CCJS 321 Digital Forensics in the Criminal Justice System Project 2 and 3

Asked by nerdygirl
Dated: 10th Sep'17 02:17 PM
Bounty offered: $53.00
Project #2 - Investigative Collection of Evidence

No directly quoted material may be used in this project paper. Resources should be summarized or paraphrased with appropriate in-text and Resource page citations.

For the purpose of this Project, you are still the InfoSec Specialist for the Greenwood Company. Consider this project a continuation of the work you performed in Project 1. In this portion of the investigation, you are ONLY collecting the physical evidence. You will NOT be handling the digital data during this stage of the investigation. (This step will be discussed in the Final Project.) You should limit your "care and handling" of each piece of evidence to the physical handling of the digital container.

With the scenario in mind, you are to wrte a report to your supervisor, thoroughly providing a response to the following questions (in paragraph format, properly citing outside research, where appropriate) to both parts of the project:

Part I: Overview/Case Summary

  1. Wrte a short summary of the incident that has occurred and establish what permissions/authorities you have before you search Mr. McBride's former Company work area.

Part II: Physical Evidence Acquisition:

2. Look at the photo of Mr. McBride's work area. (See file attachment Work_Area.jpg) Identify three (3) potential items of digital evidence you see in the photo.

  • For EACH item of digital evidence you identified, describe in first person what steps you took to collect the items (with emphasis on your care and handling of that item consistent with digital forensic best practices described in the module content/weekly readings). You should documenting these steps in a detailed way that will mitigate questions, concerns, or a basic lack of information that will call your processes into question in court.
  • For each item, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold.)

3. Look at the photo of Mr. McBride's work area. (See file attachment Work_Area.jpg) Identify three (3) potential items of non-digital evidence you see in the photo.

  • For EACH item of non-digital evidence you identified, describe how you would collect each item, within standards and best practices described in your module content/weekly readings.

  • For each item, explain what potential use that item would be to your investigation (e.g., what type of data that item might hold.)

4. Detail in your report how you secured the collection of evidence after removing it from the original scene (the desk) and prior to sending it for analysis. Describe the security procedures in place as well as any environmental protections (specific to computer/digital devices) that are in place within the storage area.

5. Look at the Evidence Custody Document (See file attachment Evidence Custody Document.doc) and item photographs (Items-seized (pics).pptx). Read the Evidence Custody Document prepared by one of your co-workers in which he is attempting to document the seizure of the three (3) items pictured in the accompanying photos. Did your co-worker adequately describe each item? What could you add to the descriptions, and for which items (based on what you see in the photos) to make them more complte and serve as an example to your co-worker of what they SHOULD look like (how they should be described)?

Project Requirements:

  • Paper should be submitted as a basic report memo HOWEVER, an APA-formatted cover page, in-text citations, and reference page is required. (See the following link for memo writing guidelines:

  • Each questions should be answered with a minimum of 1-2 paragraphs, so work on your research, be specific, be detailed, and demonstrate your knowledge; submit your project to the assignments folder.

  • Answers to the above questions should be submitted in a single document (.DOC/.DOCX, .RTF, or .PDF), with answers separated and/or numbered in respect to the question, so as to make it clear which question is being answered;

  • The submission should have a cover page, including course number, course title, title of paper, student's name, date of submission, and submit to the assignments folder.

  • Format: 12-point font, double-space, one-inch margins;

  • It is mandatory that you do some research, and utilize outside resources! You must have a reference page that is consistent with APA citation style (see for help).

Project 3

CCJS 321 Digital Forensics in the Criminal Justice System

March 4, 2017

Section I

Section II

1.The laboratory has asked you to write a short summary of what information you want them to look for on the submitted thumb drive. Identify, for the lab, what digital evidence you would like them to look for and explain why that evidence would be important to the case.

2.Because you are the most familiar with the investigation, Mr. Jenkins is asking you to brain storm all the locations outside of Mr. McBride's immediate work space where pertinent digital evidence might be found to help with your intellectual property theft case. Identify all of these locations, including places where police would have to be involved to search. Identify what places are eligible for company search, and which ones would require police involvement. Support your inclusion of each location with a short description of what type of evidence might be found there.

3.After taking the thumb drive out of storage, you, as the digital forensics analyst, sit down to examine the data. (Presume all personal protective equipment is already in place.) Prior to looking through the data contained on the device, you have to make a forensic image. Document what step you take prior to making the image and why this step is important to your overall case. Explain your actions and reasoning thoroughly.

