Forensic Investigation Report
Executive Summary
Digital forensics is one of the critical fields of Cybersecurity, and often employees usually steal data when they want to depart from a particular company or organization. Many forensic studies typically show that employees often have a sense of ownership over the data they copy from the companies that they have been working. Many of the intellectual property include source codes, strategy documents, and other trade secrets. This type of information is usually used by the former employee against the company for a competitor or decides to start a new company( Du, Le-Khac & Cyclone,2017), Our case about investigating Mr. Roberts for performing unauthorized removal and possible theft of companies documents.
Requests phase
Before we play out a digital forensic examination on Mr. Robertson, we need to ask for and ask around not many systems that he was performing at the company, throughout the procedure we have to have the logs of the organization PCs that we were utilizing at the company. We need to have plans to lead the examination efficiently ( Dardick & Baggili,2017), this is regularly an ace effective measure, and we have to assemble all the access data from the organization, for example, the seriousness of the incident. Don't use plagiarised sources.Get your custom essay just from $11/page
Collection stage
The assortment stage is the initial step of the procedure in identifying, labeling, recording, and obtaining information from the potential sources that have essential information following rules and techniques that safeguard the respectability of the data. Collecting the clipboard content is one of the significant parts in a scientific examination, and more proof is typically found from a machine that is running.
Investigation Report
The data collected during the investigation was done offline, and we had to perform live network traffic through his computer by using wire shark tools, Firewall logs, anti-virus logs, and the domain controller logs. We managed to collect web server logs, windows event logs, database logs, and application logs. We examined the NTFS logs, which contain the MTF file table with all files and disks, the records in the MFT were the metadata and which had less than 512bytes, which had accommodated inside the MTF file.
Timeline
initially, we had to analyze the evidence. We gathered all the information that we found inside the imaging, and we will look upon the data to see whether any of the hidden files are presented or not, we will seek upon any unusual processes and if any sockets were opened occasionally.
List of Tools Used
It is regularly prompted that we should utilize measurable tool boxes all through the procedure to meet the prerequisites of a legal investigation ( Keeling and Losavio,2017). Hence there are different sorts of advanced legal instruments, each with various capacities; some are simply sniffers, and others manage the identification, fingerprinting, and mapping.
Conclusion
This report contains the conduct of the computer forensic investigation in various methods and tools that were used to find the digital trails of Mr.Roberts computer. This report also includes the principles of ISO17799 security policy procedures, which were implemented during the study (Shrivastava,2017). This report also contains the analysis part where we analyzed the data, which we used to gather various methods to yield our findings, hence digital forensic is very challenging because every incident usually differs from other events.
Figures and Exhibits
References
Dardick, G. S., & Baggili, I. A. (2017). The Journal of Digital Forensics, Security an aw.
Du, X., Le-Khac, N. A., & Scanlon, M. (2017). Evaluation of digital forensic process models concerning digital forensics as a service. arXiv preprint arXiv:1708.01730.
Keeling, D. G., & Losavio, M. (2017). Public Security & Digital Forensics in the United States: The Continued Need for Expanded Digital Systems for Security. Journal of Digital Forensics, Security and Law, 12(3), 6.
Shrivastava, G. (2017). Approaches of network forensic model for investigation. International Journal of Forensic Engineering, 3(3), 195-215.
Unstructured sentence. Grammatical error.
Make sure to capitalized the first letter after full stop.
First letter should be capital.
This should be in small letter.
Evidence inventory form missing.
1000 words bifurcated for technical part/figures. Add more Figures/tables as per requirement.
References not in proper format. Follow APA style.