SlideShare a Scribd company logo

Please i need this paper in 6 hours. if you can make it happen, kind

Download as DOCX, PDF
T
taminklsperaw

Please i need this paper in 6 hours. if you can make it happen, kindly lets talk.thank you in advance . Final Project Milestone One: Draft of Report To complete this assignment, review the prompt and grading rubric in the Milestone One Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback.                             ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project.  Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings.  Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products.  Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis.  The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC person ...

Education
1 of 8
Please i need this paper in 6 hours. if you can make it happen, kindly lets talk.thank you in advance . Final Project Milestone One: Draft of Report To complete this assignment, review the prompt and grading rubric in the Milestone One Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback. ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project. Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. Scenario ACME Construction Company designs, manufactures,
and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high- quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names
of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. The following notes were provided by the Forensic Team: Forensic Team Investigation Notes Notes from the investigative
team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: g of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer. software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same. -based. The operating system used a new technology file system (NTFS) file structure. Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and
were not successfully unencrypted. EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad. ISE 640 Milestone One Guidelines and Rubric Overview: The milestone assignments in this course directly support you in the completion of your final project, a forensic investigative report. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. This is Milestone One, a draft of Final Project One: Report. The final product will be submitted in Module Nine.
Please note that your non-graded investigative journal will be submitted with this milestone to ensure completion. Make sure that you are adding to your investigative journal as you complete each module. Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be providing a summary of the scenario from the forensic notes document. You will also be explaining the relevant procedures needed to maintain evidentiary integrity: legal concerns, processes and procedures, and chain of custody. Lastly, you will be explaining details of the investigation, such as resources needed, methods, and findings. Ensure you review the full scenario in the main project document as well as the forensic notes document before drafting your report. Specifically, the following critical elements must be addressed: I. Executive Summary: Set the stage for your report, providing a brief overview of the situation and the stakeholders who are involved. II. Legal Concerns: Describe the problem(s) and objectives you are working with the company’s attorneys to solve. III. Relevant Procedures: In this section, you will outline the steps that (hypothetically) you will have to take prior to or as you investigate in order to maintain evidentiary integrity. Use your experiences from other situations you are engaging in within the lab environment to inform your responses. A. Processes and Procedures: Describe processes or procedures
necessary for handling a criminal situation by an internal employee. B. Chain of Custody: Explain how to maintain the chain of custody as you investigate the various aspects of the incident. Support your response with specific examples. IV. Details of Investigation: Based on your experiences in the labs, there will be specific resources, methods, and tools necessary to support the investigation in the scenario. A. Resources Needs: Explain what resources (team knowledge, skills, and abilities) are necessary for gathering the evidence for this forensic investigation. Provide examples based on your experiences from the labs. B. Methods: Describe the specific forensic method or approach you used to effectively leverage your available resources. C. Findings: Describe the specific findings and the forensic tactics and technologies you employed to reach them. V. Investigative Journal Notes: Submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. Rubric Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 4 to 5 double- spaced pages using 12-point Times New Roman font and one- inch margins. You should use current APA style guidelines for your citations and reference list. Be sure to attach both Milestone One and investigative journal files.
Please i need this paper in 6 hours. if you can make it happen, kind

Recommended

Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisalisondakintxt
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
8 Final Project Milestone Two Draft of MemoTo complete this
8 Final Project Milestone Two Draft of MemoTo complete this8 Final Project Milestone Two Draft of MemoTo complete this
8 Final Project Milestone Two Draft of MemoTo complete thisrhetttrevannion
 
Throughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative jouThroughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative joumarilynnhoare
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxedmondpburgess27164
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISSURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISIJNSA Journal
 

Recommended

Final Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisFinal Project Milestone One Draft of ReportTo complete this
Final Project Milestone One Draft of ReportTo complete thisalisondakintxt
 
9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this as9-1 Final Project One Submission Report To complete this as
9-1 Final Project One Submission Report To complete this asrhetttrevannion
 
8 Final Project Milestone Two Draft of MemoTo complete this
8 Final Project Milestone Two Draft of MemoTo complete this8 Final Project Milestone Two Draft of MemoTo complete this
8 Final Project Milestone Two Draft of MemoTo complete thisrhetttrevannion
 
Throughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative jouThroughout this course, you will be keeping an investigative jou
Throughout this course, you will be keeping an investigative joumarilynnhoare
 
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docx
ASSIGNMENT2 Computer Architecture and Imaging So you’re telling .docxedmondpburgess27164
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISSURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSIS
SURVEY OF UNITED STATES RELATED DOMAINS: SECURE NETWORK PROTOCOL ANALYSISIJNSA Journal
 
Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
The Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxThe Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxmehek4
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Latest presentation
Latest presentationLatest presentation
Latest presentationAdetunji Adeoje
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptxSachinGosavi15
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics reportyash sawarkar
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public InvestigationsCTIN
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensicspranjal dutta
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)softwaresatish
 
Decision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docxDecision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docxtaminklsperaw
 
Debate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docxDebate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docxtaminklsperaw
 

More Related Content

Similar to Please i need this paper in 6 hours. if you can make it happen, kind

Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualBrjco
 
The Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxThe Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxmehek4
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptxSachinGosavi15
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsDaksh Verma
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsCSCJournals
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxsmile790243
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libinlibinp
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxwrite4
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics reportyash sawarkar
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public InvestigationsCTIN
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)softwaresatish
 

Similar to Please i need this paper in 6 hours. if you can make it happen, kind (20)

Forensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 VirtualForensic Toolkit Analysis Of A Windows 98 Virtual
Forensic Toolkit Analysis Of A Windows 98 Virtual
 
The Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docxThe Breach at Limetree Updated November 18, 2017 Bac.docx
The Breach at Limetree Updated November 18, 2017 Bac.docx
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
219568662-QUICK-Cloud-Storage-Forensic-Analysis-Presentation.pptx
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Client Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future DirectionsClient Forensics: An Assessment of Existing Research And Future Directions
Client Forensics: An Assessment of Existing Research And Future Directions
 
Maintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docxMaintaining The Digital Chain of Custody By John Patzakis .docx
Maintaining The Digital Chain of Custody By John Patzakis .docx
 
Computer forensics libin
Computer forensics libinComputer forensics libin
Computer forensics libin
 
ICT741 Digital Forensics.docx
ICT741 Digital Forensics.docxICT741 Digital Forensics.docx
ICT741 Digital Forensics.docx
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Cyber&digital forensics report
Cyber&digital forensics reportCyber&digital forensics report
Cyber&digital forensics report
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Cyber forensics
Cyber forensicsCyber forensics
Cyber forensics
 
Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)Exercises portfolio-Digital Curation Tools (IS40620)
Exercises portfolio-Digital Curation Tools (IS40620)
 

More from taminklsperaw

Decision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docxDecision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docxtaminklsperaw
 
Debate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docxDebate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docxtaminklsperaw
 
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docx
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docxDB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docx
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docxtaminklsperaw
 
Data Warehouses and Network Infrastructure Please respond to the f.docx
Data Warehouses and Network Infrastructure Please respond to the f.docxData Warehouses and Network Infrastructure Please respond to the f.docx
Data Warehouses and Network Infrastructure Please respond to the f.docxtaminklsperaw
 
Data Warehouses and Network InfrastructureImagine that you are a.docx
Data Warehouses and Network InfrastructureImagine that you are a.docxData Warehouses and Network InfrastructureImagine that you are a.docx
Data Warehouses and Network InfrastructureImagine that you are a.docxtaminklsperaw
 
Data mining does not stand alone in businesses. It is unusually part.docx
Data mining does not stand alone in businesses. It is unusually part.docxData mining does not stand alone in businesses. It is unusually part.docx
Data mining does not stand alone in businesses. It is unusually part.docxtaminklsperaw
 
David Freeman argues in Messy Desk Means Something’s Getting Do.docx
David Freeman argues in Messy Desk Means Something’s Getting Do.docxDavid Freeman argues in Messy Desk Means Something’s Getting Do.docx
David Freeman argues in Messy Desk Means Something’s Getting Do.docxtaminklsperaw
 
Database RetrievalThe goal of this assignment is to locate and use.docx
Database RetrievalThe goal of this assignment is to locate and use.docxDatabase RetrievalThe goal of this assignment is to locate and use.docx
Database RetrievalThe goal of this assignment is to locate and use.docxtaminklsperaw
 
Data and Information  Please respond to the followingAnalyze the.docx
Data and Information  Please respond to the followingAnalyze the.docxData and Information  Please respond to the followingAnalyze the.docx
Data and Information  Please respond to the followingAnalyze the.docxtaminklsperaw
 
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docx
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docxData Analysis—Small Group DiscussionAs a nurse engaged in evidence.docx
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docxtaminklsperaw
 
Darr writes, To transform the organization so that its culture is .docx
Darr writes, To transform the organization so that its culture is .docxDarr writes, To transform the organization so that its culture is .docx
Darr writes, To transform the organization so that its culture is .docxtaminklsperaw
 
Cyberwarfare has been in the mainstream discussion of cybersecurity .docx
Cyberwarfare has been in the mainstream discussion of cybersecurity .docxCyberwarfare has been in the mainstream discussion of cybersecurity .docx
Cyberwarfare has been in the mainstream discussion of cybersecurity .docxtaminklsperaw
 
