Q1: (5 points) Identify the requirements for acquiring and authenticating evidence. Different kinds of cases go through different processes. It is important that the investigator manage e-evidence throughout this process.
Consider the do’s and don’ts of managing e evidence and respond to the following:
• Explain how to manage e-evidence throughout the life-cycle of a case so that it is admissible in court or that it can be used for legal action. List two reasons why e-evidence might be inadmissible.
Q2: (5 points) Discuss at least 3 methods that can be used to hide data and three approaches to recovering that hidden data.
Q3: (5 points). Discuss some of the content found within an email header that can be useful in an investigation.
Q4: (5 points) Discuss at least 3 challenges associated with performing a forensics investigation on a mobile device.
Q5: (5 points) Discuss the role that volatility plays in a digital forensics investigation. What would be the most volatile data?
Q6: (15 points) Read the following scenario and respond to the questions below: As a digital forensics examiner, you have been called to the scene of a kidnapping. Several witnesses have told the investigator that the victim was very excited about a new person they met online. Your job at the scene as a digital forensics examiner is to recommend to the investigating officer a course of action as to what digital evidence may or may not be needed to investigate this crime. • Provide a list of potential digital evidence that the investigator is going to want to seize for possible forensic examination. Be thorough, as the lead investigator in this case is not computer savvy. • What additional sources of evidence might there be besides the digital equipment and media that would have been seized? How would you gain access to this evidence? • Describe how you will maintain the collected evidence. • What will you do to prepare for presenting this evidence in court?
Q7: (15 points) In August 2008, 11 people were charged with the theft of more than 40 million credit and debit card numbers from T.J. Maxx, Marshall’s, Barnes & Noble, OfficeMax, and other major retailers. Masterminded by computer hacker Albert Gonzalez, the case remains one of the largest frauds of credit card information in history. The Heartland case was similar to the TJX case. Between 2007 and 2009, the data breach involved the Heartland Payment Systems, the fifth largest credit card processor in the United States. During that time, Gonzalez and co-conspirators gained access to information associated with millions of credit cards by exploiting a network vulnerability. Both cases—Heartland and TJX—involved the theft of over 130 million credit and debit card numbers, making it the biggest computer crime case ever prosecuted in the United States. Question: you are the CISO of a Fortune 500 company here in the U.S. Your company uses customer credit card information to process millions or orders every year, both online and via traditional marketplace venues. you have information that based on recent Equifax breaches, your secure database has been breached and customer credit card data may have been stolen. You are meeting with a Digital Forensics investigator who has been hired to access incidents and report back to you with their findings. Detail the following: 1. Needs for the DF investigation — why did you bring in the investigator? 2. The forensic process you want followed, including data collection (detail possible sources of data), examination, analysis, and reporting. 3. List and describe the type(s) of information and it’s relevance to this case from each of the following: data and data files, Operating Systems (Windows 10, WIN Server ’12, and Ubuntu Linux), network traffic, applications, and eMail and services. include all resources used as well as referencing the TJX and Heartland cases
Q8: (15 points) In August 2017, a Wisconsin woman captured after living under an alias for 16 years was sentenced Tuesday to 14 years in prison for kidnapping an Allen Park woman in 2000. FBI agents mining social media discovered Kimberly Lee Johns last year in Marathon County, Wis., where she was living under the name Kim McGuire. She had escaped a halfway house in 2000 while awaiting trial in federal court in Detroit. During the trial, defense attorneys requested to submit numerous emails (dated between 1999-2000), that they contained personal, intimate, and sexual details of the couple’s relationship, and therefore showed a consensual relationship between the parties. The Government challenged their admissibility on the basis of authenticity, hearsay, relevancy, and Fed. R. Evid. 403. Question: the conviction has been appealed, and you are a Digital Forensic investigator who has been hired by John’s attorney to provide a report that can be submitted to the Federal court that details the tools and techniques that can be used to authenticate email messages from the time period. Provide two possible situations; with or without legal subpoena to access data from the email providers. Keep in mind that this is a Federal criminal case, and therefore your report needs to be professionally written and note any legal protocols or cases that might impact this appeal. Reference: https://www.leagle.com/decision/infdco20170314e33
Q9: (15 points) In December 2013, a serial con artist plead guilty to Bank Fraud and Identity Theft. According to the plea agreement, the ‘con artist’ committed crimes from at least as early as July 2011 through May 2013, when she was finally arrested. Over a period of two years, and at least 58 times, the criminal defrauded banks and individuals. As part of her scheme she would approach people, usually at ATMs, and give them a sad story about her need to cash a check and her inability to deposit the check into her bank account. She would convince her victims to deposit the checks, which were worthless, into their own account and then withdraw funds, sometimes giving them $100 for their trouble. The fake checks were generally drawn on closed accounts, because the checks had been stolen or were from the accounts of deceased individuals. When she was arrested for failure to appear warrants in May 2013, some of the items recovered included a checkbook, stolen from a purse at a local mall, along with the victim’s Driver’s License, Social Security card, a Visa card, and a bank debit card.
