Investigative Conclusion and Testimony

SECTION I
In the course of this investigation you, as the Data Security Analyst for Allied Technology Systems, have or will need to interview (or perhaps “interrogate”) several people to provide context for the evidence you have collected as well as the rational for your searches. Allied Technology Systems management is asking for everything to be documented and would like you to provide them responses to the following pieces of information:
• Provide a list of people you believe should be interviewed for this investigation and how they relate to the investigation.
• Provide a narrative description of the interview setting and the intended process, before, during, and following the interview (remember that depending on the type of interview, the setting may be different).
• Explain to the management why these stages are important to a successful interview and investigation.

After seeing you search Mr. Jackson’s work area and take several pieces of evidence, Ms. Suzanne Fleming who works in the office across the hall, comes forward with an odd story. Ms. Fleming states that she is Mr. Jackson’s fiancé, but lately things in their relationship had begun to sour. She produces a thumb drive she says Mr. Jackson gave her earlier that day. She tells you Mr. Jackson told her to “keep it safe” and asked her to bring it home with her at the end of the day. Ms. Fleming tells you she really likes her job and has no interest in being wrapped up in whatever Mr. Jackson has done to invite negative attention.
1. The laboratory has asked you to write a short summary of what information you want them to look for on the submitted thumb drive. Identify, for the lab, what digital evidence you would like them to look for and explain why that evidence would be important to the case.
2. Because you are the most familiar with the investigation, Mr. Roberts is asking you to brain storm all the locations outside of Mr. Jackson’s immediate work space where pertinent digital evidence might be found to help with your intellectual property theft case. Identify all of these locations, including places where police would have to be involved to search. Identify what places are eligible for the company to search, and which ones would require police involvement. Support your inclusion of each location with a short description of what type of evidence might be found there

Now, assume a different character for the purpose of this next segment of the assessment… You are a forensic examiner at the above mentioned Allied Technology Systems lab. After receiving the package from the Data Security Analyst in the field, you sign the chain of custody form and get set to begin your examination.
3. After taking the thumb drive out of storage, you, as the digital forensics analyst, sit down to examine the data. (Presume all personal protective equipment discussed in the course readings is already in place.) Prior to looking through the data contained on the device, you have to make a forensic image. Document what step you take prior to making the image and why this step is important to your overall case. Explain your actions and reasoning thoroughly.
4. Write a response to the following email that you have received:

This question has been answered.

Get Answer

Leave a Reply