Download Cyber Forensics Analysis of a Rogue Laptop and more Thesis Business Accounting in PDF only on Docsity! C840 Task II Cyber_Forensics Background: A rogue laptop has been found on a company network and has allegedly been committing fraudulent activity over the internet. The laptop has been seized and the suspect has been detained. The Department of Justice has been tasked with executing a forensic analysis on the hard drive for any deleted or hidden evidence of internet fraud. Process: To perform the forensic analysis of the hard drive, the forensics team used two programs. The first program is AccessData FTK Imager, which was used to create an identical image of the suspectās hard disk and copy the specified location of āForensic (H:)ā. The second tool that was used is Disk Digger, a forensic analysis tool that allowed me to view all sectors of the hard drive and reveal any deleted files. The steps take to copy the hard drive and analyze the image for evidence is documented in the images below along with descriptions. Step 1: Preparing the drive where the disk would be copied to through formatting as NTFS. This ensures that there is nothing else on the drive. Step 2: I initiated AccessData FTK Imager and selected āCreate Disk Imageā from the File tab within the program. Logical drive was selected and the next button was pressed. Step 3: Drive G: was selected for the image source. The add button is selected. Raw(dd) data was selected as the destination type after the add button is selected. Step 7: After opening Disk Digger, the drive that the image was copied to (H:) is selected from the main menu Step 8: After selecting the H: drive, the dig deeper option is selected to allow deleted files to populate in the results shown in steps 10-14 Step 9: By default, all file types are selected. The next button is pressed. Step 12: Two of the files found are PDF documents. Step 13: Two of the files found are Microsoft Word documents. Step 14: One of the files found on the drive is a Microsoft Excel document. Findings: Using AccessDataFTK and Disk Digger I was able to complete a forensic analysis on the suspectās drive. Based on the images and Excel spreadsheet found on the drive, it can be confirmed that the suspect was committing internet fraud and deliberately attempted to hide the evidence by deleting it. The images found depict an award letter from the Florida State Lottery with incorrect contact information, spelling, and grammar, while the Excel spreadsheet contained a list of several email addresses. I have included the images and screenshots in this report for reference. ibs |) SBE || DANSK || DEUTSCH |) ENGLISH |) ESPAROL || FRANGAIS || ISLENSKA || ITALIANO || 545i || $133 || NEDERLANDS
| NORWEGIAN || PORTUGUES | POLSKI | PYCCKHM | SUOMI || SVENSK
CONGRATULATIONS!
YOU WON! YOU WON! YOU Won!
Where do You Want Us to Send Your Prize?
etree
el can Kx.
es rn HOUR INFO HLL NOT
ame (BE SHARED Wr ANYONE
āYour entry confirmations, dally resus and sponsored advertising mestages will De va7t by Ā© mail from Freeiotte.
Recovered Image III
Screen capture of Excel spreadsheet with email addresses labeled āTARGETSā