Final Project – Submit Files
|Hide Submission Folder Information|
Read the parts of each section of this project carefully as you are being asked to answer questions assuming different roles.
In the course of this investigation you, as the InfoSec Specialist for Greenwood Company, have or will need to interview (or perhaps “interrogate”) several people to provide context for the evidence you have collected as well as the rational for your searches. Greenwood Company management is asking for everything to be documented and would like you to provide them responses to the following pieces of information:
For the purpose of the first part of this Section, you are still the InfoSec Specialist for the Greenwood Company. Consider this project a continuation of the work you performed in Projects 1 and 2.
After seeing you search Mr. McBride’s work area and take several pieces of evidence, Ms. Maria Flores who works in the office across the hall, comes forward with an odd story. Ms. Flores states that she is Mr. McBride’s fiancé, but lately things in their relationship had begun to sour. She produces a thumb drive she says Mr. McBride gave her earlier that day. She tells you Mr. McBride told her to “keep it safe” and asked her to bring it home with her at the end of the day. Ms. Flores tells you she really likes her job and has no interest in being wrapped up in whatever Mr. McBride has done to invite negative attention.
Now, please assume a different character for the purpose of this next segment of the assessment… You are a forensic examiner at the above mentioned Greenwood Company lab. After receiving the package from the InfoSec Specialist in the field, you sign the chain of custody form and get set to begin your examination.
To: You, Greenwood Company Digital Forensics Examiner
From: H. Jenkins, HR Management
This case has made Greenwood Company upper management recognize the importance of forensic readiness. They have asked that you nominate three (3) forensic examination/analysis (software) tools for them to keep in their budget for the following year. They also state that they want to make sure that the tools nominated are ones that would meet criminal justice-level standards and evidentiary requirements under the Daubert Standard. In your response, please list the tool name, manufacturer, the capabilities of the tool, and how the three tools meet the standards of Daubert. (Management specifically wants tools that can examine/analyze the digital data inside the devices and is not interested in your input on additional tools that write protect or image devices at this time.)
Fortunately, the InfoSec Specialist was on his/her game, and ALSO sent you copies of several files, reported to be the source code of “Product X”.
You complete your laboratory examination and return the evidence, with your report, back to the InfoSec Specialist at the field office.
Now, back at the field office, the InfoSec Specialist (a.k.a., you) receives the report from the Greenwood Lab, which shows that the complete “Product X” source code was found on Mr. McBride’s thumb drive. In addition, while the evidence was at the lab for examination, you determined it is also likely that Mr. McBride emailed copies of the source code to his personal email address.
The decision is ultimately made to report the theft to law enforcement and, using primarily the evidence you developed during your investigation, Mr. McBride is brought to trial for the crime. You (as the forensic examiner from the Greenwood Lab) are qualified as an expert witness at the trial and called to testify.
“How do we know you are not biased in this case, choosing to report only what would help law enforcement and your company’s bottom-line? How can I know from your work that your analysis should be accepted?”