Scribd
Upload
50 views11 pages

Digital Forensics Assessment 2 Forensics Report

This forensic report, prepared by Brandon Simpson, investigates suspected digital property theft at TechNova Solutions, initiated by concerns over pirated movie downloads. Evidence collected includes a personal computer, external hard drives, and a mobile phone, revealing pirated files and logs of unauthorized downloads. Recommendations include monitoring employee downloads and taking legal action against the suspect based on the findings.

Uploaded by

ceciliaedwards777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
50 views11 pages

Digital Forensics Assessment 2 Forensics Report

This forensic report, prepared by Brandon Simpson, investigates suspected digital property theft at TechNova Solutions, initiated by concerns over pirated movie downloads. Evidence collected includes a personal computer, external hard drives, and a mobile phone, revealing pirated files and logs of unauthorized downloads. Recommendations include monitoring employee downloads and taking legal action against the suspect based on the findings.

Uploaded by

ceciliaedwards777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

DIGITAL FORENSICS

ASSESSMENT 2
FORENSICS REPORT
D&A College

Brandon Simpson
[email protected]
Table of Contents
Forensic Report Details................................................................................3
Background.................................................................................................3
Initial Questions...........................................................................................4
Scene Description........................................................................................4
Inventory of Evidence found at the Scene...................................................4
Sources of Evidence found on Items at Scene.........................................4
Contemporaneous Notes.............................................................................4
Chain of Custody Process............................................................................4
Forensic Tools..............................................................................................4
Forensic Acquisition and Analysis.............................................................4
Output and Findings....................................................................................4
Recommendations....................................................................................4
Forensic Report Details
Name: Brandon Simpson

Position: Digital Forensic Investigator

Telephone: 01382 119119

Employment Duration: 3 years

Qualifications: Mathematics and Cybersecurity Degree

Time: 20/03/2025

Location: Cambridge Office, 234 Prince Street, Cambridge

Background
Who requested the report: Michael Smith, TechNova Solutions

 Reason: The investigation was initiated due to concerns about


suspected digital property theft and unauthorized sharing of the
digital property. This was identified by Michael after he witnessed his
co-worker downloading what looked like pirated movies.

 Aims of this report: The purpose of this forensic report is to


investigate the circumstances surrounding the incident, determine
whether there has been a breach of company policies, and assess
the digital evidence that could indicate criminal activity such as
intellectual property theft or data exfiltration.

Initial Questions
 Questions to be answered:

1. What is the origin of the suspected crime?

2. Were any unauthorized devices accessed?

3. What digital evidence is present and where is it located?

4. Did the evidence suggest intellectual property theft or another


form of fraud?

5. What actions need to be taken to preserve and analyse the


evidence?
Scene Description
Scene description:
The scene involved a workplace office, and the perpetrators personal
computer, a 1tb external hard drive, keyboard and mouse, a mobile
phone, and a drawer that had a diary/journal inside. Upon arrival, the area
was secured by my company, we then restricted access to authorised
individuals within my company, etc. The devices involved were a 1tb
external hard drive, a USB Drive, keyboard and mouse, and a mobile
phone.

How the scene was secured:


The scene was secured by my team, we put up signs throughout the office
stating “Investigation in Progress, Please do not enter.”, preventing
unauthorized access. Any potential physical evidence was properly
documented and photographed before moving forward with digital
evidence acquisition.

Inventory of Evidence found at the Scene


Here’s a list of items found at the scene, with brief descriptions of what
they looked like and what they were connected to during the
investigation:

 PC - Dell FAST Optiplex 7020/9020 SFF Desktop Computer PC - Intel


Core i7 4th Gen (4 cores Upto 3.90GHz), 16GB RAM, 500GB SSD
Storage, 300Mbps USB WiFi, Windows 11 Pro OS (Renewed)
 Mouse and Keyboard - Amazon Basics Rechargeable Wireless
Mouse - Ultra Slim, Quiet Full Size Keyboard with Number Pad, Black.
Connected to the PC
 1TB Storage Drive - Seagate Portable Drive 1TB, External Hard
Drive, Dark Grey, for PC Laptop and Mac, Data Rescue Services,
Amazon Exclusive (STGX1000400). Connected to PC
 USB Drive - Amazon Basics 256 GB, USB 3.1 Flash Drive, Read
Speed up to 130 MB/s, Black. Connected to PC
 Mobile Phone – Black iPhone 11

