Beruflich Dokumente
Kultur Dokumente
Technical Report
and Findings
Re: Jane Doe
Analyst: John Smith
Company: LMU Forensics
Customer: AET Police
Contact: DC 697 Calvert
Date of Production: April 2011
Contents
1.
2.
3.
4.
5.
4.2.
4.3.
5.2.
Image Analysis....................................................................................................................... 8
2.2.
3.2.2.
Exhibit Number
EMB/1
MC/1
Seal Number
W561891
D0189671
Description
HP Compaq Computer
Camera
The exhibit was visually examined and the physical attributes and
Item
Type
Make
Model
Serial Number
System Date &
Time
Accurate Date &
Time
Description
Computer tower
HP Compaq
D53102
YTR6589FGH
01/04/2009 00:04
01/04/2011 12:04
4.3.
4.3.1.
A Forensic image was made of the exhibit using FTK Imager, version
Image has not been altered this is referred to as an MD5 hash. Details of
the MD5 hash are provided in Table 3.
Table 3 Exhibit Details
Hash Type
Acquisition
Verification
MD5 Hash
362ea11db90f7e6822b13458669906d1
362ea01db90a7e1822b13458649906d1
Note
Match
from the exhibit. These details are recorded in Table 4. This information
shows that the computer has been active for the period 1st January 2006
until 5th April 2011 by the suspect, Jane Doe.
Table 4 Operating System Details
Item
Operating System
Installed
Last Shutdown
Registered Owner
Registered Organisation
Description
Microsoft Windows Vista
01 Jan 2006 07:37
05 Apr 2011 15:08
Jane Doe
N/A
Due to the restrictions of the Forensics software EnCase only the formats
GIF, BMP and JPG can be recovered and reviewed. Therefore analysis is
concentrated on these file types.
5.2.2.
All GIF, BMP and JPG images were recovered from the exhibit; this
was a total of eighty eight thousand one hundred and fifty seven
(82,157) images for review. It was possible to reduce the number of images
for review to twenty seven thousand and seventeen (27,017).
5.2.3.
Following review of the images a total of fifty seven (57), of what are
5.2.4.
Advisory Panel grading scale, see Table 5. This identified that all the images
were gradable at level 4.
Table 5 SAP Guidelines
Level
1
2
3
4
5
5.2.5.
Description
The location of the images was reviewed, this identified that all of the
thumbs.db file present within the folder. This shows that not only had the
suspect, Jane Doe, downloaded the file she had subsequently gone on to
view each of the files individually.
5.2.7.
These images are now produced on CD-R as exhibit JS/2. This disc is
Appendices