Essay on Computer Forensics Case Projects Chapter 2

786 WordsOct 15, 20124 Pages
Case Project 2-1 * Receive the equipment from the Seattle Police Department with the chain of custody form * Enter my company information on form and secure the evidence * Request statements from officers on the condition of the computer on time of raid * Request a list of keywords to search * Transport Gateway computer to our secured forensics lab * Prepare a forensics workstation specifically for this case * Make two images of hard drive using two different tools * Examine drives for evidence by running keyword searches and checking URL’s for Internet searches. * Search registry for keywords * Identify specialty applications * Organize and consolidate in file and folders all recovered data…show more content…
When was the last time she accessed her computer? What is her background in computers, what is her skill level? I need some background on the former employee, her computer habits and activities prior to the files being found on her computer. I must collect digital evidence while keeping the data unaltered, first thing. This data will be used later in the prosecution of the case. This can be done through calculating and recording an evidence file. Next is imaging of the computer media with a write-blocking tool. I must keep the chain of custody. The computer's RAM is examined for evidence. During the examination step, verify and catalog the presence and integrity of the original evidence and any copies. An analysis is made with specialized equipment to find out exactly what's stored on the digital media. This includes a manual review of all materials found on the media, a review of the Windows registry, techniques to crack passwords and retrieve protected data, keyword searches and extraction of email and pictures for further review. Case Project 2-4 I would inform the employee that I can recover the files and the employee would need to fill out a form letting me know the exact names of the files missing. The first step in data recovery is to question the client. It is important to find out what operating system the employee is using and if it was a laptop or a desktop. By asking what programs/applications the
Open Document