Question: you are a Digital Forensic investigator who has been hired by the attorney for the convicted party. The attorney tells you that the case is under appeal based on the argument that the ‘con artist’ was coerced to confess. The attorney also gives you a cellphone belonging to his party and asks you to run a thorough examination of the mobile device to extract any data that may be important to this case. Detail the steps you would take in your investigation, starting with taking possession of the mobile device. Reference: https://www.justice.gov/usao-mdfl/pr/serial-con-artist-pleads-guilty-bank-fraud-andaggravated-identity-theft
Q10: (15 points) Your best friend from college just contacted you, asking for help based on your knowledge and skills in Digital Forensics. Your friend tells you that their Sony PlayStation (PSN) account has been hacked and all funds in their PSN wallet are gone. In addition to having had over $100 in gift card funds in their PSN wallet, he tells you that he also had saved his credit card information on his system and is fearful that more money may be stolen. After talking to your friend, you discover that he did have a unique password for this account, did not share his account information with anyone, and does play multi-player games with friends online. He tells you that he became aware of the intrusion when he received emails from Sony confirming purchases (he did not make). When he looked at his system following the emails, he found that his consoles/devices had been removed from the account and others were added. Upon contacting Sony, this was their response: “In relation to the transactions you recently flagged as unauthorized, our investigation concluded that the serial number of the console on which these transactions were made does not match the serial number of the console you provided to us on your original call. Regrettably, as stated in the PlayStation Network Terms of Service, we are unable to offer a refund for purchases made on PlayStation Store unless the content is found to be defective. We have taken the appropriate action against the console which made the purchase but unfortunately we cannot share the details of this console with you for security purposes.” Question: provide a detailed description of the steps you would take to help your friend. Approach the scenario like a DF investigator and identify any possible sources of relevant information as well as how you would go about retrieving and analyzing the data.
This page of the exposition has 1651 words. Download the full form above. In the course of recent decades, hereditary qualities has gotten basic in computing the appearance time of the principal movements into present day America just as deciding the hereditary structure of these first occupants. While the archeological record is verifiably helpful in the remaking of relocation designs, a predisposition exists which represents that the probability of finding the first of a particular fossil or ancient rarity is on the whole improbable. Accordingly meaning, that while antiquarianism can give us direct proof of the first peopling of the Americas, it is incautious to rely upon this field of study freely. Hereditary qualities, hence, has demonstrated basic in filling the holes left by archeologists and contributing plausible dates of populace parts from East Asia and afterward Beringia. This present author’s impact which definitely lead to the number of inhabitants in North and South America has been to a great extent revealed by sequencing the genome of current indigenous Americans and contrasting these haplogroups with the genome-wide database. By sequencing both Mitochondrial DNA (mtDNA) and Ancient DNA (aDNA), it has now been affirmed that the Amerinds’ hereditary history is generally the consequence of one basal genealogical genealogy. Exemptions to this will be examined in further detail, nonetheless, it is clear through hereditary qualities that one beginning relocation through the Bering Strait is liable for most of old hereditary cosmetics found in Native Americans. Further, reproductions of hereditary inconstancy and quality recurrence of loci have been used in the discussion on whether the underlying colonization harmonizes with the Rapid Expansion or the Coastal Migration Model. Hereditary sequencing has in this manner gave researchers further comprehension of the potential starting courses into the Americas, showing that this relocation furnished reoccurring quality stream with East Asia, and that given major mtDNA haplogroup ancestries are generally liable for the present-day allele recurrence of indigenous American populaces. Two Primary Colonization Models for Peopling of the Americas: While breaking down the underlying colonization of the Americas, there are two broadly discussed models which plan to clarify the movement course and time of this first extension. One of these potential clarifications, The Rapid Expansion (“Blitzkrieg”) Model (REM), was most generally excepted before the exposing of the “Clovis First” speculation (Fix, 2002). The Rapid Expansion Model was at first proposed by Martin (1973) and asserted that the main tenants of the Americas were trackers crossing the Beringian land connect through the Ice Free Corridor when ocean levels were lower roughly 11,500 years prior (Fix, 2002). There are two fundamental ramifications with this model, one of which is the exposing of Clovis First with the revelation of Western Stemmed Points at the Gault Site in Texas in lower stratigraphic request than Clovis advances (Williams et al., 2018). The second inconsistency in the REM model lies with the ramifications of Martin’s implied pace of populace development. Martin’s accepted populace development pace of 3.4% yearly would bring about a multiplied populace after the 20 years following the underlying author’s impact from Siberia (Fix, 2002). He