Windows Forensics Aritifacts

Identify and (thoroughly) discuss two specific Windows forensic artifacts (other than in the Registry) that would likely be found on Mr. Informants assigned OOO workstation, which you believe could contain key evidence (related to the data leakage case scenario). Refer back to your Week 5 and Week 6 readings, if you are stumped!( locate it at the buttom of the question)

At a minimum, detail the names of the artifacts, the form and nature of the data they contain, where they would or could be found on Mr. Informants workstation, and provide specific examples of information you might find in this case (given the scenario) via examination of those artifacts that would be potentially inculpatory (i.e., tending to incriminate the suspect or indicate he perpetrated the alleged actions – in this case, theft of intellectual property) or exculpatory (i.e., tending to support or indicate the subject did not perpetrate the alleged actions).

WEEK 5 READINGS: As you sit at your desk in the OOO IT Security Office, one of your fellow digital forensic investigators approaches you and says that she found what appears to be Mr. Informants login and password for his personal Dropbox account during her examination of one of his OOO-owned work computers. She asks you whether she should use his credentials to log onto Mr. Informants personal Dropbox account to search for OOO intellectual property.

DATA LAKE SCENARIO:

Mr. Iaman Informant was working as a manager of the Technology Development Division for famous international company OOO, which develops state-of-the-art technologies and gadgets.

One day, at a place that Mr. Informant visited on business, he received an offer from Spy Conspirator, an employee of a rival company, to leak sensitive information related to OOOs newest technology. Mr. Informant decided to accept the offer in exchange for large amounts of money, and he began working on a detailed plan to leak the desired data.

Mr. Informant made a deliberate effort to hide his actions and prevent his plan from being uncovered. He discussed it with Mr. Conspirator via e-mail, pretending like they had a legitimate business relationship. He also sent samples of confidential information through his personal cloud storage service. After receiving the samples, Mr. Conspirator asked for direct delivery of storage devices containing the remaining (large volume of) data.

OOOs information security policies include the following:

  • Confidential electronic files should only be stored on authorized external storage devices and secured network drives.
  • Confidential paper documents and electronic files may only be accessed within an allowed time range (from 10:00 AM to 4:00 PM) and with the appropriate permissions.
  • Unauthorized electronic devices (such as laptops, portable storage, and smart devices) may not be carried onto the company.
  • All employees are required to pass through the Security Checkpoint system upon entering or exiting the building.
  • Possession of any storage devices (such as HDDs, SSDs, USB memory sticks, and CD/DVDs) is forbidden under the Security Checkpoint rules.

In addition, although the company managed separate internal and external networks, and used DRM (Digital Rights Management) / DLP (Data Loss Prevention) solutions in their information security infrastructure, Mr. Informant had sufficient privileges to bypass them. He was also very interested in IT (Information Technology), generally, and had some knowledge of digital forensics.

Despite the risk, Mr. Informant attempted to leave the building with storage devices in his possession, but he and his devices were detected at the security checkpoint, leading to suspicion that he may have been trying to steal OOO data.

The devices in Mr. Informants possession (a USB thumb drive and a CD-R) were briefly reviewed at the security checkpoint (protected with portable write blockers), but there was no obvious evidence of any leakage. As such, the devices were subsequently transferred to the digital forensics laboratory for further analysis.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.

Related Posts

All Rights Reserved Terms and Conditions
College pals.com Privacy Policy 2010-2018