Digital Forensics

  

Digital forensics involves processing data from many different types of devices, ranging from desktops to laptops, tablets to smartphones, servers to cloud storage, and even devices embedded in automobiles and aircraft. In this project, you will focus on the architecture and imaging of desktop and laptop computers. You will be working in a virtual machine (VM) to image and verify the contents of the following:

  • a USB stick
  • the random access memory (RAM) and      swap space of a live computer
  • a networked computer hard drive

There are seven steps in this project. In the first step, you will review a technical manual containing information about where data of forensic value is typically found inside digital devices. The next two steps will guide you through the process of imaging a USB stick with both Linux and Windows tools. The next step will pose several questions that frequently come up in cases similar to this scenario. In the next step, you will be back to collecting forensic evidence; this time you will be imaging the RAM (memory) and swap space of a live, running computer. In the next step, you will image a computer’s hard drive over the network. In the final step, you will compile all lab notes and reports into one comprehensive report. The final assignment in this project is a forensic imaging lab report that can be presented in a court of law.

Before you can begin imaging the USB drive provided by your supervisor, you need to review your technical manual in order to prepare a memo to give to your company’s legal team. Are you ready to get started?

S1

Before you have a chance to begin the imaging process, your supervisor calls to tell you that the organization’s legal team has been asking questions about types, sources, and collection of digital information. Team members have also asked about file formats. Your supervisor asks you to prepare a brief explanatory memo. You use the department’s technical manual to compose your memo on finding valuable forensic information and storing digital evidence. You also review image verification using hashing, an important component of digital forensics. 

For the first step in this project, prepare a memo (one to two pages in length following this format) in plain language that summarizes where valuable digital forensic information resides in the device, as well as collection and storage options. The devices to be addressed are USB sticks, RAM and swap space, and operating system hard disks. You will need to research and cite reference sources for each answer contained your memo (e.g., NIST) For each electronic media device described, include a short description of the following:  

  • identify the digital media device      examined 
  • types of data that can be found      there 
  • reasons why the data has potential      value to an investigation in general, and for this case in      particular 
  • list the possible digital evidence      storage formats (raw, E01 (ewf), and AFF) and describe the advantages and      disadvantages of each format, and  
  • how digital forensic images are      collected (local and remote, memory and disk) and verified.  

Your memo will be included in the final forensic imaging lab report. 

 In the first step in this project, you reviewed technical information and imaging procedures and briefed your legal team on digital forensic basics. Now, it’s time to move forward with the investigation. 

The USB stick may contain intellectual property that you can use to prove the suspect’s guilt, or at least establish intent. Security personnel recovered the stick from the suspect’s desk drawer the night before. You take possession of the stick, recording the physical exchange on the chain-of-custody document prepared by the security officers.  

Your team’s policy is, when practical, to use multiple tools when conducting digital forensic investigations, so you decide to image the USB stick using both Linux and Windows tools. 

To get started, review the lab instructions in the box below, as well as methods of acquisition. Then go to the virtual lab to set up your evidence drive and proceed to enable write protection, sterilize the target media, perform a static acquisition of Linux data, and verify the USB stick on the sterilized media using Linux tools in preparation for the report and notes requested by your supervisor. 

Windows Tools

After imaging the USB drive with Linux in the previous step, your next step is to image the USB drive again, this time using Windows tools. Review the lab instructions in the box below, and then go to the virtual lab. When you complete the activity, review your lab notes and report for accuracy and completeness; they will be included in your final forensic imaging lab report in the final step.

n previous steps, you imaged the USB drive using Linux and Windows tools. In this step, you will create a legal memorandum that responds to pointed questions from your organization’s legal team. The legal team has been involved in cybercrime cases before, but team members want to make sure they are prepared for possible legal challenges. They have requested very specific information about imaging procedures based upon your review of reference sources in the field.

Research sources on digital forensics imaging and mounting procedures before writing your response. Then review Set Up Your Evidence Drive, Hash Functions, Imaging Programs, and Image Verification With Hashing as needed.

Questions from the legal team:

1. Assuming that this is a criminal case that will be heard in a court of law, which hashing algorithm will you use and why?

2. What if the hash of your original does not match your forensic copy? What kinds of issues could that create? What could cause this situation?

3. What if your OS automatically mounts your flash drive prior to creating your forensic duplicate? What kinds of problems could that create?

4. How will you be able to prove that your OS did not automatically mount your flash drive and change its contents prior to the creation of the forensic copy?

The legal team would like you to respond in the form of a brief memo (one to two pages following this format) written in plain, simple English. The memo will be included as an attachment to your final forensic imaging lab report in the final step, so review it carefully for accuracy and completeness.

You are hoping that you will be able to access the suspect’s local computer next.

n the previous step, you addressed the concerns of your company’s legal team. While you were doing so, the suspect’s afternoon training session started, so now you can move to the next stage of your investigation.

