SlideShare a Scribd company logo

8 Final Project Milestone Two Draft of MemoTo complete this

Download as DOCX, PDF
R
rhetttrevannion

8 Final Project Milestone Two: Draft of Memo To complete this assignment, review the prompt and grading rubric in the Milestone Two Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback. ISE 640 Milestone Two Guidelines and Rubric  Overview: The milestone assignments in this course directly support you in the second final project, a memo. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment.  This is Milestone Two, a draft of Final Project Two: Memo. The final product will be submitted in Module Ten.  Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be focusing on details of the investigation: resources needed, methods, and findings. Remember that the forensic notes provided to you may assist you in addressing the critical elements.  Specifically, the following critical elements must be addressed:    I. Key Details: Describe how the results from the forensic investigation assisted you with resolving the incident and identifying security impacts.    II. Implications for Legal Action: Describe the accuracy, validity, and defensibility of the investigative steps that were taken.     III. Audience Appropriate: Your entire internal memo should employ brevity and consumable language while presenting the necessary information.  Rubric Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 3 to 4 double-spaced pages using 12-point Times New Roman font and one-inch margins. You should use current APA style guidelines for your citations and reference list.                              ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project.  Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings.  Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million do ...

Education
1 of 6
8 Final Project Milestone Two: Draft of Memo To complete this assignment, review the prompt and grading rubric in the Milestone Two Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback. ISE 640 Milestone Two Guidelines and Rubric Overview: The milestone assignments in this course directly support you in the second final project, a memo. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. This is Milestone Two, a draft of Final Project Two: Memo. The final product will be submitted in Module Ten. Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be focusing on details of the investigation: resources needed, methods, and findings. Remember that the forensic notes provided to you may assist you in addressing the critical elements.
Specifically, the following critical elements must be addressed: I. Key Details: Describe how the results from the forensic investigation assisted you with resolving the incident and identifying security impacts. II. Implications for Legal Action: Describe the accuracy, validity, and defensibility of the investigative steps that were taken. III. Audience Appropriate: Your entire internal memo should employ brevity and consumable language while presenting the necessary information. Rubric Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 3 to 4 double-spaced pages using 12-point Times New Roman font and one-inch margins. You should use current APA style guidelines for your citations and reference list. ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project. Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and
going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high- quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address
associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls
and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. The following notes were provided by the Forensic Team: Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: Western Digital Hard Drive 500 GB with serial number duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. CHAT (AOL Instant Messenger): Several chat conversations
were recovered containing information about possession of proprietary documents. SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.

Recommended

Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisalisondakintxt
 
Please i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindPlease i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindtaminklsperaw
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
Throughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative jouThroughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative joumarilynnhoare
 
The Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxThe Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxmehek4
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISSURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISIJNSA Journal
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxedmondpburgess27164
 

Recommended

Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisalisondakintxt
 
Please i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindPlease i need this paper in 6 hours. if you can make it happen, kind
Please i need this paper in 6 hours. if you can make it happen, kindtaminklsperaw
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
Throughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative jouThroughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative joumarilynnhoare
 
The Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxThe Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxmehek4
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISSURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISIJNSA Journal
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxedmondpburgess27164
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptxSachinGosavi15
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Latest presentation
Latest presentationLatest presentation
Latest presentationAdetunji Adeoje
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data DiscoverySigma Infosolutions, LLC
 
Cyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfCyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfshyamv3005
 
Cyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfCyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfamallblitz0
 
cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..mohammadbinshad332
 
Cyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz AcademyCyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz Academytrashbin306
 
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"sharinblitz
 
Surviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalSurviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalAubrey Owens
 
Ediscovery 101
Ediscovery 101Ediscovery 101
Ediscovery 101Catherine A. Casey (CEDS)
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 
Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxrhetttrevannion
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxrhetttrevannion
 

More Related Content

Similar to 8 Final Project Milestone Two Draft of MemoTo complete this

Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat ForensicsIJSRD
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptxSachinGosavi15
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Toolsijtsrd
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyFiroze Hussain
 
Cyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfCyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfshyamv3005
 
Cyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfCyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfamallblitz0
 
cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..mohammadbinshad332
 
Cyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz AcademyCyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz Academytrashbin306
 
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"sharinblitz
 
Surviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalSurviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalAubrey Owens
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 

Similar to 8 Final Project Milestone Two Draft of MemoTo complete this (20)

Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 Virtual
 
Internet Relay Chat Forensics
Internet Relay Chat ForensicsInternet Relay Chat Forensics
Internet Relay Chat Forensics
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
 
Cyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th JulyCyber Security Isaca Bglr Presentation 24th July
Cyber Security Isaca Bglr Presentation 24th July
 
Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data Discovery
 
Cyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfCyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdf
 
Cyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfCyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdf
 
cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..
 
Cyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz AcademyCyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz Academy
 
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
 
Surviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The ParalegalSurviving Technology 2009 & The Paralegal
Surviving Technology 2009 & The Paralegal
 
Ediscovery 101
Ediscovery 101Ediscovery 101
Ediscovery 101
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
 

More from rhetttrevannion

Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxrhetttrevannion
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxrhetttrevannion
 
Discuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docxDiscuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docxrhetttrevannion
 
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docxDiscuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docxrhetttrevannion
 
Discuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docxDiscuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docxrhetttrevannion
 
Discuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docxDiscuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docxrhetttrevannion
 
Discuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docxDiscuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docxrhetttrevannion
 
Discuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docxDiscuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docxrhetttrevannion
 
discuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docxdiscuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docxrhetttrevannion
 
Discuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docxDiscuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docxrhetttrevannion
 
Discuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docxDiscuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docxrhetttrevannion
 
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docxDiscuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docxrhetttrevannion
 
Discuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docxDiscuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docxrhetttrevannion
 
Discuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docxDiscuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docxrhetttrevannion
 
Discuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docxDiscuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docxrhetttrevannion
 
Discuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docxDiscuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docxrhetttrevannion
 
Discuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docxDiscuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docxrhetttrevannion
 
Discuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docxDiscuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docxrhetttrevannion
 
Discuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docxDiscuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docxrhetttrevannion
 
Discuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docxDiscuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docxrhetttrevannion
 

More from rhetttrevannion (20)

Discuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docxDiscuss three (3) ways that large organizations are increasingly eng.docx
Discuss three (3) ways that large organizations are increasingly eng.docx
 
Discuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docxDiscuss this week’s objectives with your team sharing related rese.docx
Discuss this week’s objectives with your team sharing related rese.docx
 
Discuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docxDiscuss theoretical considerations or assumptions relevant to yo.docx
Discuss theoretical considerations or assumptions relevant to yo.docx
 
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docxDiscuss theprinciple events of PROCESS AND THREAD used in both t.docx
Discuss theprinciple events of PROCESS AND THREAD used in both t.docx
 
Discuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docxDiscuss the Windows Registry System Hive1) What information.docx
Discuss the Windows Registry System Hive1) What information.docx
 
Discuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docxDiscuss the way the idea of heroism develops from Gilgamesh th.docx
Discuss the way the idea of heroism develops from Gilgamesh th.docx
 
Discuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docxDiscuss the ways in which the history of the U.S. was presented in t.docx
Discuss the ways in which the history of the U.S. was presented in t.docx
 
Discuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docxDiscuss the value of Lean Systems Engineering to systems develop.docx
Discuss the value of Lean Systems Engineering to systems develop.docx
 
discuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docxdiscuss the various pathways interest groups use to influence politi.docx
discuss the various pathways interest groups use to influence politi.docx
 
Discuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docxDiscuss the various tools and techniques used by an HCO to incre.docx
Discuss the various tools and techniques used by an HCO to incre.docx
 
Discuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docxDiscuss the various means by which slaves resisted the slave system..docx
Discuss the various means by which slaves resisted the slave system..docx
 
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docxDiscuss the typica l clinical presentation of the diagnosis , Hip Os.docx
Discuss the typica l clinical presentation of the diagnosis , Hip Os.docx
 
Discuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docxDiscuss the types of resources, tools, and methods that are availabl.docx
Discuss the types of resources, tools, and methods that are availabl.docx
 
Discuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docxDiscuss the types of items that should be examined in a firewall log.docx
Discuss the types of items that should be examined in a firewall log.docx
 
Discuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docxDiscuss the types of property, providing an example of each an.docx
Discuss the types of property, providing an example of each an.docx
 
Discuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docxDiscuss the type of personality it takes to become a police officer..docx
Discuss the type of personality it takes to become a police officer..docx
 
Discuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docxDiscuss the two major sources of crime statistics for the United Sta.docx
Discuss the two major sources of crime statistics for the United Sta.docx
 
Discuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docxDiscuss the two most prominent theories related to the stage of adul.docx
Discuss the two most prominent theories related to the stage of adul.docx
 
Discuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docxDiscuss the two elements required for the consent defense. In ad.docx
Discuss the two elements required for the consent defense. In ad.docx
 
Discuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docxDiscuss the Truth in Lending Act and what role it places in financia.docx
Discuss the Truth in Lending Act and what role it places in financia.docx
 

Recently uploaded

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 

Recently uploaded (20)

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 

8 Final Project Milestone Two Draft of MemoTo complete this

  • 1. 8 Final Project Milestone Two: Draft of Memo To complete this assignment, review the prompt and grading rubric in the Milestone Two Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback. ISE 640 Milestone Two Guidelines and Rubric Overview: The milestone assignments in this course directly support you in the second final project, a memo. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. This is Milestone Two, a draft of Final Project Two: Memo. The final product will be submitted in Module Ten. Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be focusing on details of the investigation: resources needed, methods, and findings. Remember that the forensic notes provided to you may assist you in addressing the critical elements.
  • 2. Specifically, the following critical elements must be addressed: I. Key Details: Describe how the results from the forensic investigation assisted you with resolving the incident and identifying security impacts. II. Implications for Legal Action: Describe the accuracy, validity, and defensibility of the investigative steps that were taken. III. Audience Appropriate: Your entire internal memo should employ brevity and consumable language while presenting the necessary information. Rubric Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 3 to 4 double-spaced pages using 12-point Times New Roman font and one-inch margins. You should use current APA style guidelines for your citations and reference list. ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project. Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and
  • 3. going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high- quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address
  • 4. associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls
  • 5. and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. The following notes were provided by the Forensic Team: Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: Western Digital Hard Drive 500 GB with serial number duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. CHAT (AOL Instant Messenger): Several chat conversations
  • 6. were recovered containing information about possession of proprietary documents. SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.