Recovering Scrambled Bits And Digital Forensics Report

Task 1: Recovering scrambled bits

This task helps you to test your skills in encryption and decryption of some data that you may encounter in the field of digital forensics. For this task, I will upload a text file with scrambled bits on the subject interact2 site closer to the assignment due date. You will need to use some DFT (digital forensics tool) to recover the scrambled bits.

First, decide what DFT will be suitable for this task, and then start your process. Please note you may need to do a few iterations and some trials and tests to get the goal. Your bit recovery process should be a step-by-step process which means you may not see the whole recovered bits just after the first step, you may need to use several steps to recover all bits in the given file. You will be required to restore all the scrambled bits to their original order and copy the plain text in your assignment. You must give reasoning that why did you choose a particular method to recover the scrambled bits. There are marks allocated for this reasoning. If you only provide the correct answer and no explanation of reasons for choosing a particular method, there will be a loss of marks.

Deliverable: Describe the process with reasons used in restoring the scrambled bits and inserting the plain recovered text in the assignment. You can include the screenshots of your work in the assessment. Include at least in one of the screens shot your i2 site login and username to show it is your own work.

Task 2: Digital Forensics Report

In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below:

In addition, you are also to comment on the ethical issues/implications that may arise during your investigation. See further explanation of this in the deliverables below.

You are working in a Digital Forensic Investigation company, ABC Forensics (you can come up with your own company name if you are not a fan of this name) and investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the

cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e-mail from Terry Sadler about Jim Shu's new project (shown in Figure 8-5 of the textbook on p. 350). Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson.

Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph and/or in any other form such as emails, text, spreadsheets, etc as a piece of evidence. In particular, you may look for graphic files such as JPEG on the USB drive hidden in a different format. But during the investigation, you also look for other types of data as mentioned above. As a digital forensic specialist, you do not pre-assume that you will (or will not) find what you are looking for. However, you need to make sure that you conduct a comprehensive investigation before reaching any conclusions.

Note for the USB drive image, you need to download the "C08InChp.exe" file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, Steuart, 6/e, 2019).

In order to conduct a thorough investigation, search all possible places where you think that data might be hidden (e.g. in e-mails and USB drives) and recover and present any digital evidence in the report. You may find that some of the files that you found cannot be opened properly or may be damaged or may be made corrupt intentionally, mention such files in your report. You may look at how to repair these files (hint: look at file headers). If you repair a file, mention your report that you have done so using a specific DFT. You do not need to write the whole repairing process if it is too long. If your current free version of the DFT cannot save large-size files, you may consider searching and using other similar DFT that can save the larger-size files. Assume that your company does not have the budget to purchase another DFT for this purpose, so you have to go with the free version.

Deliverables: First of all in order to visualize and understand this case properly, draw a mind map/chart/flow diagram to show the connection of each person involved and their roles in the company. You may like to mention along the mind map who is asking what request / providing information to whom. Your task is to make the mind map/chart/flow diagram as clearer and presentable to a new person to understand the case as possible. Include this mind map/chart/flow diagram in your report's executive summary.