Task: Digital Forensics Case Study (25 marks)

Task: Digital Forensics Case Study (25 marks)

In this major task, you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred to below:

In addition, you are also to comment on the ethical issues/implications that may arise during your investigation. See further explanation of this in the deliverables below.You are working in a Digital Forensic Investigation company, ABC Forensics (you can come up with your own company name if you are not a fan of this name) and investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e-mail from Terry Sadler about Jim Shu's new project (shown in Figure 8-5 of the textbook on p. 350). Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8-6 of the textbook on p. 350).

Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph and/or in any other form such as emails, text, spreadsheets etc as evidence. In particular, you may look for graphic files such as JPEG on the USB drive hidden in different formats. But during the investigation, you also look for other types of data as mentioned above. As a digital forensic specialist, you do not pre-assume that you will (or will not) find what you are looking for. However, you need to make sure that you conduct a comprehensive investigation before reaching any conclusions.

Note for the USB drive image, you need to download the "C08InChp.exe" file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019).

In order to conduct a thorough investigation, search all possible places where you think that data might be hidden (e.g. in e-mails and USB drive) and recover and present any digital evidence in the report. You may find that some of the files that you found cannot be opened properly or may be damaged or may be made corrupt intentionally, mention such files in your report. You may look at how to repair these files (hint: look at file headers). If you repair a file, mention in your report that you have done so using a specific DFT. You do not need to write the whole repair process if it is too long. If your current free version of the DFT cannot save large-size files, you may consider searching and using other similar DFTs that can save larger-size files. Assume that your company does not have the budget to purchase another DFT for this purpose, so you have to go with the free version.

Deliverables:First of all in order to visualise and understand this case properly, draw a mind map/chart/flow diagram to show the connection of each person involved and their roles in the company. You may like to mention along the mind map who is asking what request / providing information to whom. Your task is to make the mind map/chart/flow diagram clearer and more presentable to a new person to understand the case as possible. Include this mind map/chart/flow diagram in your report's executive summary.

You should also be asking this question while doing the investigation, is there any evidence other than images in this case (although you have been specifically asked to look for images)?

For this forensic examination, you need to provide a report of approximately 10-12 pages (this is not a hard page limit, take it as a guideline) in the format described in the presentation section below. Your report must include screenshots of your work and any images that you may have found during the investigation. Make sure that each screenshot has a proper label, e.g. something like Figure 1: Screenshot of opening USB file. etc. You also provide a brief (one or two sentences) description of that screenshot or the image that you inserted in your report. This may increase the number of pages of your report, which is acceptable. But make sure, if this is the case, you only include the screenshots which you think are necessary for the report.

In the findings section of your report, please comment on the ethical issues/implications that you may encounter during your investigation. Your comments should be clear, concise and to the point to articulate all the ethical issues and consequences related to the investigation.

You may have used various sources for collecting information such as lecture notes, web sources and forums etc. Cite all the sources of information in references that you used to prepare the report.