Need assistance with creating an image with dd windows, pro discover basic and FTK

profileavvipersonal
lab_4.docx

INFA650: Lab3, 1

Lab 4 E-mail Forensics

The purpose of this lab is to learn more about forensic analysis of e-mail using FTK to present evidence and create a report.

Use the version of FTK (1.81.2) available on the Nelson textbook CD or downloaded from the shared course drive to process the Lab file under Course Content.

As with other labs, it is important in this lab to not only discuss the processes and results but also show them. Make sure take screenshots and discuss them. Please make sure to embed them in your document and label them (e.g., Lab4-Image1: Complete E-Mail Header).

Assignment

For this lab, analyze the <Jim_Shu.pst> file to collect and present evidence that implicates him in industrial espionage. Jim's company suspects him of selling designs and other information to a competitor. The company has hired you to collect and present evidence that supports their suspicions.

You will need the image in the Course Content called Lab4.pst

1. Use FTK to analyze all e-mail messages found in the pst file.

2. Find correspondence that supports the company's suspicions. The company wants a solid case, so showing the information was exchanged is important.

3. Write a report that will be presented to the company that includes screens of e-mail messages to support your findings.

Deliverable

In the assignment folder under Lab4, turn in your answer via a word processed document. Use an appropriate filename:

yourLastName-Lab4

Check the General Course Information under "Course Content" or go directly there from http://polaris.umuc.edu/~area/INFA620/ for acceptable file types.