Cut and paste a chart from the web explaining the trade balance betw.docx
Cut and paste a chart from the web explaining the trade balance betw.docxCut and paste a chart from the web explaining the trade balance betw.docx
Cut and paste a chart from the web explaining the trade balance betw.docxtaminklsperaw
 
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxCW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxtaminklsperaw
 
Cybersecurity Organization policy135 words with 2 references per.docx
Cybersecurity Organization policy135 words with 2 references per.docxCybersecurity Organization policy135 words with 2 references per.docx
Cybersecurity Organization policy135 words with 2 references per.docxtaminklsperaw
 
Currently, most developed countries use a variation of Keyness poli.docx
Currently, most developed countries use a variation of Keyness poli.docxCurrently, most developed countries use a variation of Keyness poli.docx
Currently, most developed countries use a variation of Keyness poli.docxtaminklsperaw
 
Currents are important in marine ecosystems because they redistribut.docx
Currents are important in marine ecosystems because they redistribut.docxCurrents are important in marine ecosystems because they redistribut.docx
Currents are important in marine ecosystems because they redistribut.docxtaminklsperaw
 
Current Issue Critical ThinkingRead the following excerp.docx
Current Issue Critical ThinkingRead the following excerp.docxCurrent Issue Critical ThinkingRead the following excerp.docx
Current Issue Critical ThinkingRead the following excerp.docxtaminklsperaw
 
Daoism WorksheetComplete the following questions in detail. Answ.docx
Daoism WorksheetComplete the following questions in detail. Answ.docxDaoism WorksheetComplete the following questions in detail. Answ.docx
Daoism WorksheetComplete the following questions in detail. Answ.docxtaminklsperaw
 
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docx
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docxDAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docx
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docxtaminklsperaw
 

More from taminklsperaw (20)

Decision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docxDecision Making in Collegial Courts  Please respond to the followi.docx
Decision Making in Collegial Courts  Please respond to the followi.docx
 
Debate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docxDebate ItAbsorption costing and other methods make it possible.docx
Debate ItAbsorption costing and other methods make it possible.docx
 
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docx
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docxDB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docx
DB #1, involves your reading Streaming Dreams” (2012). Therein, Joh.docx
 
Data Warehouses and Network Infrastructure Please respond to the f.docx
Data Warehouses and Network Infrastructure Please respond to the f.docxData Warehouses and Network Infrastructure Please respond to the f.docx
Data Warehouses and Network Infrastructure Please respond to the f.docx
 
Data Warehouses and Network InfrastructureImagine that you are a.docx
Data Warehouses and Network InfrastructureImagine that you are a.docxData Warehouses and Network InfrastructureImagine that you are a.docx
Data Warehouses and Network InfrastructureImagine that you are a.docx
 
Data mining does not stand alone in businesses. It is unusually part.docx
Data mining does not stand alone in businesses. It is unusually part.docxData mining does not stand alone in businesses. It is unusually part.docx
Data mining does not stand alone in businesses. It is unusually part.docx
 
David Freeman argues in Messy Desk Means Something’s Getting Do.docx
David Freeman argues in Messy Desk Means Something’s Getting Do.docxDavid Freeman argues in Messy Desk Means Something’s Getting Do.docx
David Freeman argues in Messy Desk Means Something’s Getting Do.docx
 
Database RetrievalThe goal of this assignment is to locate and use.docx
Database RetrievalThe goal of this assignment is to locate and use.docxDatabase RetrievalThe goal of this assignment is to locate and use.docx
Database RetrievalThe goal of this assignment is to locate and use.docx
 
Data and Information  Please respond to the followingAnalyze the.docx
Data and Information  Please respond to the followingAnalyze the.docxData and Information  Please respond to the followingAnalyze the.docx
Data and Information  Please respond to the followingAnalyze the.docx
 
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docx
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docxData Analysis—Small Group DiscussionAs a nurse engaged in evidence.docx
Data Analysis—Small Group DiscussionAs a nurse engaged in evidence.docx
 
Darr writes, To transform the organization so that its culture is .docx
Darr writes, To transform the organization so that its culture is .docxDarr writes, To transform the organization so that its culture is .docx
Darr writes, To transform the organization so that its culture is .docx
 
Cyberwarfare has been in the mainstream discussion of cybersecurity .docx
Cyberwarfare has been in the mainstream discussion of cybersecurity .docxCyberwarfare has been in the mainstream discussion of cybersecurity .docx
Cyberwarfare has been in the mainstream discussion of cybersecurity .docx
 
