Analysis example

From Wikibooks, open books for an open world
Jump to navigation Jump to search

This example task will let you try your hand at a simple digital media analysis, it is constructed like a simple forensic investigation and will require you to:

  • Defining the scope of your analysis
  • Search the evidence for
  • Make a simple conclusion about the evidence
What you will need

For this analysis we provide an example acquired media, which you can download and perform an analysis on:

  • FTK 1.8.X trial version
  • Example acquired media (download link)

Scenario[edit | edit source]

MI5 officer Fred Bloggs has been accused of divulging secret information to an unknown foreign spy. His computer has been seized and is to be examined for relevant evidence. The computer comes from Bloggs' office which has an internet connection but is filtered only to allow web browsing.

It is believed Bloggs is using a private email account to send secret information out of his office, but this is not confirmed.

Define your scope[edit | edit source]

Reminder

Earlier in this chapter we discussed the idea of defining the aims of your investigation and using that to evolve a scope for your analysis.

Task
  • Write down the aims of the investigation (what is to be proven)
  • List the types of evidence that will be useful
  • Now list the types of evidence that are unlikely to be useful

Analysis[edit | edit source]

Draw a conclusion[edit | edit source]

Introduction to Digital Forensics
Example2