Support documents for Assignment 2 & 3

peekay12

assignment3.docx

Home >Law homework help >Criminal homework help >Support documents for Assignment 2 & 3

DIGITAL EVIDENCE FORENSIC REPORT

Your Logo Here

Your address here

CASE INFORMATION:

Agency Case #:		Originating Agency Case #:

[removed] #:		[removed] #:	Remedy#:

Distribution:	\|_\| [removed] \|_\| [removed] \|_\| [removed] \|_\| IT \|_\| [removed] \|_\| Internal Audit \|_\| Emp. Relations \|_\| CI \|_\| Other:

Date/Time Report Completed:		Date/Time Incident Occurred:

Type of Report:

INVOLVED:

\|_\| Involved	\|_\| Witness	\|_\| Complainant	\|_\| Mentioned
Name:	Last:		First:		Title:
Mailstop:		Email:
Cell Phone:		Work Phone:		Employee #:

\|_\| Involved	\|_\| Witness	\|_\| Complainant	\|_\| Mentioned
Name:	Last:		First:		Title:
Mailstop:		Email:
Cell Phone:		Work Phone:		Employee #:

\|_\| Involved	\|_\| Witness	\|_\| Complainant	\|_\| Mentioned
Name:	Last:		First:		Title:
Mailstop:		Email:
Cell Phone:		Work Phone:		Employee #:

OFFICIAL USE ONLY

[Agency] Case #:

Page 1 of 1

OFFICIAL USE ONLY

[insert scanned signature here]

Insert Name

Insert Title

Page 2 of 4

OFFICIAL USE ONLY

CLASSIFICATION LEVEL HERE

May be exempt from public release under the Freedom of Information Act (5 U.S.C. 552) exemption number and category: 7, Law Enforcement

Department of Name of Agency review required before public release

Name/Org: Your name/org Date:

Guidance (if applicable):

SUMMARY:

EVIDENCE SUBMITTED:

Item #

SOFTWARE UTILIZED

All software utilized in this examination is fully licensed and registered to [Agency Name] or its agents. All software and forensic hardware has been validated pursuant to [Agency Name] policies and procedures.

FORENSIC EXAMINATION OF EVIDENCE

ITEM #1

Item #1 – Can be described as

[insert photo here]	[insert photo here]
[insert photo here]	[insert photo here]

HASH OF ORIGINAL EVIDENCE

The original media was connected to a forensic hardware write blocker (asset tag #) and the write blocker connected to a forensic computer (asset tag #). Prior to doing anything with the original media, the media was hashed to obtain a baseline hash value. This allows the hash value of the original media to later be compared to the hash value of the forensic image created of the original media. By comparing the hash values of the original media and that of the forensic image, the forensic image can be authenticated as an exact duplicate copy of the original evidence.

The hash values obtained from the original evidence were as follows:

|_| MD5:

|_| SHA1:

|_| Other:

FORENSIC IMAGING

After obtaining the hash value(s) of the original media, a forensic image was created. The forensic image was placed on a:

|_| Government owned, forensically wiped hard drive

|_| Government owned, forensically wiped Storage Area Network (SAN)

The forensic imaging software utilized in this process creates an imaging report, detailing the hash value(s) of the newly created forensic image. The hash value(s) of the forensic image was compared to the original hash value obtained prior to imaging the device. The hash value(s) of the forensic image:

|_| Matched exactly the hash value(s) of the original media.

|_| Did not match the original hash value(s) of the media. If checked, provide explanation below.

VIRUS AND MALWARE

The original media was scanned for malware. Prior to the scan, all malware definitions were updated. The results were:

|_| No malware detected.

|_| Malware detected. If checked, identify and report on malware located below.

DRIVE GEOMETRY

BIOS EXAMINATION

Once the hard drive was removed, the computer was turned on and the BIOS (Basic Input/Output System) checked. The following was found:

|_| The date and time were accurate.

|_| The date was accurate, but the time was inaccurate. List time offset from correct time:

|_| The time was accurate, but the date was inaccurate. List date offset from correct date: