Questions and Topics We Can Help You To Answer:
For the purpose of this Project, you are still the InfoSec Specialist for the Greenwood Company. Consider this project a continuation of the work you performed in Project 1. In this portion of the investigation, you are ONLY collecting the physical evidence. You will NOT be handling the digital data during this stage of the investigation. (This step will be discussed in the Final Project.) You should limit your “care and handling” of each piece of evidence to the physical handling of the digital container.
With the scenario in mind, you are to write a report to your supervisor, thoroughly providing a response to the following questions (in paragraph format, properly citing outside research, where appropriate):
Part 1: Overview/Case Summary
Write a short summary of the incident that has occurred and establish what permissions/authorities you have before you search Mr. McBride’s former Company work area.
Physical Evidence Acquisition:
a. Look at the photo of Mr. McBrides’s work area. (See file attachment Work_Area.jpg) Identify three (3) potential items of digital evidence you see in the photo. For EACH item of digital evidence you identified, describe in first person what steps you took to collect the items (with emphasis on your care and handling of that item consistent with digital forensic best practices described in the module content/weekly readings). You should documenting these steps in a detailed way will mitigate questions, concerns, or a basic lack of information that will call your processes into question in court.
For each item, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold.)
a. Look at the photo of Mr. McBride’s work area. (See file attachment Work_Area.jpg) Identify three (3) potential items of non-digital evidence you see in the photo. For EACH item of non-digital evidence you identified, describe how you would collected each item, within standards and best practices described in your module content/weekly readings.
For each item, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold.)
Detail in your report how you secured the collection evidence after removing it from the original scene (the desk) and prior to sending it for analysis. Describe the security procedures in place as well as any environmental protections (specific to computer/digital devices) in place within the storage area.
Look at the Evidence Custody Document (See file attachment Evidence Custody Document.doc) and item photographs (Items-seized (pics).pptx) Read the Evidence Custody Document prepared by one of your co-workers, in which he is attempting to document the seizure the three items pictured in the accompanying photos. Did your co-worker adequately describe each item? What could you add to the descriptions, and for which items (based on what you see in the photos), to make them more complete and serve as an example to your co-worker of what they SHOULD look like?
Project Requirements:
Paper should be submitted as a basic report memo HOWEVER, an APA-formatted title page, in-text citations, and reference page is required. (See the following link for memo writing guidelines: http://www.umuc.edu/writingcenter/writingresources/effective_memos.cfm)
Each questions should be answered with a minimum of 1-2 paragraphs, so do your research, be specific, be detailed, and demonstrate your knowledge;
Answers to the above questions should be submitted in a single document (.DOC/.DOCX, .RTF, or .PDF), with answers separated so as to make it clear which question is being answered;
The submission should have a cover page, including course number, course title, title of paper, student’s name, date of submission, and submit to the assignments folder.
Format: 12-point font, double-space, one-inch margins
Articles
Collecting and Handling Evidence
622 Words 2 Pages