Question

Final Project

PART 1

In the course of this investigation you, as the InfoSec Specialist for Makestuff Company, have or will need to interview (or perhaps "interrogate") several people to provide context for the evidence you have collected as well as the rational for your searches .

• Provide a list of people you have or will interview. 
• Provide a narrative description of the interview setting and the intended process, before, during and following the interview.
• Explain why these stages are important to a successful interview and investigation.

PART 2

For the purpose of the first part of your final Project, you are still the InfoSec Specialist for Makestuff Company. Consider this project a continuation of the work you performed in Projects 1 and 2.

After seeing you search Mr. Yourprop’s work area and take several pieces of evidence, Ms. Maria Friend, who works in the office across the hall, comes forward with an odd story. Ms. Friend states that she is Mr. Yourprop’s fiancé, but lately their relationship has begun to sour.

She produces a thumb drive she says Mr. Yourprop gave her earlier that day. She tells you Mr. Yourprop told her to “keep it safe” and asked her to bring it home with her at the end of the day. Ms. Friend tells you she really likes her job and has no interest in being wrapped up in whatever Mr. Yourprop has done to invite negative attention.

1.     How would you package the thumb drive for shipment to the lab? Be specific as to what materials you would use, and why?

2.     What would you ask the lab to look for on the submitted thumb drive, and why?

3.     Are there any locations outside of Mr. Yourprop's immediate workspace where pertinent digital evidence might be found to help with your intellectual property theft case? Explain thoroughly.

Now, please assume a different character for the purpose of this next segment of the Project.

You are a forensic examiner at the Makestuff Company lab. After receiving the package from the InfoSec Specialist in the field, you sign the chain of custody form and get ready to begin your examination.

4.     How would you protect this thumb drive from the time you receive it up through the time you create a forensic image for examination? Why is this protection important to your overall case? Explain thoroughly.

5.      Discuss at least three forensic examination/analysis tools that could be used by you or Makestuff Company's other digital forensic analysts to process/analyze the thumb drive you received. Be specific. Include the manufacturer of each tool and list each tool's capabilities.

Fortunately, the InfoSec Specialist was on his/her game, and ALSO sent you copies of several files, reported to be the source code of “Product X”.

6.     What is hashing? How could you take advantage of it in this case to attempt to determine if Mr. Yourprop’s thumb drive contains copies of the source code? Explain thoroughly.

You complete your laboratory examination and return the evidence, along with your report, to the InfoSec Specialist at the field office.

Now, back at the field office, you (you are again the InfoSec Specialist) receive the report from the Makestuff Lab, which shows that the complete “Product X” source code was found on Mr. Yourprop’s thumb drive. In addition, while the evidence was at the lab for examination, you determined it is also likely that Mr. Yourprop emailed copies of the source code to his personal email address.

7.     Do you recommend reporting the crime to law enforcement? Why or why not? Are private companies required to report crimes to law enforcement?

The decision is ultimately made to report the theft to law enforcement and, using primarily the evidence you developed during your investigation, Mr. Yourprop is brought to trial for the crime. You (as the forensic examiner from the Makestuff Lab) are qualified as an expert witness and called to testify.

8.     What is the significance of you being qualified as an expert witness? How is it different from being a simple fact witness? Explain thoroughly.

9.     While you are on the stand, the defense asks you the following question based on the fact that you write a personal blog about digital forensics in your off-time, from which it appears you are a staunch supporter of law enforcement:

       " How do we know you were not just a "police hack" in this case, choosing to report only what would help law enforcement and your company's bottom-line in this case?

               How would you respond?

Project Requirements:

• Discuss thoroughly.  Each question should be answered with a minimum of 1-2 paragraphs, so do your research, be specific, be detailed, and demonstrate your knowledge;
•  Answers to the above questions should be submitted in a single document (.DOC/.DOCX, .RTF, or .PDF), with answers separated so as to make it clear which question is being answered;
•  The submission should have a cover page, including course number, course title, title of paper, student’s name, date of submission;
•  Format: 12-point font, double-space, one-inch margins;
•  It is mandatory that you do some research, and utilize outside resources! References page: APA citation style (seehttps://owl.english.purdue.edu/owl/resource/560/01/ for help).