Digital Forensics - Digital Forensics in Cybersecurity

Scenario: You have just been hired by the Department of Justice (DOJ) as a forensic contractor. The DOJ has just completed an audit of a company, in which an investigator discovered a noncompany laptop computer on the corporate network. The investigator’s initial review of network logs indicate the rogue device may have been used to commit internet fraud. The DOJ team of investigators has collected the laptop. The suspect, who is the owner of the laptop, was detained while in the process of destroying evidence on the laptop. Using the AccessData FTK Imager and the DiskDigger applications provided in the Final Performance Assessment Lab Area, you will collect possible evidence of removed, deleted, or damaged files and directories, and you will generate a report identifying your findings. Write a report for the team of investigators by doing the following: A. Describe the process you used to isolate the suspected evidence. Include screenshots of the steps you took while using the AccessData FTK Imager using the screen capture tool built into the virtual lab environment. B. Describe the process you used to discover the missing data. Include a screenshot of steps you used in DiskDigger that includes your name and student ID number. C. Summarize the findings of your investigation and the supporting evidence that implicate the suspect in your investigation. Include screenshots from AccessData FTK Imager and screenshots or reports created in DiskDigger in support of your findings. D. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized. E. Demonstrate professional communication in the content and presentation of your submission.