Running head: M57 DIGITAL FORENSICS REPORT 1

DIGITAL FORENSICS REPORT

KINDRA SMITH

DECEMBER 10, 2018

UNIVERSITY OF SAN DIEGO

CSOL 590 Fall 2018

Module 7 Final

Professor Michelle Moore

M57 DIGITAL FORENSICS REPORT 2

DIGITAL FORENSICS EXAMINER: Kindra Smith

University of San Diego, Digital Forensics Expert

San Diego, California

(585) 777-7777

DETECTIVE NUMBER: #777

SUBJECT: Digital Forensics Examination Report

OFFENCE: Confidential spreadsheet sent via email containing

names and salaries of employees was found posted

in “comments” section of the firm’s competitor’s

website.

ACCUSED: Chief Financial Officer (CFO) Jean Jones

DATE OF REQUEST: Nov. 07, 2018

DATE OF CONCLUSION: Dec. 10, 2018

M57 DIGITAL FORENSICS REPORT 3

Table of Contents

Company Background 4

Questions relevant to the case 5

Evidence provided to search 5

Examination Details 6

Conclusion 8

References 9
M57 DIGITAL FORENSICS REPORT 4

COMPANY BACKGROUND

The company M5K.biz has two founders, a President named Alison Smith, and a Chief

Financial Officer (CFO): Jean Jones, some programmers: Bob, Carole, David and Emmy who

work out of their homes and have daily online chat session; along with weekly in-person

meetings at office park. For the marketing team we have Gina and Harris then Indy as the

developer, which all work out of hotel rooms or Starbucks, since they are mostly on the road but

do have In-person meetings once every two weeks.

Jean Jones the CFO was hired by M57.biz the small start-up company and was suspected

of sending an email. The email was involving the exfiltration of a corporate document found

only available for distribution from Jean Jones laptop. The confidential spreadsheet contained the

names and salaries of the company’s key employees and was found posted to the “comments”

section on one of the firm’s top competitors’ website.

M57 DIGITAL FORENSICS REPORT 5

QUESTIONS RELEVANT TO THE CASE

During the interview Alison didn’t know what Jean was talking about and that she never

asked for or received the spreadsheet via email but Jean mentioned that Alison asked her to

prepare the spreadsheet as part of a new funding round and to send to her via email.

 Was the email sent from Jean Jones?

 Did Alison receive the email?

 How did the document get on the competitor’s website?

EVIDENCE PROVIDED TO SEARCH

To conduct an efficient and effective investigation, the use of Autopsy 4.7.0 was used to

ensure that digital evidence was collected, preserved, examined, and transferred in a manner

safeguarding the accuracy and reliability of the evidence. Before the evidence was collected, I

had to ensure that I had the legal authority to identify, collect, and preserve the digital evidence.

Individuals lose Fourth Amendment protection in their computer files if they relinquish control

of files to a third party and I made sure the copy I had was not touched or tampered with before

the company turned over to investigate. In my experience as a Forensics Investigator, Digital

forensics is a branch of forensic science encompassing the recovery and investigation of material

found in digital devices, often in relation to a computer crime. Here with M5K some PII was
M57 DIGITAL FORENSICS REPORT 6

released through email. The example of PII was the SSN’s and though my job was just to see

what happened with the email and who it was sent to. I will not be able to further the

investigation as the evidence allowed me to examine the hard drive.

EXAMINATION DETAILS

Digital evidence is evidence in electronic form and It can take a variety of forms (media,

information, transaction) and can come from many sources (computers, smartphones, wearables,

printers, home routers) (Wikipedia, 2018). The process used to collect and analysis the data off

Jean’s hard drive was provided and forensics were ran utilizing the software Autopsy 4.7, as

shown in figures 1-3 below.

In Images above the Autopsy tool was used to process and analyze the files from nps-2008-

jean.E01. Jean and Alison’s pst files were searched for the spreadsheet named m57plan.xlsx.

Figure 1.
M57 DIGITAL FORENSICS REPORT 7

Figure 2.

Figure 3.
M57 DIGITAL FORENSICS REPORT 8

CONCLUSION

After searching every folder and pst files for clues, which lead me to nothing of value and

then remembered that Jean mentioned in her interview that she sent the email. I believe her email

was phished by the dreamhost email address shown in Figure 4 below. I would also recommend

further investigation to make sure the SSN’s were not compromised and dig deeper into the

email from dreamhost. As personal information, private conversations, photos, financial and

health data should be protected from hackers and criminals (Cook, 2016).

Figure 4
M57 DIGITAL FORENSICS REPORT 9

REFERENCES:

Wikipedia. (2018, December 10). Retrieved from

https://en.wikipedia.org/wiki/Digital_forensics

Infosec Institute. Comparison of popular computer forensics tools. Retrieved on

December 10, 2018 from

https://resources.infosecinstitute.com/category/computerforensics/introduction/commercial-

computer-forensics-tools/tool-comparison/#gref

Cook, T. (2016, February 16). A Message to Our Customers. Retrieved November 19,

2018, from https://www.apple.com/customer-letter