Sam Jones Investigation

.docx

School

Bellevue University *

*We aren’t endorsed by this school

Course

607

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

2

Uploaded by MajorGoldfishMaster955

Report
What would need to be done to gather evidence from these computers? With the local PD already involved, it is likely that probable cause has been established and search warrants have been issued for each location involved in the investigation. Upon receiving the search warrant, I would assess the scope and nature of the case, secure the scene, and document the state of any devices relevant to the investigation. I would then proceed to identify any obstacles to the investigation, determine the necessary tools and procedures for data retrieval, and maintain a detailed journal of my actions. Additionally, I would photograph and sketch the scene, noting any items falling under the Plain View Doctrine. Subsequently, I would obtain access from local IT administrators, including any relevant passwords, and document key information such as hardware specifications, operating system details, and active applications. All items, including those in plain view, would be properly documented and secured using evidence custody forms before being transported to the forensics lab for further analysis. What obstacles can be expected to be encountered during this process? If the computers cannot be taken out of production, it could pose a significant challenge. For instance, if the employee being investigated has two computers at the workplace, one of them might be used for critical business functions like hosting files or running a web server. In such a scenario, it would require extra caution and additional measures to retrieve the relevant and essential data. Additionally, there might be data stored on network file shares that are not directly connected to the computers mentioned in the warrants but could contain important information related to the investigation. What actions need to be taken to ensure the chain of custody so there would be no challenges when the case is presented in court? The most effective course of action is to maintain a detailed journal that chronicles the entire sequence of events and your corresponding actions. Capture photographs and videos at significant points, such as when you first arrive at the scene, when closing applications, or when disconnecting peripheral devices. It is crucial to assign one individual the responsibility of properly securing, documenting, and removing physical evidence in order to minimize the length of the evidence chain.
How would this process differ if the company had its own Digital Forensics Investigator versus if the company did not? I doubt there would be much change since the investigation was initiated by law enforcement. If the investigation had started internally, the forensics team should have established policies and suspected criminal activity before involving law enforcement. Of course, the company's forensics team would not have authority over the employee's personal assets, including their computer, unless it is a device provided by the company. Before conducting any investigation, it would be advisable to consult corporate legal counsel to ensure that no rights are being violated. Therefore, if they reach that stage, the internal investigation would proceed as outlined above, and if necessary, law enforcement would be notified of their findings. Upon concluding the investigation, I will compile a comprehensive report that encompasses all crucial details pertaining to the process. This report will encompass information regarding the case, the initial scene, the steps taken for data retrieval, hardware specifications, file locations, file metadata, and more. Dealing with digital evidence can be challenging, particularly when it involves network file shares and cloud platforms such as IaaS, SaaS, and PaaS. Reference: Steuart., B. N. A. P. C. (2018). Guide to computer forensics and investigations: Processing digital evidence. CENGAGE LEARNING.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help