Assessment of Digital Investigations

An important consideration in the provision of security is the ability of the organisation to respond to a security incident. The responses that may be taken by an organisation are varied and dictated by the nature of the incident. Incident response strategies available to the organisation include updating or deploying countermeasures, development of specific security policies, user training and digital investigations that lead to prosecution.

Individually, you are required to demonstrate the digital investigation techniques that would employed in response to a security incident. This is to be achieved by investigating a suspected case of Intellectual Property theft. The results of this activity, detailed below, are to be submitted in a report via Blackboard.

Details of tasks

Part 1. Ongoing investigation. A suspected case of data theft has been identified. The suspect, Dr John Haggerty, has been suspended whilst a security investigation takes place. During the investigation, a flash memory device has been recovered that may hold evidence relevant to the case. The flash memory device has been imaged using forensic software. This image has been placed on Blackboard for you to download and analyse. You are to investigate the contents of the image using the tools and techniques introduced to you during the module to determine the relevance of the evidence that the image may contain in relation to the suspected case of data theft. Your report should include an overview of your methodology and the programs that you used for conducting the investigation. You should present all your findings and supporting evidence in the report, for example, presenting key forensic artefacts retrieved from the image, such as file ownership details, network data, or email relational networks, and their significance to the case. You will also present a discussion on how the investigation may be further developed taking into account technical, legal and ethical considerations.

This section of your final report will be assessed on the following:

  1. The methodology.
  2. The findings detailed in the report.
  3. The supporting evidence that you provide.
  4. Recommendations to develop the investigation further taking into account relevant technical, legal and ethical considerations.

To undertake the investigation, make use of tools and techniques that you have been introduced to in lectures, tutorials and lab sessions, such as the Forensics Toolkit, Autopsy, X-Ways Forensics, Pajek and other freely available tools from the Internet (such as SamSpade, whois or traceroute).

Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.