I need an explanation for this Science question to help me study.
Integrating Digital Forensics With Incident Response
Please navigate to the Lab Callout Box within the Content section (see Activities) for this week which also includes detailed instructions for this assignment. All links to open the appropriate documents and to launch the Citrix virtual environment will be found at this location.
**Remove / replace all red writing prior to submission**
itle, I.E. Suspect Name & Type of Case
Date item(s) received:
Date received by examiner
Item(s) Submitted for Exam:
Description Make Model S/N#
A summary of the request, i.e. by whom, why, what is being ask to search for and recover,
etc. Why is this examination being conducted?
Search warrant, consent, government/organizational property, etc.
Software Tools Used:
Tool Name Version Used For
Ex. Windows 10
Operating system of forensic
Hardware Tools Used:
(simulate write blocker(s) and system information)
Tool Name S/N# Used For
Ex. Tableau TD2u
Hard drive imaging.
This is a synopsis of what you found of forensic value i.e. Out of analyzing “x” number of
files, “x” were of forensic value; briefly describe the types of files discovered (you’ll get into
the details in the next section).
Also briefly describe the partition and file structure of the media examined i.e. partitions,
volume names, sizes, files systems.
Details of Examination:
This will typically be the longest part of this document.
It is more than
just answering the case questions!
Please be sure to read the
assignment deliverables carefully at the end of each lab).
Describe your examination procedures performed, i.e. signed for items for examination,
photographed evidence, conducted pre/post hash (describe why you perform hash analysis –
show both acquisition and verification hash sums)
, describe tools validation procedures
(your forensic hardware and software), anti-virus scans conducted.
Documentation of results to include answering questions detailed in the request, etc. This is
files of forensic interest
are reported on and linked to the case questions /
scenario. Findings should be described just not with words but snippets, screen shots, and
addendums when practical.
If you feel that some detailed findings would be better placed in an addendum that is fine.
Including triage tables, snippets of your findings, and other visual aids will better visually
guide the reader so consider using those in the labs and definitely the FR1 and FR2
assignments. Remember that readers of these reports are often not technical by trade.
Including an evidence photo(s) is also best practice (see Addendum A).
Conclusion / Recommendations:
State the facts only and avoid opinion / emotional explanations. Detail any further
examinations that maybe required, interview questions of subject(s) if applicable, what
could further be done in the investigation from the outcome of your examination, etc.
Document here the disposition of the items submitted for exam, i.e. stored in evidence
control, returned to requestor etc.
Addendum A: Photos
Simulate with pictures of similar devices you can find on the Internet. It is best practices to
include a picture(s) of the evidence you examined. For example:
The following is a photograph of Lenovo Laptop, Model 7834, Serial #765432.
PICTURE(s) SHOWN HERE (find an example using “Google Images”)
You may want to include the hash values in this area and just refer the reader to Addendum A
in the main document.
The following details the forensic image processing.
Example: Seagate Hard Drive, 250GB, Serial #12345:
Digital Forensics Examiner (DFE) created forensic evidence files of XXXX drive #XXXX.
The pre-processing hash results are presented below:
MD5 checksum: XXXX
SHA1 checksum: XXXX
The forensic processing subsequently created XXXX (X) files (simulated).
Forensic Evidence Files Created: XXX.E01 – XXXX.E04 (example with four files)
The forensic imaging process involved a post processing hash verification of the contents of the
evidence file compared with the pre-processing hash. The hash analysis is presented below.
MD5 checksum: XXXX: verified
SHA1 checksum: XXXX: verified
The forensic imaging process successfully created a forensically sound and verifiable bit stream
copy of the hard drive in the form of forensic evidence files.
Addendum B: Steps Taken
These are your notes on the steps you took while conducting the examination. Often, the
examiner must submit their notes along with the forensic report if a case goes to court.
I recommend just numbering your steps i.e. 1, 2, 3 in chronological order.
Start with how you received the media and describe how you sterilized.
1. Original USB drives and CD-Rs received from R. Jones. Items labeled and chain of custody
(COC) documentation initiated.
2. Forensically sterilized target media prepared using Paladin vX.XX.XXX. After launching the
Paladin tool, the target media was physically connected to the workstation running Paladin.
Target media was wiped and verified using command “sudo dcfldd pattern=00 vf=/dev/sdc.”
Results were a match, verifying the target media was forensically sterile.
3. Describe your analysis steps.
Include as many addendums as necessary to fully describe your findings. Ensure that all
addendums are referenced from the summary report.
Consider inserting “Bookmarks” (information that you have determined is of evidentiary value)
from your EnCase examination either into the “Detailed Findings” section in the summary
report template or as a separate addendum to fully describe your findings and answer the case
questions (each week’s Lab Lecture document will describe the scenario and case questions to
Remember to spell check your work before submitting.
Enter the password to open this PDF file.
Preparing document for printing… 0%
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more