Finalize the following investigative report using the following template and the attached case study

The Case

Abstract

Accuracy International (AI) is a specialist British firearms manufacturer based in Portsmouth,

Hampshire, England and best known for producing the Accuracy International Arctic Warfare

series of precision sniper rifles. The company was established in 1978 by British Olympic shooting

gold medallist Malcolm Cooper, MBE (1947–2001), Sarah Cooper, Martin Kay, and the designers

of the weapons, Dave Walls and Dave Craig. All were highly skilled international or national target

shooters. Accuracy International's high-accuracy sniper rifles are in use with many military units

and police departments around the world. Accuracy International went into liquidation in 2005, and

was bought by a British consortium including the original design team of Dave Walls and Dave

Craig.

Earlier this year, AI's computer network was hit by a data stealing malware which cost thousands of

pounds to recover from. Also last year there have been a couple of incidents of industrial

espionage, involving staff who were later sacked and prosecuted.

As part of an ongoing covert investigation, the head of Security at AI (DG) has hired you to

conduct a forensic investigation on an image of a USB device. The USB device, it is a non-

company issued device, allegedly belonging to an employee Christian Macleod, a consultant and

technical manager at AI for more than six years.

Case details Christian’s manager, David Bolton, is the regional manager and head of R&D and has been

working at AI for the last three years. David initiated this fact finding covert investigation which is

conducted with the support of the head of Security at AI.

The USB device in question allegedly was removed from Christian's workstation at AI while he

was out of the office for lunch, the device was imaged and then it was plugged in back into

Christian's workstation. You have been provided with a copy of that image (the original copy is at

the moment secure in a secure locker at the security department).

You have been told by DG that Dave was alarmed by some of the work practices of Christian and

that prompted him to start this investigation by contacting the Head of Security at AI. According to

Dave, Christian would bring in devices such as his iPod and his iPhone and he would often plug

these into his workstation. There is no policy against personal music devices and there is no

BYOD policy but there is a strict policy against copying corporate data is any personal device. The

company's policy states that such data is not to be stored unencrypted, on unauthorised, non

company approved devices. According to DG, Dave has reasons to believe that an earlier malware

infection incident at AI had its origins in one of Christian's personal devices.

Supporting information

1. You need to be aware that Dave and Christian do not get along as they had a few verbal exchanges

in the last year. Christian has filled in a complaint following the latest (last month's) heated verbal

exchange during which was Dave was overheard by a number of other employees threatening

Christian.

2. This rivalry has its roots in Dave's promotion. According to his co-workers, Christian claims that

this was supposed to be his promotion to regional manager and head of R&D but Dave was

promoted instead due to his friendly connection with the CEO of AI.

3. An earlier issue that needs to be highlighted here is that according to what some staff at AI

suggested, Dave might have a grudge against Christian as a result of a matter of personal nature

(Christian dated Dave's girlfriend, Annabelle, now Dave's fiancée. That was before she met Dave).

4. Both Christian and Dave live in Portsmouth (Christian lives in a house in 54 Auckland Road East

Portsmouth, Southsea and drives a silver Peugeot.

5. Dave lives in Saint Helens Parade/Granada Road, Saint Helens Court, Portsmouth, 6th floor

and he drives a red Peugeot.

What do you have to do · Your task is to conduct a thorough forensic investigation on the USB image you have been

provided with.

· You are responsible for identifying what this should include (e.g. the overall approach, the

practices, the methodologies, the tools, the analysis, adhering to relevant legislation etc.).

· You will have to structure, present your findings and support any conclusions with evidence.

Important: This investigation is part of a covert operation and as you do not know what exactly is

happening you have to follow every possible lead and fully document your work. You cannot rush

into conclusions without backing up your findings with relevant evidence. Any inconsistency in

your evidence, your conclusions or your practises can invalidate your investigation and can make

your evidence inadmissible in a court of law.

There is the potential that the USB image that you will be forensically examining contains anything

ranging from unrelated to the case personal files, to extremely confidential corporate data. Proceed

with due care and a computer forensics mind set.