APA (edition "APA 7") Computer Science

Discussion – Network Evidence

NEED THIS DONE IN 1 HOUR WITH REFERENCES

DISCIPLINE: DIGITAL FORENSICS

Discussion – Network Evidence

Using the following scenario, identify one potential source of evidence* and explain one method for how you could preserve and use it in your investigation. Be sure to address why it is likely to contain relevant evidence.

The Scenario

John and Jane recently resigned from BIG Company. Their former employer, Bob has just found out that they have started work for a competing company, SM Company. A number of BIG Company clients have since started using the services of SM Company and Bob suspects that before leaving John and Jane stole the client details and product blueprints from BIG Company.

BIG Company had strict policies in place regarding data security and all computer USB ports were disabled (with glue!). John and Jane both had company workstations, which have been returned to circulation, however, company policy is to retain the hard drives of employees who leave, so these are still available. All company systems use Windows 7 operating systems and the product blueprints are stored on a Windows 2008 file server. The operating systems were locked down and domain policy prevented users from installing software on them. All internet access was through the company firewall (a Cisco ASA 5525-X) although minimal egress filtering was used. The company client list was stored on a custom CRM system built using Microsoft SharePoint.

* For the purposes of this exercise when talking about a source of evidence we are looking for more than just “the hard drive”. What specific log file, operating system or application artifact would you be checking?