Forensics Investigation Report
Accuracy International (AI)
Prepared for
Head of Forensic Department
By
<Your Name goes here>
Table of Contents
1.INTRODUCTION3
1.1Nature of incident3
1.1.1Location3
2.VICTIMS3
2.1Victim details3
3.LOCATION OF EVIDENCE3
3.1Evidence description3
3.1.1System, Network, Server Descriptions3
3.2Seizure details3
3.3Handling Details (Chain of Custody)3
3.4Location of Evidence4
4.DEFINITIONS4
4.1Definitions4
4.2Tools4
5.PRESERVATION OF EVIDENCE4
5.1Validation of Original Evidence4
5.1.1Procedures4
5.1.2Result5
5.1.3Validation5
5.2Imaging5
5.2.1Procedures5
5.2.2Result5
5.2.3Validation5
6.INITIAL EVALUATION OF THE EVIDENCE5
6.1Existing Data Details5
6.1.1<First data detail>.5
6.1.2<Second data detail>5
7.ANALYSIS STEPS5
7.1Procedures5
7.1.1<First procedure followed>5
7.1.2<Second procedure followed>5
8.RESULTS6
8.1Pertinent Document Summaries6
8.1.1Document 1 Summary – <document name>6
8.1.2Document 2 Summary -<document name>6
8.2Pertinent Images Summary6
8.2.1Image 1 Summary – <name or category of images>6
8.2.2Image 2 Summary – <name or category of images>6
9.CONCLUSIONS6
9.1Summary6
1. INTRODUCTION
1.1 Nature of incident
Accuracy International (AI) is a specialist British firearms manufacturer based in Portsmouth, Hampshire, England and best known for producing the Accuracy International Arctic Warfare series of precision sniper rifles. Earlier this year, AI’s computer network was hit by a data stealing malware which cost thousands of pounds to recover from. As part of an ongoing covert investigation, the head of Security at AI (DG) has hired you to conduct a forensic investigation on an image of a USB device. The USB device, it is a non-company issued device, allegedly belonging to an employee Christian Macleod, a consultant and technical manager at AI for more than six years.
The USB device in question allegedly was removed from Christian’s workstation at AI while he was out of the office for lunch, the device was imaged and then it was plugged in back into Christian’s workstation. You have been provided with a copy of that image (the original copy is at the moment secure in a secure locker at the security department).
1.1.1 Location
Research and Development department
2. VICTIMS
2.1 Victim details
Accuracy International (AI) is the victim in this case
3. LOCATION OF EVIDENCE
3.1 Evidence description
3.1.1 System, Network, Server Descriptions
3.1.1.1 System 1
<Server type, etc.>
3.2 Seizure details
An identical copy of the suspect’s USB stick has been made for Forensic analysis on 16th Feb 2015. The USB stick was then returned to the suspect’s work computer, while he was at lunch.
3.3 Handling Details (Chain of Custody)
16/02/2015 12:30seizure of the USB stick by investigator David Chadwick.
16/02/2015 12:45an ISO image was created, which is a digitally identical copy of the original USB stick – verified by investigator Diane Gan
3.4 Location of Evidence
The original ISO has been placed in the secure locker, No 1625
A copy of the ISO has been passed to the Forensic Department for anaylsis
4. DEFINITIONS
4.1 Definitions
Acquisition of Digital Evidence: Begins when information and/or physical items are collected or stored for examination purposes. The term “evidence” implies that the collection of evidence is recognized by the courts. The process of collecting is also assumed to be a legal process and appropriate for rules of evidence in that locality. A data object or physical item only becomes evidence when so deemed by a law enforcement official or designee.
Data Objects: Objects or information of potential probative value that are associated with physical items. Data objects may occur in different formats without altering the original information.
Digital Evidence: Information of probative value stored or transmitted in digital form. Physical Items: Items on which data objects or information may be stored and/or through which data objects are transferred.
Original Digital Evidence: Physical items and the data objects associated with such items at the time of acquisition or seizure.
Duplicate Digital Evidence: An accurate digital reproduction of all data objects contained on an original physical item.
Copy: An accurate reproduction of information contained on an original physical item, independent of the original physical item.
4.2 Tools
<Tool list here>
5. PRESERVATION OF EVIDENCE
5.1 Validation of Original Evidence
5.1.1 Procedures
<Procedure list here such as hashing of hard drive>
5.1.2 Result
<Results here>
5.1.3 Validation
<Validation – Acquisition Hash>
5.2 Imaging
5.2.1 Procedures
<Procedure description>
5.2.2 Result
<Results here>
5.2.3 Validation
< Description of any validation here >
6. INITIAL EVALUATION OF THE EVIDENCE
6.1 Existing Data Details
6.1.1 <First data detail>.
<Description of first data detail>
6.1.2 <Second data detail>
<Description of second data detail>
7. ANALYSIS STEPS
7.1 Procedures
7.1.1 <First procedure followed>
<Detail description of first procedure>
7.1.2 <Second procedure followed>
<Detail description of second procedure>
etc
8. RESULTS
8.1 Pertinent Document Summaries
8.1.1 Document 1 Summary – <document name>
<Description of document and events or evidence, e.g., /var/log/secure>
8.1.2 Document 2 Summary -<document name>
<Description of document and events or evidence>
8.2 Pertinent Images Summary
8.2.1 Image 1 Summary – <name or category of images>
<Description of image(s)>
8.2.2 Image 2 Summary – <name or category of images>
<Description of image(s)>
9. CONCLUSIONS
9.1 Executive Summary
<Overview of the incident>
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
The post finalize following investigative report using following template and attached case study appeared first on Nursing Writers Hub.