Sources of Evidence found on Items at Scene


What we expect to find on the devices:

 We expect to find search history and system logs on the PC which


will be beneficial to our investigation as it will allow us to find out if
the culprit was searching for pirated copies of movies and software.
 We expect to find pirated movies and software on the USB Drive as
well as the External Storage Drive.
 We expect to find call logs and conversation history on the culprits
mobile phone, which will allow us to find out if they have been
sharing the copies of pirated software through various social media
or email platforms.

Contemporaneous Notes
Date: 21/03/2025

Time: 01:30pm

Location: Company Office

Persons Present – Brandon Simpson

----------------------------------------------------------------------------------

Notes:

Brandon Simpson arrived at scene

Desktop on lock screen noted and monitor keyboard and mouse

Photographed the crime scene.

Removed power from PC to perform hard shutdown to preserve


evidence.

PC Monitor, Keyboard Mouse - Amazon Basics Rechargeable Wireless


Mouse - Ultra Slim, Quiet Full Size Keyboard with Number Pad, Black.

PC bagged and tagged - evidence number 12457#44

Transported to Bell Street Police station at 11.58 on Monday the


23/03/2025 By PC Jim Bob

----------------------------------------------------------------------------------------------
Date: 23/03/2025

Time: 12:30pm

Location: Company Office

Persons Present: Brandon Simpson

----------------------------------------------------------------------------------

logged in to custody - by PC Jim Bob

-----------------------------------------------------------------------------------

Date

Time

Location

Persons Present

---------------------------------------------------------------------------------------

exact details on how hard drive extracted

What it was hooked up to

write protection measures taken

Imaging Process

Record the hash value generated as a result of the imaging process

Chain of Custody Process


 All digital evidence was secured in line with ACPO (Association of
Chief Police Officers) guidelines and the company’s SOP (Standard
Operating Procedures).
 A chain of custody form was completed, documenting each person
who handled the evidence and at what times. This ensures the
integrity and authenticity of the evidence.

Forensic Tools
Hardware used:

 FTK Imager (for disk image acquisition)

Software used:

 Autopsy (for forensic analysis of disk images)

 Hashing tools (to verify the integrity of the acquired images)

 Assurance of valid output:


The forensic tools used are industry-standard, ensuring the integrity
and validity of the output. The use of hash values during the
acquisition process confirms the evidence has not been tampered
with.

Forensic Acquisition and Analysis


 Acquisition:
The acquisition was performed using FTK Imager, which created an
exact bit-for-bit copy of the device’s storage media. The image was
hashed using SHA-256 to ensure its integrity.

 Analysis:
The image was loaded into Autopsy, and an in-depth analysis was
conducted. This included reviewing file structures, looking for
deleted files, and scanning for evidence of unauthorized software or
file transfers.

Output and Findings


Finding 1:
A folder containing pirated movies, files containing several websites
including download links of pirated movies, and more, was in the root
directory of the PCs hard drive. These files were identified as JPEGs, MP4s
and .txt files

Finding 2:
A log file indicated that the user J Smith downloaded these files on
14/04/2021 at 12:20:52BST, J Smiths intentions were to download and
share these files with people that wish to buy the files. The presence of
files with people that wish to buy the data was copied/downloaded files

Recommendations
Based on the forensic evidence, the following recommendations
are made:

My team has found sufficient evidence to suggest that the


suspect was fully involved in the downloading and sharing of
pirated files.

The company should consider regularly monitoring what their


employees download online to prevent further incidents. They
should also consider

It is recommended that the suspect be formally interviewed, and


appropriate legal action be taken based on the findings.
Appendix

You might also like