This project will provide an introduction to digital forensic analysis.

Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step.

There are four steps that will lead you through this project. Begin with Step 1: “Methodology. The deliverables for this project are as follows:

1. Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.

The operating system (OS) of an information system contains the software that executes the critical functions of the information system. The OS manages the computer’s memory, processes, and all of its software and hardware. It allows different programs to run simultaneously and access the computer’s memory, central processing unit, and storage.

The OS coordinates all of these activities and ensures that sufficient resources are allocated. These are the fundamental processes of the information system, and if they are violated by a security breach or exploited vulnerability, that could have a significant impact on the organization.

Security for operating systems means protecting the OS components from attacks that could cause deletion, modification, or destruction of the operating system. Threats to an OS could include a breach of confidential information, unauthorized modification of data, or unauthorized destruction of data.

It is the job of the cybersecurity engineer to understand the operations and vulnerabilities of the OS (for any type of OS), and to provide mitigation, remediation, and defense against threats that would expose those vulnerabilities or attack the OS.

As you assess your company’s systems, you will likely uncover gaps and errors. These may reveal mistakes that people at the company have made which might embarrass or anger those involved. However, the trust placed in you means that you have a responsibility to report your findings fully and accurately so that you can reduce or eliminate the risk of future unauthorized access. So be fair and follow industry standards, but have the courage to be a force for positive change in your company’s cybersecurity efforts.

There are six steps that will help you create your final deliverables. The deliverables for this project are as follows:

1. Security Assessment Report (SAR): This report should be a seven- to eight-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
2. Nontechnical presentation: This is a set of eight to 10 PowerPoint slides for upper management that summarizes your thoughts regarding the findings in your SAR.
3. In a Word document, share your lab experience and provide screenshots to demonstrate that you performed the lab.

Step 1: Methodology

The methodology for digital forensics follows a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation:

• secure programming fundamentals
• forensics fundamentals

Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology and the phases of the digital forensics fundamentals and methodology, including the following:

1. preparation
2. extraction
3. identification
4. analysis

This information will help you understand the process you will use during an investigation.

PROFESSIONALS IN THE FIELD

Digital forensics is a specialized area of cybersecurity that overlaps with criminal law and the judicial system. As mentioned in a previous project, knowledge of multiple domains is often a desirable or even necessary bona fide job qualification. For instance, knowing and applying the best practices for setting up secure information systems does not necessarily mean that the system, processes, and people will align in a way that allows for the gathering of criminal evidence admissible in a court of law. That alignment requires knowledge in multiple domains. Could that be you? 

Step 2: Tools and Techniques

Select the following links to learn about forensics analysis tools, methods, and techniques:

1. forensics analysis tools
2. web log and session analysis
3. hash analysis

Step 3: Explore Forensic Tools

This hands-on lab will introduce you to FTK Imager, a forensics tool. You will use your lab findings in the last step when you compile your research paper.

COMPLETE THIS LAB

RESOURCES

• Accessing the Virtual Lab Environment: Navigating UMGC Virtual Labs and Lab Setup
• Self-Help Guide (Workspace): Getting Started and Troubleshooting
• Link to the Virtual Lab Environment: https://vdi.umgc.edu/

LAB INSTRUCTIONS

• Digital Forensics Lab (Introduction to FTK Imager)

GETTING HELP

To obtain lab assistance, fill out the support request form.

Make sure you fill out the fields on the form as shown below:

• Case Type: UMGC Virtual Labs Support
• Customer Type: Student (Note: faculty should choose Staff/Faculty)
• SubType: ELM-Cyber (CST/DFC/CBR/CYB)
• SubType Detail: Pick the category that best fits the issue you are experiencing
• Email: The email that you currently use for classroom communications

In the form’s description box, provide information about the issue. Include details such as steps taken, system responses, and add screenshots or supporting documents.

Step 4: Digital Forensics Research Paper

Now that you have learned the basics of digital forensics analysis and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you have conducted outside of the course materials to write a research paper that addresses the following:

1. digital forensics methodology
2. the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
3. hashing in the context of digital forensics
4. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in court?

The deliverables for this project are as follows:

1. Digital Forensics Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
2. In a Word document, share your lab experience and provide screenshots to demonstrate that you completed the lab.

Submit your deliverables to the assignment folder.

CHECK YOUR EVALUATION CRITERIA

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 5.3: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
• 8.6: Provides professional preparation for computer digital forensics, investigation of crime, and preservation of digital evidence in criminal and civil investigations and information security incident response.
• 8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.