Cut and paste a chart from the web explaining the trade balance betw.docx
Cut and paste a chart from the web explaining the trade balance betw.docxCut and paste a chart from the web explaining the trade balance betw.docx
Cut and paste a chart from the web explaining the trade balance betw.docx
 
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docxCW 1 Car Industry and AIby Victoria StephensonSubmission.docx
CW 1 Car Industry and AIby Victoria StephensonSubmission.docx
 
Cybersecurity Organization policy135 words with 2 references per.docx
Cybersecurity Organization policy135 words with 2 references per.docxCybersecurity Organization policy135 words with 2 references per.docx
Cybersecurity Organization policy135 words with 2 references per.docx
 
Currently, most developed countries use a variation of Keyness poli.docx
Currently, most developed countries use a variation of Keyness poli.docxCurrently, most developed countries use a variation of Keyness poli.docx
Currently, most developed countries use a variation of Keyness poli.docx
 
Currents are important in marine ecosystems because they redistribut.docx
Currents are important in marine ecosystems because they redistribut.docxCurrents are important in marine ecosystems because they redistribut.docx
Currents are important in marine ecosystems because they redistribut.docx
 
Current Issue Critical ThinkingRead the following excerp.docx
Current Issue Critical ThinkingRead the following excerp.docxCurrent Issue Critical ThinkingRead the following excerp.docx
Current Issue Critical ThinkingRead the following excerp.docx
 
Daoism WorksheetComplete the following questions in detail. Answ.docx
Daoism WorksheetComplete the following questions in detail. Answ.docxDaoism WorksheetComplete the following questions in detail. Answ.docx
Daoism WorksheetComplete the following questions in detail. Answ.docx
 
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docx
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docxDAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docx
DAOISM & CONFUCIANISMWEEK 4Cosmogony - Origin of the Universe.docx
 

Recently uploaded

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

Please i need this paper in 6 hours. if you can make it happen, kind

  • 1. Please i need this paper in 6 hours. if you can make it happen, kindly lets talk.thank you in advance . Final Project Milestone One: Draft of Report To complete this assignment, review the prompt and grading rubric in the Milestone One Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback. ISE 640 Final Project Forensic Notes Use the information in this document to help you complete your final project. Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. Scenario ACME Construction Company designs, manufactures,
  • 2. and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high- quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names
  • 3. of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. The following notes were provided by the Forensic Team: Forensic Team Investigation Notes Notes from the investigative
  • 4. team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: g of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer. software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same. -based. The operating system used a new technology file system (NTFS) file structure. Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and
  • 5. were not successfully unencrypted. EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad. ISE 640 Milestone One Guidelines and Rubric Overview: The milestone assignments in this course directly support you in the completion of your final project, a forensic investigative report. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. This is Milestone One, a draft of Final Project One: Report. The final product will be submitted in Module Nine.
  • 6. Please note that your non-graded investigative journal will be submitted with this milestone to ensure completion. Make sure that you are adding to your investigative journal as you complete each module. Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be providing a summary of the scenario from the forensic notes document. You will also be explaining the relevant procedures needed to maintain evidentiary integrity: legal concerns, processes and procedures, and chain of custody. Lastly, you will be explaining details of the investigation, such as resources needed, methods, and findings. Ensure you review the full scenario in the main project document as well as the forensic notes document before drafting your report. Specifically, the following critical elements must be addressed: I. Executive Summary: Set the stage for your report, providing a brief overview of the situation and the stakeholders who are involved. II. Legal Concerns: Describe the problem(s) and objectives you are working with the company’s attorneys to solve. III. Relevant Procedures: In this section, you will outline the steps that (hypothetically) you will have to take prior to or as you investigate in order to maintain evidentiary integrity. Use your experiences from other situations you are engaging in within the lab environment to inform your responses. A. Processes and Procedures: Describe processes or procedures
  • 7. necessary for handling a criminal situation by an internal employee. B. Chain of Custody: Explain how to maintain the chain of custody as you investigate the various aspects of the incident. Support your response with specific examples. IV. Details of Investigation: Based on your experiences in the labs, there will be specific resources, methods, and tools necessary to support the investigation in the scenario. A. Resources Needs: Explain what resources (team knowledge, skills, and abilities) are necessary for gathering the evidence for this forensic investigation. Provide examples based on your experiences from the labs. B. Methods: Describe the specific forensic method or approach you used to effectively leverage your available resources. C. Findings: Describe the specific findings and the forensic tactics and technologies you employed to reach them. V. Investigative Journal Notes: Submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. Rubric Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 4 to 5 double- spaced pages using 12-point Times New Roman font and one- inch margins. You should use current APA style guidelines for your citations and reference list. Be sure to attach both Milestone One and investigative journal files.