It is time to put all of the pieces of a digital forensic investigation together. You will use the captured file system, memory, and network data to perform a digital investigation. Identify and recover any subverted, “deleted,” and/or intentionally hidden information. You will then document your findings using the approved “Forensic Examination of Digital Evidence: A Guide for Law Enforcement” reporting format, located in the Topic Materials. There is no minimum length for your report, but make sure that you are thorough in your investigation.
Using a GCU-approved virtualization platform and SANS SIFT VM, perform the following;
- Download the case files provided by the instructor for your final project. Read the report from law enforcement included with the evidence.
- Analyze each of the various data types using industry-accepted digital forensics tools, identifying any forensic artifacts left by the suspect.
- Document all of the evidence that you collect. There might be hidden evidence to recover, so don’t overlook the obvious.
- Maintain a chain of custody form for each type of digital evidence that you examine; include these forms in your final report as appendices.
- Report your findings of the digital forensics investigation. As this is part of an ongoing criminal case, you need to provide your step-by-step process from your investigator notes. Include only the facts, not recommendations or personal thoughts.
- Bonus question: what is the balance of the suspect’s bank account?
This assignment requires the use of the following resources, located in the Student Success Center:
Digital Forensics: ITT-375 Topic 8 Assignment: Law Enforcement Report
Digital Forensics: ITT-375 Topic 8 Assignment: Final Files
https://www.ojp.gov/pdffiles1/nij/199408.pdf
0 comments