Your organization’s IT department backs up the hard drives of HQ computers on a regular basis, so you are interested only in the suspect’s RAM (referred to as volatile data storage) and swap space. The RAM and swap space may reveal programs used to hide or transmit intellectual property, in addition to the intellectual property itself (past or current). You have a four-hour window to acquire the RAM and swap space of his live computer. When you arrive at the suspect’s office, the computer is running, but locked. Fortunately, the company IT department has provided you with the administrator password, so you log on to the system. Review the lab instructions in the box below, and then go to the virtual lab. Follow the steps required to acquire and analyze the RAM and swap space and perform imaging of a live computer.

In the previous step, you acquired and analyzed the RAM and swap space from the suspect’s live, local computer. In this step, you perform a similar analysis on his networked, off-site computer. Take a minute to consider forensic evidence in networks.

Your supervisor confirms that the suspect’s remote office is closed for the weekend, so you are free to image his computer via the network to store the digital evidence. The remote computer is locked, but the company IT department has provided an administrator password for your investigation. Using your forensic workstation at headquarters, you log on to the remote system.

If the image were going to pass unencrypted over an untrusted network (such as the internet), you’d would want to conduct the transfer over SSH, but since you’re on the company network and connecting to the remote office via a VPN, you can use the dd command to transfer a copy of the remote hard drive to your local workstation using the netcat tool.

Review the lab instructions in the box below, and then go to the virtual lab. Follow the steps required to image the computer over the network.

Provide any information related to the issue that you are experiencing and attach any screenshot that you may be able to produce related to the issue.

Review your lab notes and report carefully for accuracy and completeness; they will be included in your final forensic imaging lab report.

Phew! You have conducted an exhaustive investigation of all the suspect’s computer devices in this possible “insider cyber-crime.” In the process, you have written up lab notes and four reports, as well as providing responses to questions from your legal team. The last step in the investigative process is to combine the information that you’ve gathered into a single forensic report that can be presented in a court of law.

Step 7

Now that you’ve completed the necessary acquisition and imaging tasks, you’re ready to compile all your reports and lab notes into a single forensic imaging lab report that you will submit to your supervisor. Your supervisor reminds you that your report may be presented in a court case, so it needs to meet legal requirements. The report should include the following sections:

1. One- to two-page memo addressing the types, sources, collection of digital information, as well as file formats

2. Imaging of a USB drive using Linux tools (lab notes, report)

3. Imaging of a USB drive using Windows tools (lab notes, report)

4. One- to two-page memo responding to questions about imaging procedures

5. RAM and swap acquisition—live, local computer (lab notes, report)

6. Forensic imaging over a network (lab notes, report)

Submit your forensic imaging lab report to your supervisor (instructor) for evaluation

history reflection paper

 

Most ancient societies are patriarchal.  However, if you overlook the role of women in these civilizations, you miss a major piece of the puzzle when trying to understand what life was like in the past.   Read the (2) articles in Week 2 of Content titled Women in Ancient Egypt and Ancient Egyptian Doctor and include a response to the following in your Reflection Paper:

  • What freedoms and choices did Egyptian women have in their lives?  What was surprising for you to discover?
  • What was surprising to you concerning the role of women in the fields of medicine and healing?
  • How does this compare to the freedoms and opportunities of women in the workplace today? Where are conditions of equality favorable for women in the workplace, where is equality limited today?  Discuss at least 2 specific current situations, with evidenced support, involving gender in the workplace today. 
  • Begin with the articles provided and research these topics further on your own. 
  • Provide specific examples to support your points and conclusions – minimum 450 words.
  • Use and cite 3 outside sources using MLA formatting.

Cloud Computing

 

You are the CIO of ABC Corp a government contracting corporation that prioritizes security. You are tasked with moving the development team’s resources to the cloud. You need to provide a report to top leadership justifying the type of cloud solution that would be appropriate for this move. Provide the following in your report.

  1. Describe the MOST appropriate cloud service and research justification of its appropriateness.
  2. Select a Cloud Deployment model and research justification of its appropriateness.
  3. What are some of the pros and cons of both the cloud service and model you selected?

Paper should be in APA format, with at least two scholarly resources, and at least 1000 words.

Artificial intelligence

 Research Paper
This paper will follow the traditional format of a college level research paper. Double spaced, APA citations. 

A traditional 5 page research paper (2000 words) 

Research Paper topic: How does artificial intelligence affect unemployment.

Thesis statement : Within the next decade, artificial intelligence will replace human employees in the workplace.  

Must use 5 quality sources. 2 must be from academic journals. 

Application security Procedure guide

  

Scenario

Always Fresh wants to ensure its computers comply with a standard security baseline and are regularly scanned for vulnerabilities. You choose to use the Microsoft Security Compliance Toolkit to assess the basic security for all of your Windows computers, and use OpenVAS to perform vulnerability scans.

Tasks

Develop a procedure guide to ensure that a computer adheres to a standard security baseline and has no known vulnerabilities.

For each application, fill in details for the following general steps:

1. Acquire and install the application.

2. Scan computers.

3. Review scan results.

4. Identify issues you need to address.

5. Document the steps to address each issue.

Submission Requirements

§ Format: Microsoft Word (or compatible)

§ Font: Times New Roman, size 12, double-space

§ Citation Style: APA

§ Length: 2 pages