- 24th Nov 2021
- 02:36 am
Executive Summary
Leila Conlay told the security department that before the incident she had already sent emails (electronic letters) from Robert Lawrence to their personal email address. On the evening of the 29th, Mark Mawer from CC Terminals discovered a USB flash drive (a USB flash drive is a device that can be attached to a computer for storing information) at Robert Lawrence's desk, which he thought might have some information about in Leila Conlay's comment. Mr Mawer provided us with an image of this USB device for analysis-we mean a snapshot of the information on the storage device when we say file. To make sure that the duplicate of the information we obtained was not changed until it was obtained, Mark Mawer provided us with integrity test details that we used to ensure that we actually received the same copy of the details that Mr Mawer had taken from the USB flash drive found at the desk of Mr Lawrence. Other information was also retrieved from the deleted USB flash drive-a computer program or software known as "windump" some information created by this program and a map showing the coffee shop spot.
Introduction
This assignment aims to demonstrate the methods and tools used to forensically investigate a file system picture against a Robert Lawrence, in relation to an inquiry into a Leila Conlay"s allegations. During the forensic analysis, we will demonstrate how the chain of evidence custody is preserved, what proof is found on the picture of the file system, describe and investigate what computer programs may have been used, and incorporate the measures Robert Lawrence might have taken to confirm or disprove the allegations raised against Robert Lawrence. The findings of this investigation will then be used to determine what crimes Robert Lawrence may have committed under the laws of the Australian Commonwealth (Federal) and NSW State, and to provide the jury with a description of this evidence for analysis and comprehension. Digital Forensics and Incident Response Digital forensics is the process by which items found in digital devices are investigated and recovered in order to detect and recover any criminal or hacking activities. Digital forensics and incident management are two of the most important aspects of information security, considering the impressive number of breaches witnessed in recent years. Any company today must have the capability to respond to cyber-attacks rapidly and efficiently. Looking at historical evidence, though, it turns out that most businesses don't have professional IT personnel who can manage security breaches effectively. Effective handling of such incidents requires special training in a variety of highly technical fields including file systems, host attack vectors, operating system designs and possible network intelligence.
Collection Summary
Activities in data forensics include recording event compilation, storing, archiving, and inserting program audit log entries on existing client retention policies. Computer traffic related to the network is collected and used with proof of selection. Using forensic network toolsets, decoding malicious packets, detecting offending sessions, collecting historical network information, and using advanced packet inspection techniques can help to make the most of forensic management environments. CyberSec has experience of capturing real-world data that will greatly benefit your business by using our knowledge to design new workflows or improve current workflows. We partner with the teams to provide the best value for your in-house forensics needs, assessing and delivering processes that provide secure and reliable; Custody Chain" management that includes improved control policy models and electronic artifact assessments.
Investigation Report
EnCase Enterprise Version is a groundbreaking approach offering a forum for systematic company-wide response to events, information auditing, and forensic detection. Taking advantage of the powerful features of EnCase Forensic Version, the flagship product of Guidance Applications, our patent-pending technology allows you to locate, display, obtain and evaluate digital media anywhere on your website.
Timeline of Events
When investigating an event, an understanding of when programs or files were running is important. Occasionally, dates and timestamps can be found in other areas of the case, such as when looking at memory files. It is also possible to compare the detection of different DLL files or executable files in the memory image with the date and time they were accessed, in order to correlate certain activities observed on the system.
Conclusion
Examination of the USB flash drive from Robert Lawrence shows several documents that seem to be messages from Mr Lawrence to Leila Conlay, several of which seem to be threatening. A software named "windump.exe" which is a network traffic capture tool, was also recovered from the USB flash drive. A network traffic capture file, which seems to have been created by a windump.exe/tcpdump program, was also recovered from the USB flash drive, as well as a map – showing the location of the coffee shop where Leila Conlay met Sam Guarillo. Mr Lawrence claims to have collected the network traffic to and from the work machine of Leila Conlay in order to obtain personal knowledge about the personal activities and connections of Leila Conlay.
References
Hard Disk Image. (n.d.). Retrieved from https://www.sciencedirect.com/topics/computer-science/hard- disk-image
Enterprise Forensics. (n.d.). Retrieved from http://cybersecgroup.info/incident-response/computer-forensics/enterprise-forensics
Jordan, M. M. (n.d.). EnCase Enterprise Edition. Retrieved from https://www.securitywizardry.com/products/forensic-solutions/remote-forensics/encase-enterprise-edition