Analysis example
This example task will let you try your hand at a simple digital media analysis, it is constructed like a simple forensic investigation and will require you to:
- Defining the scope of your analysis
- Search the evidence for
- Make a simple conclusion about the evidence
- What you will need
For this analysis we provide an example acquired media, which you can download and perform an analysis on:
- FTK 1.8.X trial version
- Example acquired media (download link)
Scenario
editMI5 officer Fred Bloggs has been accused of divulging secret information to an unknown foreign spy. His computer has been seized and is to be examined for relevant evidence. The computer comes from Bloggs' office which has an internet connection but is filtered only to allow web browsing.
It is believed Bloggs is using a private email account to send secret information out of his office, but this is not confirmed.
Define your scope
edit- Reminder
Earlier in this chapter we discussed the idea of defining the aims of your investigation and using that to evolve a scope for your analysis.
- Task
- Write down the aims of the investigation (what is to be proven)
- List the types of evidence that will be useful
- Now list the types of evidence that are unlikely to be useful