Beruflich Dokumente
Kultur Dokumente
KINDRA SMITH
Module 7 Final
(585) 777-7777
website.
Table of Contents
Company Background 4
Examination Details 6
Conclusion 8
References 9
M57 DIGITAL FORENSICS REPORT 4
COMPANY BACKGROUND
The company M5K.biz has two founders, a President named Alison Smith, and a Chief
Financial Officer (CFO): Jean Jones, some programmers: Bob, Carole, David and Emmy who
work out of their homes and have daily online chat session; along with weekly in-person
meetings at office park. For the marketing team we have Gina and Harris then Indy as the
developer, which all work out of hotel rooms or Starbucks, since they are mostly on the road but
Jean Jones the CFO was hired by M57.biz the small start-up company and was suspected
of sending an email. The email was involving the exfiltration of a corporate document found
only available for distribution from Jean Jones laptop. The confidential spreadsheet contained the
names and salaries of the company’s key employees and was found posted to the “comments”
During the interview Alison didn’t know what Jean was talking about and that she never
asked for or received the spreadsheet via email but Jean mentioned that Alison asked her to
prepare the spreadsheet as part of a new funding round and to send to her via email.
To conduct an efficient and effective investigation, the use of Autopsy 4.7.0 was used to
ensure that digital evidence was collected, preserved, examined, and transferred in a manner
safeguarding the accuracy and reliability of the evidence. Before the evidence was collected, I
had to ensure that I had the legal authority to identify, collect, and preserve the digital evidence.
Individuals lose Fourth Amendment protection in their computer files if they relinquish control
of files to a third party and I made sure the copy I had was not touched or tampered with before
forensics is a branch of forensic science encompassing the recovery and investigation of material
found in digital devices, often in relation to a computer crime. Here with M5K some PII was
M57 DIGITAL FORENSICS REPORT 6
released through email. The example of PII was the SSN’s and though my job was just to see
what happened with the email and who it was sent to. I will not be able to further the
EXAMINATION DETAILS
Digital evidence is evidence in electronic form and It can take a variety of forms (media,
information, transaction) and can come from many sources (computers, smartphones, wearables,
printers, home routers) (Wikipedia, 2018). The process used to collect and analysis the data off
Jean’s hard drive was provided and forensics were ran utilizing the software Autopsy 4.7, as
In Images above the Autopsy tool was used to process and analyze the files from nps-2008-
jean.E01. Jean and Alison’s pst files were searched for the spreadsheet named m57plan.xlsx.
Figure 1.
M57 DIGITAL FORENSICS REPORT 7
Figure 2.
Figure 3.
M57 DIGITAL FORENSICS REPORT 8
CONCLUSION
After searching every folder and pst files for clues, which lead me to nothing of value and
then remembered that Jean mentioned in her interview that she sent the email. I believe her email
was phished by the dreamhost email address shown in Figure 4 below. I would also recommend
further investigation to make sure the SSN’s were not compromised and dig deeper into the
email from dreamhost. As personal information, private conversations, photos, financial and
health data should be protected from hackers and criminals (Cook, 2016).
Figure 4
M57 DIGITAL FORENSICS REPORT 9
REFERENCES:
https://en.wikipedia.org/wiki/Digital_forensics
https://resources.infosecinstitute.com/category/computerforensics/introduction/commercial-
computer-forensics-tools/tool-comparison/#gref
Cook, T. (2016, February 16). A Message to Our Customers. Retrieved November 19,