Lab 2: Integrating Digital Forensics With Incident Response

Author: Client Uploads

April 6th, 2023

I need an explanation for this Science question to help me study.

Struggling to find relevant content or pressed for time? – Don’t worry, we have a team of professionals to help you on

Lab 2: Integrating Digital Forensics With Incident Response

Get a 15% Discount on this Paper

Order Now

Integrating Digital Forensics With Incident Response

Please navigate to the Lab Callout Box within the Content section (see Activities) for this week which also includes detailed instructions for this assignment. All links to open the appropriate documents and to launch the Citrix virtual environment will be found at this location.

Find:

Highlight allMatch case

Current View

/ 4

Examiner Name

CMIT 424

**Remove / replace all red writing prior to submission**

To:

Requestor Information

Date:

Report Date

Case #:

XXXXXX

Title:

Case T

itle, I.E. Suspect Name & Type of Case

Date item(s) received:

Date received by examiner

Item(s) Submitted for Exam:

Item#

Description Make Model S/N#

Case Summary

A summary of the request, i.e. by whom, why, what is being ask to search for and recover,

etc. Why is this examination being conducted?

Legal Authority:

Search warrant, consent, government/organizational property, etc.

Software Tools Used:

Tool Name Version Used For

Ex. Windows 10

10.0.17763

Operating system of forensic

laptop.

Hardware Tools Used:

(simulate write blocker(s) and system information)

Tool Name S/N# Used For

Ex. Tableau TD2u

#12345

Hard drive imaging.

Preliminary Findings:

This is a synopsis of what you found of forensic value i.e. Out of analyzing x number of

files, x were of forensic value; briefly describe the types of files discovered (you’ll get into

the details in the next section).

Also briefly describe the partition and file structure of the media examined i.e. partitions,

volume names, sizes, files systems.

Details of Examination:

(

This will typically be the longest part of this document.

It is more than

just answering the case questions!

Please be sure to read the

assignment deliverables carefully at the end of each lab).

Describe your examination procedures performed, i.e. signed for items for examination,

photographed evidence, conducted pre/post hash (describe why you perform hash analysis –

show both acquisition and verification hash sums)

, describe tools validation procedures

(your forensic hardware and software), anti-virus scans conducted.

Documentation of results to include answering questions detailed in the request, etc. This is

where the

files of forensic interest

are reported on and linked to the case questions /

scenario. Findings should be described just not with words but snippets, screen shots, and

addendums when practical.

If you feel that some detailed findings would be better placed in an addendum that is fine.

Including triage tables, snippets of your findings, and other visual aids will better visually

guide the reader so consider using those in the labs and definitely the FR1 and FR2

assignments. Remember that readers of these reports are often not technical by trade.

Including an evidence photo(s) is also best practice (see Addendum A).

Conclusion / Recommendations:

State the facts only and avoid opinion / emotional explanations. Detail any further

examinations that maybe required, interview questions of subject(s) if applicable, what

could further be done in the investigation from the outcome of your examination, etc.

Disposition

of Evidence

Document here the disposition of the items submitted for exam, i.e. stored in evidence

control, returned to requestor etc.

Report End

Addendum A: Photos

Simulate with pictures of similar devices you can find on the Internet. It is best practices to

include a picture(s) of the evidence you examined. For example:

The following is a photograph of Lenovo Laptop, Model 7834, Serial #765432.

PICTURE(s) SHOWN HERE (find an example using Google Images)

You may want to include the hash values in this area and just refer the reader to Addendum A

in the main document.

Example:

The following details the forensic image processing.

Example: Seagate Hard Drive, 250GB, Serial #12345:

Digital Forensics Examiner (DFE) created forensic evidence files of XXXX drive #XXXX.

The pre-processing hash results are presented below:

MD5 checksum: XXXX

SHA1 checksum: XXXX

The forensic processing subsequently created XXXX (X) files (simulated).

Forensic Evidence Files Created: XXX.E01 XXXX.E04 (example with four files)

The forensic imaging process involved a post processing hash verification of the contents of the

evidence file compared with the pre-processing hash. The hash analysis is presented below.

MD5 checksum: XXXX: verified

SHA1 checksum: XXXX: verified

The forensic imaging process successfully created a forensically sound and verifiable bit stream

copy of the hard drive in the form of forensic evidence files.

Addendum B: Steps Taken

These are your notes on the steps you took while conducting the examination. Often, the

examiner must submit their notes along with the forensic report if a case goes to court.

I recommend just numbering your steps i.e. 1, 2, 3 in chronological order.

Start with how you received the media and describe how you sterilized.

For example:

1. Original USB drives and CD-Rs received from R. Jones. Items labeled and chain of custody

(COC) documentation initiated.

2. Forensically sterilized target media prepared using Paladin vX.XX.XXX. After launching the

Paladin tool, the target media was physically connected to the workstation running Paladin.

Target media was wiped and verified using command sudo dcfldd pattern=00 vf=/dev/sdc.

Results were a match, verifying the target media was forensically sterile.

3. Describe your analysis steps.

4. cont’d

Include as many addendums as necessary to fully describe your findings. Ensure that all

addendums are referenced from the summary report.

Consider inserting Bookmarks (information that you have determined is of evidentiary value)

from your EnCase examination either into the Detailed Findings section in the summary

report template or as a separate addendum to fully describe your findings and answer the case

questions (each weeks Lab Lecture document will describe the scenario and case questions to

be answered).

Remember to spell check your work before submitting.

Enter the password to open this PDF file.

File name:

–

File size:

–

Title:

–

Author:

–

Subject:

–

Keywords:

–

Creation Date:

–

Modification Date:

–

Creator:

–

PDF Producer:

–

PDF Version:

–

Page Count:

–

Preparing document for printing… 0%

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

step 1

Upload assignment instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Relax

Once you place an order with our professional do my paper services, all you need to do is relax as our experts work to impress you with amazing quality and timing for your order!

step 3

Review the final draft

As soon as the paper is ready, we’ll send you a copy via email. You'll also be able to download it from your account and request a revision or rate the work as appropriate.

Get personalized services with MyCoursebay

One writer for all your papers

You can select one writer for all your papers. This option enhances the consistency in the quality of your assignments. Select your preferred writer from the list of writers who have handledf your previous assignments

Same paper from different writers

Are you ordering the same assignment for a friend? You can get the same paper from different writers. The goal is to produce 100% unique and original papers

Copy of sources used

Our homework writers will provide you with copies of sources used on your request. Just add the option when plaing your order

What our partners say about us

We appreciate every review and are always looking for ways to grow. See what other students think about our do my paper service.

Human Resources Management (HRM)

Thank you so much.

Customer 452701, October 11th, 2023

Exploring Gender in Science, Technology, and Mathematics

Very good work

Customer 452769, July 2nd, 2022

Social Work and Human Services

Great Work!

Customer 452587, October 13th, 2021

Social Work and Human Services

Excellent Work!

Customer 452587, July 28th, 2021

Other

Excellent

Customer 452813, August 21st, 2023

Nursing

Great work. Will definitely recommend

Customer 452523, May 15th, 2021

Classic English Literature

Nicely done. Ty. Worth every penny.

Customer 452455, June 6th, 2021

IT, Web

Excellent job on the paper.

Customer 452885, January 25th, 2023

Nursing

excellent service! Not a beat missed!

Customer 452453, October 17th, 2021

IT, Web

Excellent job on the paper!

Customer 452885, December 28th, 2022

Other

NICE

Customer 452813, June 30th, 2022

Social Work and Human Services

Excellent Work!

Customer 452587, August 24th, 2021

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat