Last modified on 11 January 2011, at 14:14

Analysis example

This example task will let you try your hand at a simple digital media analysis, it is constructed like a simple forensic investigation and will require you to:

  • Defining the scope of your analysis
  • Search the evidence for
  • Make a simple conclusion about the evidence
What you will need

For this analysis we provide an example acquired media, which you can download and perform an analysis on:

  • FTK 1.8.X trial version
  • Example acquired media (download link)

ScenarioEdit

MI5 officer Fred Bloggs has been accused of divulging secret information to an unknown foreign spy. His computer has been seized and is to be examined for relevant evidence. The computer comes from Bloggs' office which has an internet connection but is filtered only to allow web browsing.

It is believed Bloggs is using a private email account to send secret information out of his office, but this is not confirmed.

Define your scopeEdit

Reminder

Earlier in this chapter we discussed the idea of defining the aims of your investigation and using that to evolve a scope for your analysis.

Task
  • Write down the aims of the investigation (what is to be proven)
  • List the types of evidence that will be useful
  • Now list the types of evidence that are unlikely to be useful

AnalysisEdit

Draw a conclusionEdit

Introduction to Digital Forensics
Example2