksTo help the team prepare for the meeting, your manager asks you (and
your colleagues) to consider and record your responses the following
questions:What is the nature of the alleged crime, and how does the nature of the crime influence a prospective investigation?
Based on the limited information provided in the scenario, what is
the rationale for launching an investigation that uses computer forensic
activities? Would D&B and/or law enforcement need additional
information in order to determine if they should proceed with an
investigation? Why or why not?
What would you share with the client about how investigators prepare
for and conduct a computer forensics investigation? Identify three to
five key points that are most relevant to this case.
What sources of evidence would investigators likely examine in this case? Provide concrete examples and explain your rationale.
What should the client, investigators, and others do—or not do—to
ensure that evidence could be used in a court of law? Using layman’s
terms, explain laws and legal concepts that should be taken into account
during the collection, analysis, and presentation of evidence.
What questions and concerns do you think the client will have?
What questions should the team ask the client to learn more about the case and determine the next steps?
Part 2: Analyzing an E-mail Archive for an Electronic Discovery InvestigationScenarioD&B is conducting a very large electronic discovery (eDiscovery)
investigation for a major client. This case is so large that dozens of
investigators and analysts are working on specific portions of the
evidence in parallel to save time and improve efficiency.Since this is the first time you will be working on this type of
investigation for D&B, your manager gives you a “test” (a sample
e-mail archive) so she can assess whether you need additional training
before you begin working with the rest of the team on the eDiscovery
case. Your manager tells you that this archive was extracted from a hard
drive image marked “suspect,” but at present nothing more is known
about the user. She expects you to examine the archive and document all
findings that might be of interest to a forensic investigator. She
explains that she will use your report to evaluate your investigation
skills, logic and reasoning abilities, and reporting methods.TasksReview the information about e-mail forensics and the Paraben P2
Commander E-mail Examiner feature in the chapter titled “E-mail
Forensics” in the course textbook.
Using the P2 Commander E-mail Examiner, create a case file, select
Add Evidence, and import the e-mail archive (filename: Outlook.pst). P2
Commander will automatically begin sorting and indexing if you choose
that option.
Search for information about the user; your goal is to learn as much
as possible about who the user is and what he or she has been doing.
You may find evidence in the inbox or other mailboxes. You can use the
software features to help you keep track of the evidence you identify,
for instance, by bookmarking sections of interest and exporting
attachments.
Write a report in which you:
Document your investigation methods.
Document your findings. Explain what you found that may be of
interest to a forensic investigator, and provide your rationale for
including each selection.
Part 3: Analyzing Evidence from Mac OS XScenarioTwo weeks ago, D&B Investigations was hired to conduct an
incident response for a major oil company in North Dakota. The company’s
senior management had reason to suspect that one or more company
employees were looking to commit corporate espionage. The incident
response team went on-site, began monitoring the network, and isolated
several suspects. They captured forensic images from the machines the
suspects used. Now, your team leader has asked you to examine a forensic
image captured from a suspect’s computer, which runs the Mac OS X
operating system. The suspect’s name is John Smith, and he is one of the
company’s research engineers.TasksReview the information on the Mac OS X file structure provided in
the chapter titled “Macintosh Forensics” in the course textbook.
Using Paraben P2 Commander, create a case file and add the image the
incident response team captured (filename: Mac OS JSmith.img).
Sort and review the various directories within the Mac OS X image.
Look for evidence or indicators that John Smith was or was not
committing corporate espionage. This may include direct evidence that
John Smith took corporate property, as well as indirect evidence or
indicators about who the suspect is and what his activities were during
work hours. You can use the software features to help you keep track of
the evidence you identify, for instance, by bookmarking sections of
interest and exporting files.
Write a report in which you:
Document your investigation methods.
Document your findings. Explain what you found that may be relevant
to the case, and provide your rationale for each item you have
identified as an indicator or evidence that John Smith was or was not
committing corporate espionage.
Analyze the potential implications of these findings for the company and for a legal case.
Part 4: Decoding an FTP Protocol Session for Forensic EvidenceAll tools and instructions to complete this part are found in LAB 8
as part of the virtual lab access that accompanies the textbook.In this lab, you will use two very powerful forensic analysis tools,
Wireshark and NetWitness Investigator, to examine the same File Transfer
Protocol (FTP) traffic capture file, and compare the results of each.
FTP is a protocol that is used extensively in business and social
communications as a means to move files between a host and a client.
