E-Mail : support@onlinemathsguru.com
Part I: Lab Deliverables (30 points): A. Screenshots (10 points; 2 points each): Capture and paste the following five screenshots. Give a one-sentence short description at the beginning of each screenshot. 1. A screenshot similar to (may not be exactly the same as) the illustration on page 7 step 5 of the Lab2 Write-up. Root terminal display immediately after the evidence and storage drive have been mounted. 2. A screenshot similar to (may not be exactly the same as) the illustration on page 16 of the Lab2 Write-up. 3. A screenshot similar to (may not be exactly the same as) the illustration on page 24 step 33 of the Lab2 Write-up. 4. A screenshot similar to (may not be exactly the same as) the illustration on page 25 step 34 of the Lab2 Write-up. Display of file type sorting and analysis tab in Autopsy. 5. A screenshot similar to (may not be exactly the same as) the illustration on page 31 step 43 of the Lab2 Write-up. Tab displaying project notes and custom notes typed in by the examiner. B. Log of Forensic Analysis (10 points): Create a numbered list or table to document the step-by-step actions taken as the examiner. Include date, time, devices, tools, data files, and logs generated. You only need to describe the data files and logs; no need to attach them. C. Report Letter to the Professor (10 points): Write a letter to the Professor sharing your experience of what you learned by performing this analysis. Why this work is valuable? What was attempted, what succeeded, what failed? Note: For the Report Letter to the Professor, you can use the major action information from the Log of Forensic Analysis deliverable but should focus on the forensic objectives, attempts, and results of accomplishment or failure, followed by a reflection on what you have learned through the lab. Use a business letter format with at least four or five paragraphs related to the forensic work. Part II: Lab Questions (70 points): Give your answer to each of the following questions based on your lab work and relevant readings. The original question must be visible. Each answer should be within one or two paragraphs and should be clear and correct in grammar. Please provide citations of sources should follow proper APA format with a reference section at the end of your Part II answers. 1. When presented with a forensic image to analyze, what steps would you take to plan for the investigation? 2. Based on the Request for Analysis pdf document, come up with five keywords that would be good to search for in this investigation. Please provide a justification for each choice. 3. Research and provide an overview of the Locard Exchange Principle. How is this principle relevant to digital forensics analysis? 4. What is a raw image? From data acquisition point of view, raw images are easier to manage. Why? 5. Find a file of interest to this investigation from the image drive by exploring the image in Autopsy and explain why you believe the file is of interest in the investigation. Please include a screenshot with the filename. Forensic Analysis with Autopsy Copyright UMUC 2015 Page 4 of 33 6. Find a deleted file of interest to this investigation from the image drive by exploring the image in Autopsy and explain why you think the file is of interest in the investigation. 7. What type of file system was the forensic image evidence collected from? Explain how you concluded on the type of file system. 8. Why should investigators take notes and annotate time/dates? What is this useful for? 9. Based on the lab, whom was Joey Lawless communicating with? Explain with evidence. 10. Based on reviewing the image, what do you think Joey Lawless was communicating about? Explain with evidence.