BIT362-Digital Forensics
Assignment Overview
For this assignment Part (A) you need to answer all the questions. For Part (B) you will be given a digital Image. Fail to use this image will result in a zero for the assignment. You are not allowed to change the image.
Part (A):
• You’re investigating an internal policy violation when you find an e-mail about a serious assault for which a police report needs to be filed. What should you do? Write 200 words specifying who in your company you need to talk to first and what evidence must be turned over to the police.
• Write 500 to 800 words explaining the following fundamental concepts from the perspective of digital forensics
a.Sectors
b.Clusters
c.File Systems
d.Master File Table (MFT)
e.Master Boot Record (MBR)
Part (B)
Your task is to complete and write Digital Forensics Examiners Report that addresses the following case scenario:
You need to 1) download and install the Autopsy, 2) download the Image.E01 image using your MP email, 3) start your investigation using Autopsy. 4) Write a Case Narrative Digital Forensics Examiner Report Document and describe your process (with screenshot) to answer the following questions:
1. What is the image hash?
2. What operating system was used on the computer?
3. When was the install date?
4. What is the timezone settings?
5. Who is the registered owner?
6. What is the computer account name?
7. What is the primary domain name?
8. When was the last recorded computer shutdown date/time?
9. How many accounts are recorded (total number)?
10. What is the account name of the user who mostly uses the computer?
11. Who was the last user to logon to the computer?
12. A search for the name of “Wes Mantooth” reveals multiple hits. One of these proves
that Wes Mantooth is the administrator of this computer. What file is it?
13. List the network cards used by this computer
14. Find installed programs that may be used for Digital forensics/hacking.
15. Which Email client is used by Mantooth?
16. How many executable files are in the recycle bin?
17. How many files are actually reported to be deleted by the file system?
18. Are there any viruses on the computer?
19. There is encryption software installed on the Mantooth computer?
20. What the most visited Internet domain and how many times it was visited ?