asserts that in 17 ages, 100 introductory people were fit for populating all of what is currently North and South America (Fix, 2002). This theory is inconceivably hazardous in light of the fact that such a quick pace of colonization implies an extraordinary consumption of hereditary fluctuation. Along these lines, regardless of whether one ignores that REM doesn’t agree with the late occupation on Monte Verde, Chile 14,500 years prior, the consumption of hereditary fluctuation from an establishing populace of 100 would almost certainly yield an amazingly high heterogeneity. (Fix, 2002). This idea was reenacted by Cavalli-Sforza (1986) utilizing the condition (FST = 1 – π (1 – 1/2 Ne ) to figure the normal inside populace variety, FST, when reoccurring sprouting occasions happen (Cavalli-Sforza 1986). Results demonstrated that after 20 ages over a potential 1000-year time frame, FST yields a heterogeneity of 0.855 which is high to such an extent that it nearly arrives at the most extreme section of 1 (Cavalli-Sforza 1986). It’s additionally commented that the among-populace variety broke down in Amerinds go from 0.1 to 0.2, therefore showing that the REM model doesn’t mirror the FST represented in indigenous Americas (Cavalli-Sforza 1986). The second and as of now the more excepted course for the underlying movement into the Americas is the Coastal Model (CM). The Coastal Model was at first recommended by Fladmark (1979) and sets an underlying colonization along the coast by utilizing pontoons and afterward spreading inland by using stream channels (Fladmark, 1979). Dixon (1999) recommended that the CM could have been open 13,500 years back or earlier, which takes into account extra relocation time and not requiring as extensive as a populace development as the recently examined REM (Fix, 2019). The CM is a favored movement course hereditarily talking because of the accessibility to spread over bigger territories all the more quickly and the accessibility to have sexual intercourse with close by bunches who are not as hereditarily comparable taking into account consistent quality stream. One clarification endeavoring to clarify the further movement designs once the underlying colonization through the CM happened, is named the Leapfrog Hypothesis or Linear Model proposed by Anderson and Gilliam (2000). This idea recommends that when regions become excessively involved, the populace development does not increment anymore, yet relocation between encompassing populace proceeds (Anderson and Gilliam 2000). This idea was reenacted by Fix (2002) utilizing 10 neural alleles with a recurrence of 0.5 in the given populace intended to speak to the principal people involving the northwest beach front area of North America (Fix, 2002). The populace development in this given gathering and encompassing territories was Nt-1 = Nt (1+A(1-Nt)/Nmax) in which A speaks to the development pace of 0.007 years and Nmax speaks to the most extreme populace size of 250 of every a given gathering (Fix, 2002). It was indicated that once a populace size surpassed 250, relocation to the following southward domain would happen inside a part of the populace (Fix, 2002). This procedure of having a venturing stone relocation would allow every age to have irregular intergenerational hereditary float. Further, a progression of relocations would come to pass while additionally taking into account returning settlements to additionally take into consideration quality stream. Under this model, an indicated movement of 4km a year would take into consideration populaces to reach Tierra de Fuego in several thousand years without thusly delivering high heterogeneity. This can be found in the aftereffect of the reenactment which demonstrates that instead of REM, the Coastal Model had no fixed loci toward the finish of 100 ages and moreover FST values show that the underlying hereditary variety was safeguarded in every single unique populace (Fix, 2002). Given the reenactment of populace development utilizing the Leapfrog Model, apparently the Coastal Model would be increasingly likely because of a higher recurrence of intergenerational hereditary float taking into account the conservation of hereditary variety between populaces found in current indigenous Americas. Situations of Settlement There is a typical understanding that the organizers impact of people scattering into the Americas was through the Bering Strait; in any case, some error exists on the specific relocation from Asia. While the underlying settlement of the Americas happened in one essential occasion, there has been different differences about the quantity of transitory waves following this fundamental originator’s impact and the planning of these models (Ray et al., 2010). Greenburg and partners recommended that the underlying relocation into the Americas were by the Clovis individuals roughly 13,000 years prior which brought about the Amerind etymological family (Greenberg et al., 1986). Two further relocations following were proposed to of been related with the arrangement of the Na Dene and Eskimo Aleutian semantic families (Greenberg et al., 1986). Greenburg and partners’ proposed succession of settlement has been to a great extent under analysis because of the archeological discoveries that the main American populaces originated before Clovis and hereditary information has presumed that it’s pre-Clovis (Ray et al., 2010; Williams et al., 2018). In this manner, ongoing factual estimations by Ray and associates have been used in the endeavors to think about Single-Wave (SW), Two-Wave (2W), and Recurrent quality stream (RGF) transformative models (Ray et al., 2010). Inexact Bayesian calculation (ABC) has demonstrated valuable in examining these models by mimicking information and contrasting outcomes in respects of test size and recurrence of loci (Ray et al., 2010).>GET ANSWER Let’s block ads! (Why?)