The Sole Reason for Carrying Out the Investigation - Case Study Example

s The Structure of Computer Forensic Report using FTK Imager Executive Summary This sole reason for carrying out this particular investigation is to determine the origin of a controversial email information that contained a spreadsheet entailing confidential company information and how it eventually ended up on a competitors website. The spreadsheet file attachment was posted on the technical support forum of the competitors website. This has subsequently led to the need to carry out an investigation to audit the origin of the file and the reason as to why the file was submitted. The company involved is the M57.biz, which has a total asset worth of $10 million and 10 employees hired during their first year of operation as a art catalog web system start-up. The main individuals involved in this feud are the two co-founders or owners of the company. Apparently there was a string of mailing and communication between these individuals which eventually led to the leaking of the private company information. Since most communication and file exchanges are conducted via email, the network was then prone to compromise given the unprofessional and lack of secured system. As the founders of the company, the two main involved individuals, that is, Alison Smith and Jean are in difficult terms since both parties claim there was a communication between them that led to the release and exposure of the private company information. The CEO, Alison is the paramount who authorized the investigation to be carried out to facilitate the troubleshooting and identification of the origin of the communication and email threads that eventually led to the information leak. The examination of Jeans computer media was essential in the investigation given that was the origin of the spreadsheet document. The forensic examination would eventually aid in the finding of conclusive data as to why and how the data ended up on the competitors web page. The findings gotten from the examination were essentially positive and offered conclusive information regarding the events that led to the information leak. Jean had to grant permission for investigators and auditors to go via his computer emails to be able to examine the email signature blocks and headers. The thread in the email conversations retrieved from Jeans computers display the source of the intrusion within the system that led to the compromise of company information. Below is the email message signature block displaying where the information was actually sent by Jean with thought and assumption hat she was communicating with her co-worker and company founder, Alison. This was achieved by going via the email message headers and the use of cutting-edge open-source tools that are readily available and updated to perform digital forensic investigations through the per-configured work stations. Objectives The goals of carrying out this investigation as prior mentioned entailed a number of tasks that outline the expertise of the forensic investigation. The tasks performed entail the examination of the image files in the given case-study. In this M57 Case, the objectives involve: Analysis of the case images is a paramount action that will be taken in the investigation to be able to verify or authenticate that the file source was from Jeans Computer. Verification of the computer md5 has codes and comparison with the analysis forensic tools to check if there is a match for that particular computer origin. Validation of the computer email communication threads to identify where the emails were going to and coming from. Computer Evidence Analyzed The computer evidence analyzed in this case study are the image files attached. The offer conclusive information that point out to the cause of the system intrusion and what happened. The evidence collected is represented in the list below showcasing the findings form the files analyzed for the investigation. Disk Image - The respective images analyzed revealed that the source of the file and emails were from the co-founders PC. Apparently Jean had numerous communications with her partner Alison via the company email probably availed the company system computer programmers, that is, alison@m57. - The use of the FTK image analyzer provided a high tech digital forensic tool that eventually granted the conclusive information regarding the case surrounding this information. Email Content - A snapshot look into the all the emails that originated from Jeans computer via the company email, that is, jean@m57.biz, reveal that the information was requested from an untrusted source posing as Alison. The snapshot below shows email sent requesting for the file. The email also show the thread of communication between the two entities via the email message interface. Relevant Findings The findings from this investigation comprise of the series of activities performed that eventually revealed the data an information exchange. A summary of the findings of value are included in below showing the process of image extraction. 1. Image file analysis and validation This method involved the analysis of the image file on the FTK platform which entailed the extraction of the image then the subsequent analysis to validate of the hash code conversions were identical to that of Jeans Computer. 2. Email Configuration This forms one of the conclusive findings that offer positive data that would aid in the further investigation. In the email cache files gotten form Jeans computers, there are numerous email information that direct and confirm the suspicion on the system compromise. In one of the mails, the subject shows a concern regarding the misuse of email addresses assigned to different individuals within the company. One of them is show below: Supporting Details The relevant findings that from this investigation are represented below using graphical interfaces that portray the findings that support the details of this investigation. Notably, the hash codes are identical verifying that the field originated from Jeans Computer. Image file extraction (Image Conversion using FTK-Imager) Identical hash code of conversion comparison Email Message Header Investigative Leads The vital investigative leads that give room further investigation are the variants that led to the compromise of the system. The main leads that are important to facilitating further investigation is the examination and looking into all the individuals who had access to the company communication system. Given that the programmers were working freelance and there was no fixed location of working offers more open information as to the probable intrusion points of the system. To accomplish this, all the working staff are to placed under investigation to try and identify and rule out any loop holes within the system. Additional Subsections and Recommendations The recommendations that are advisable in this case scenario will be to conduct a full system audit to identify loop holes within the current system and then perform a subsequent reconfiguration of the system to aid in fortifying the systems security. The protocols to be introduced would include the assignment of and renewal passwords after a given time frame to minimize on the intrusion on the system. The conduction of consistent system updates, for example, Java, PHP and database management systems that provide redundant layers of security. Authenticated parameters should also be set for the management and staff to aid in identifying the protocols required for logging into the system remotely. Remote login or VPN access to company network also poses a great threat to the network since it can be easily compromised. References 1. SAMMONS, J. (2012). The basics of digital forensics the primer for getting started in digital forensics. Waltham, MA, Syngress. http://www.sciencedirect.com/science/book/9781597496 PROSISE, C., & MANDIA, K. (2003). Incident response & computer forensics. New York, McGraw-Hill/Osborne. 2. SOLOMON, M., BARRETT, D., & BROOM, N. (2005). Computer forensics jumpstart. San Francisco, Calif, SYBEX. http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=121899. 3.CALOYANNIDES, M. A., & CALOYANNIDES, M. A. (2004). Privacy protection and computer forensics. Boston, Artech House. http://www.books24x7.com/marc.asp?isbn=1580538304. 4. COWEN, D. (2013). Computer forensics. New York, McGraw-Hill. 5. VACCA, J. R. (2005). Computer forensics computer crime scene investigation. Hingham, Mass, Charles River Media. http://site.ebrary.com/id/10228180. 6. ASSOCIATION OF DIGITAL FORENSICS, SECURITY AND LAW. (2006). The journal of digital forensics, security and law JDFSL. Farmville, VA, Association of Digital Forensics, Security and Law. http://www.jdfsl.org. 7. IFIP INTERNATIONAL CONFERENCE ON DIGITAL FORENSICS, CRAIGER, P., & SHENOI, S. (2007). Advances in digital forensics III IFIP International Conference on Digital Forensics, National Center for Forensic Science, Orlando, Florida, January 28-January 31, 2007. New York, NY, Springer. http://public.eblib.com/EBLPublic/PublicView.do?ptiID=645943. 8. IFIP INTERNATIONAL CONFERENCE ON DIGITAL FORENSICS, PETERSON, G., & SHENOI, S. (2011). Advances in digital forensics VII 7th IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL, USA, January 31 -February 2, 2011 : revised selected papers. Heidelberg, IFIP International Federation for Information Processing. http://dx.doi.org/10.1007/978-3-642-24212-0 9. CONFERENCE ON DIGITAL FORENSICS, SECURITY AND LAW. (2006). Proceedings of the Conference on Digital Forensics, Security and Law. Farmville, VA, Association of Digital Forensics, Security, and Law. http://www.digitalforensics-conference.org/index.htm. 10. SEJEAN, L., & WARREN, M. (2003). Computer forensics. Geelong, Vic, Deakin University, School of Information Technology. 11. VACCA, JOHN R. (2008). Computer Forensics. Charles River Media. Read More