Scribd
Upload
27 views9 pages

Forensic Assignment

This forensic report investigates allegations against Mr. Michel Mendy of tampering with client accounts and spreading false information at Global Digital Company. The investigation involved evidence collection from a flash drive and desktop computer, revealing unauthorized software and digital footprints linking Mr. Mendy to the misconduct. All procedures adhered to ACPO guidelines, ensuring the evidence's integrity for potential court proceedings.

Uploaded by

Musa Sonko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views9 pages

Forensic Assignment

This forensic report investigates allegations against Mr. Michel Mendy of tampering with client accounts and spreading false information at Global Digital Company. The investigation involved evidence collection from a flash drive and desktop computer, revealing unauthorized software and digital footprints linking Mr. Mendy to the misconduct. All procedures adhered to ACPO guidelines, ensuring the evidence's integrity for potential court proceedings.

Uploaded by

Musa Sonko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

COMPUTER FORENSICS REPORT

Case Study 1: Global Digital Company


Name: Musa Sonko
Matriculation ID: 22226056
Course Code: INS 405
Date: 29th may

Table of Contents
1. Introduction

2. Preparation for Forensic Investigation

3. Evidence Collection Procedures

4. Examination and Analysis

5. Reporting of Findings

6. Conclusions

7. References
1. Introduction
This report details a forensic investigation conducted for Global Digital
Company, following allegations against Mr. Michel Mendy, an employee
accused of tampering with client transaction accounts and spreading false
information about the company. The investigation aims to determine the
contents of a flash drive found in Mr. Mendy’s office and recover all relevant
data from both the flash drive and his office desktop computer. The
procedures are guided by the ACPO (Association of Chief Police
Officers) Good Practice Guide for Digital Evidence to ensure the
integrity and admissibility of evidence in court.
2. Preparation for Forensic Investigation
2.1 Initial Briefing
Upon being assigned the case, a meeting was held with relevant
stakeholders, including HR, IT, and legal representatives, to clarify the scope
and objectives of the investigation. The following key points were
established:
 The suspect, Mr. Mendy, denies all allegations.
 The suspect’s office and computer have been sealed.
 A flash drive was found in the office.

2.2 Forensic Readiness


 Ensured all team members are aware of the ACPO guidelines.
 Prepared a forensic toolkit (write blockers, imaging software, evidence
bags, etc.).
 Assigned roles for chain of custody management.

2.3 Legal and Ethical Considerations


 Confirmed authorization for evidence seizure and analysis.
 Maintained impartiality and confidentiality as per professional ethics
(Casey, 2011).
. 3. Evidence Collection Procedures
3.1 Following ACPO Guidelines
The ACPO principles are:
1. No action should change data that may be relied upon in court.
2. If a person must access original data, they must be competent and
explain their actions.
3. An audit trail or record of all processes should be created and
preserved.
4. The person in charge is responsible for ensuring compliance with the
law and these principles.

3.2 Securing the Scene


 Confirmed the office was sealed and untouched since discovery.
 Photographed the scene and all devices in situ.

3.3 Seizure of Evidence


 Labeled and bagged the flash drive and desktop computer.
 Documented serial numbers and physical condition.
 Maintained a strict chain of custody log.

3.4 Imaging and Preservation


 Used a write blocker to prevent modification of data.
 Created forensic images of both the flash drive and hard drive using
FTK Imager.
 Verified integrity with MD5 and SHA-1 hash values before and after
imaging.
4. Examination and Analysis
4.1 Flash Drive Analysis
 Scanned for malware and unauthorized software.
 Searched for installation files or logs related to SQL injection tools.
 Recovered deleted files and analyzed metadata for
creation/modification dates.

4.2 Desktop Computer Analysis


 Examined installed software for unauthorized tools.
 Analyzed browser history and social media activity for evidence of
spreading false information.
 Reviewed system logs for evidence of account tampering.
 Checked for external device connection logs matching the flash drive.

4.3 Timeline Reconstruction


 Correlated timestamps from both devices to reconstruct user activity.
 Identified any gaps or anomalies suggesting deliberate obfuscation.

4.4 Documentation
 Maintained detailed notes and screenshots of all findings.
 Ensured all steps were repeatable and verifiable.
5. Reporting of Findings
5.1 Flash Drive Contents
 Discovered installation files for a SQL injection pen-testing tool.
 Found logs indicating the tool was run on the same day as Mrs. Sarr’s
observation.
 Recovered deleted text files containing fragments of client account
data.

5.2 Desktop Computer Findings


 Located the unauthorized software in the Program Files directory.
 System logs showed the tool was executed under Mr. Mendy’s user
account.
 Browser history indicated visits to online forums discussing SQL
injection techniques.
 Social media accounts accessed from the computer were used to post
negative comments about the company.

5.3 Chain of Evidence


 All evidence was preserved and documented per ACPO guidelines.
 Hash values confirmed no alteration of digital evidence.
6. Conclusions
The forensic investigation found substantial evidence supporting the
allegations against Mr. Mendy:
 The flash drive contained and was used to install a SQL injection tool.
 The desktop computer showed clear signs of unauthorized software
installation and use.
 Digital footprints link Mr. Mendy’s account to both the tampering of
client accounts and the dissemination of false information on social
media.
The evidence was collected, preserved, and analyzed in a forensically sound
manner, ensuring its admissibility in court. All procedures adhered strictly to
the ACPO guidelines and professional ethical standards
7. References
 ACPO (2012). Good Practice Guide for Digital Evidence.
 Casey, E. (2011). Digital Evidence and Computer Crime (3rd ed.).
Academic Press.
 Carrier, B. (2005). File System Forensic Analysis. Addison-Wesley.
 Nelson, B., Phillips, A., & Steuart, C. (2018). Guide to Computer
Forensics and Investigations (6th ed.). Cengage Learning.

[Word Count: ~1100 (excluding references)]

Formatting Notes:
 Font: Times New Roman, 12 pt
 Margins: 1 cm left/right
 Single spaced
 Page numbers included
 Name and Matric ID on front page

You might also like