Just about every time you download something from an internet site, you
are using a version of FTP to manage the process. It is the
most-frequently used file transfer tool, but it is vulnerable. You will
explore the protocol capture file to see how FTP’s cleartext
transmission can endanger an organization.Upon completing this lab, you will be able to:Perform forensic protocol analysis on an FTP protocol capture file using Wireshark and NetWitness Investigator
Examine evidence of client and server FTP communications at the protocol level
Identify FTP login credentials as part of a forensic investigation
Identify FTP client/server TCP/IP communications and dialogue
Compare Wireshark and NetWitness Investigator as a forensic analysis tool for protocol analysis
Please complete Sections 1 and 2 of this lab (excluding lab quiz), and submit the lab report on Canvas.SECTION 1 of this lab has two parts which should be completed in the order specified.In the first part of the lab, you will use Wireshark to examine a protocol capture file and identify the specifics of an FTP
In the second part of the lab, you will use NetWitness Investigator
to examine that same protocol capture file and identify further
specifics of an FTP
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with
less guidance and different deliverables, as well as some expanded
tasks and alternative methods. You will generate your own protocol
capture file for examination.Part 5: Identifying and Documenting Evidence from a Forensic InvestigationAll tools and instructions to complete this part are found in LAB 9
as part of the virtual lab access that accompanies the textbook.In this lab, you will explore the forensic capabilities of P2
Commander by using the sorting and search features to identify evidence.
You will create bookmarks for the evidence you find to make it easier
to locate them later. You will create an evidentiary report that can be
used in a court of law, and a MD5 hash code for the report.Upon completing this lab, you will be able to perform the following:Discuss proper documentation requirements and the chain of custody for a forensic investigation
Use P2 Commander to search for potential evidence in a forensic case file
Bookmark evidence in a forensic case file
Generate an evidentiary report from P2 Commander that can be submitted in a court of law
Generate an MD5 hash file for evidentiary reports generated by P2 Commander
Please complete Sections 1 and 2 of this lab (excluding lab quiz), and submit the lab report on Canvas.SECTION 1 of this lab has two parts which should be completed in the order specified.In the first part of this lab, you will create and sort a new case file using P2 Commander.
In the second part of this lab, you will identify relevant evidence and generate an investigative report from P2
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with
less guidance and different deliverables, as well as some expanded
tasks and alternative methods. You will identify and document evidence
from a different drive image.Part 6: Conducting an Incident Response Investigation for a Suspicious LoginAll tools and instructions to complete this part are found in LAB 10
as part of the virtual lab access that accompanies the textbook.In this lab, you will use NetWitness Investigator to analyze the
network traffic to identify a suspect’s login credentials from an FTP
packet trace. You will also use P2 Commander to analyze the digital
portion of a forensic image and locate the transferred file on the
suspect’s own evidence drive. You will export the suspect files, add
bookmarks in the Case Log, and create a report to detail your findings.Upon completing this lab, you will be able to:Identify suspect login credentials from an FTP packet trace
Evaluate information that would be useful to an attacker who has infiltrated the network
Analyze the digital portion of a forensic investigation and link the two pieces of evidence together to solidify your case
Bookmark and export suspect data
Create a report detailing findings based on automated reporting of
evidence related to a suspect’s email communications, identified email
attachments, and the protocol capture of the FTP session
Please complete Sections 1 and 2 of this lab (excluding lab quiz), and submit the lab report on Canvas.SECTION 1 of this lab has four parts which should be completed in the order specified.In the first part of the lab, you will use NetWitness Investigator
to examine a protocol capture file and find specific information needed
to complete the deliverables for this lab.
In the second part of this lab, you will create and sort a new case file using P2 Commander.
In the third part of the lab, you will use P2 Commander to perform a
forensic image investigation and explore a suspect user’s email account
for
In the fourth part of the lab, you will use P2 Commander to generate an evidentiary report of a suspect’s email
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with
less guidance and different deliverables, as well as some expanded
tasks and alternative methods. You will also add screen captures from a
Netwitness Investigator report to your P2 Commander case file. Submission RequirementsFormat: Microsoft Word
Font: Arial, 12-Point, Double-Space
Citation Style: APA
Length: Each part should have 3–4 pages. So overall report should be
9-12 pages (excluding title page, table of contents, and bibliography).
Remember: Please choose ONLY THREE PARTS out of six parts listed in this document.
Requirements: 10 Pages

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more