4. Write a response to the following email that you have received:

To: You, Greenwood Company Digital Forensics Examiner

From: H. Jenkins, HR Management

This case has made Greenwood Company upper management recognize the importance of forensic readiness. They have asked that you nominate three (3) forensic examination/analysis (software) tools for them to keep in their budget for the following year. They also state that they want to make sure that the tools nominated are ones that would meet criminal justice-level standards and evidentiary requirements under the Daubert Standard. In your response, please list the tool name, manufacturer, the capabilities of the tool, and how the three tools meet the standards of Daubert. (Management specifically wants tools that can examine/analyze the digital data inside the devices and is not interested in your input on additional tools that write protect or image devices at this time.)

5.You, as the digital forensics examiner, used hash values to help locate the source code on the thumb drive. Using verbiage that would be appropriate to communicate to a judge and jury that may not understand computer technology at all, detail the following: What is a hash value? How did you use it in this case to determine that Mr. McBride’s thumb drive contains copies of the source code? Explain an additional use of hash values in the context of digital forensics.

6.Do you recommend reporting the crime to law enforcement? Why or why not? Are private companies required to report crimes to law enforcement?

7.What is the significance of you being qualified as an expert witness? How is it different from being a simple fact witness? Explain thoroughly.

8.The prosecutor in this case calls you and brings up the fact that you write a personal blog about digital forensics in your off-time, from which it appears you are a staunch supporter of law enforcement. She is concerned that it will look like you are biased in support of law enforcement and that you only had your company’s bottom line in mind. She asks you to prepare for trial by practicing answering the following questions - respond to the prosecutor by typing up a transcript for your response. “How do we know you are not biased in this case, choosing to report only what would help law enforcement and your company's bottom-line? How can I know from your work that your analysis should be accepted?”

Prosecutor: “How do we know you are not biased in this case, choosing to report only what would help law enforcement and your company's bottom-line?

Prosecutor: “How can I know from your work that your analysis should be accepted?”

CCJS 321 Digital Forensics in the Criminal Justice System Project 2 and 3
Answered by nerdygirl
Expert Rating: 200 Ratings
Dated: 10th Sep'17 02:17 PM
5 words and 2 attachment(s).
Tutorial Rating: Not Rated
Sold 1 times.
(preview of the tutorial; some sections have been intentionally blurred)


Project-3.docx (36.94 KB)
Preview of Project-3.docx
be     supervisor   Mr McBride’s     because       is   to Mr     should       interview   should be     The       is   the room     the       should   isolated from     area       are   fearful of     others       to   honest The     should       laid   The interview     be       8'   10' to     suspect       The   should be     free       walls   ceiling should     insulated       noises   the door     made       with   visible locks     should       prevent   witness from     privacy       room   also contain     Four       writing   and three     suffice       offset   one side     room       chair   face the     interviewers       between   witness and     but       such   manner that     witness       (John   Reid &     ,       an   is just     as       The   must be     as       confused   lost This     by       set   questions, goals,     and       His   should briefly     individual       and   importance so     be       the   process A     witnesses       the   in person,     prior       An   consideration is     is       the   of the     forwarding       between   resources, security,     and       would   organized to     legal       interview,   is important     interviewer       rapport   more respectful     the       more   the interviewee     to       information   2016) The     start       and   others present     room       who   is and     does,       of   he investigates,     he       According   Reid &     witness       75%   the talking     them       what   know without     you       should   detailed notes     witnesses’       events   any follow     that       be   After the     completed       events,   any information     any       issues   during the     the       professional   with empathy     communication       witness   ease and     greatest       they   fully cooperate     Guiding       above   the largest     information       and   Ask the     it’s       them   if other     questions       thing   should do     the       you   and their     the       investigator   and follows     the       witness   is examined     facts       credibility   the witness     information       and   confidential Any     will       admissible   ready to     to       2005)   interviews will     as       laboratory   asked you    
Project-2.-Investigative-Collection-of-Evidence.docx (24.66 KB)
Preview of Project-2.-Investigative-Collection-of-Evidence.docx
the     bag   also documented     on       custody   Discovery Reference     The       that   would collect     will       note   is attached     desk       front   the thumb     the       phrase   is handwritten     743”       It   vital because     phrase       codename,   email address     (Electronic       2016)   store transport     of       will   it into     evidence       enlarged   and also     item       of   The detail     report       the   of evidence     it       scene   desk) and     it       the   procedures in     well       protections   to computer/digital     are       the   area After     of       needs   be stored     maintain       the   and when     presented       of   Therefore before     if       should   that all     evidence       collected   inventoried by     policies       digital   is then     an       climate   free of     also       does   require excessive     can       (U   Department of     It       the   evidence is     such       extreme   or temperature,     easily       batteries   the laptop     be       to   the loss     evidence       configuration   times and     the       the   evidence, the     the       must   a security     example,       should   put in     to       evidence   or she     the       of   chain of     the       The   officer is     for       out   evidence by     evidence       security   as controllable     and       be   in the     to