Project #2 – Investigative Collection of Evidence
- No directly quoted material may be used in this project paper.
- Resources should be summarized or paraphrased with appropriate in-text and Resource page
For the purpose of this second Project, you are still the Information Security Analyst for Provincial Worldwide. Consider this project a continuation of the work you performed in Project #1. In this portion of the investigation, you are ONLY collecting the physical evidence, packaging it, and documenting and reporting it. You will NOT be handling the digital data during this stage of the investigation. (This step will be discussed in the Final Project.) You should limit your “care and handling” of each piece of evidence to the physical handling of the digital item/container.
With the scenario in mind, you are to report to your supervisor, thoroughly providing a response to the following questions (in paragraph format, properly citing outside research, where appropriate) to both Part I and Part II of the project:
Part I: Overview/Case Summary
1. Write a short summary of the incident to Director McPherson concerning was has occurred, and establish what permissions/authorities you have before you search Mr. Belcamp’s former Company work area. This includes your legal authority as a Company representative as a private company.
Part II: Physical Evidence Acquisition:
2. Look at the photo of Mr. Belcamp’s work area. (See file attachment Work_Area.jpg) Identify four (4) potential items of digital evidence you see in the photo. For those four items, describe EACH item you identified and explain what potential use the item would be within the investigation (e.g., what type of data that item might hold, why it is important, and what type of evidence it represents for prosecution.)
- Select two (2) of the items you identified and describe the steps that would be taken to collect the items (with emphasis on the care and handling, and packaging of each item consistent with digital forensic best practices described in the module content/weekly readings) at the scene. You should document these steps in a detailed way that will mitigate questions, concerns, or a basic lack of information that will call your processes into question in court.
3. Look again at the photo of Mr. Belcamp’s work area. (See file attachment Work_Area.jpg) Identify four (4) potential items of non-digital evidence you see in the photo. For those four items, describe EACH item you identified and explain what potential use the item would be within the investigation (e.g., what type of data that item might hold, why it is important, and what type of evidence it represents for prosecution.)
- Select two (2) of the items you identified and describe the steps that would be taken to collect the items (with emphasis on the care and handling, and packaging of each item consistent with digital forensic best practices described in the module content/weekly readings) at the scene. You should document these steps in a detailed way that will mitigate questions, concerns, or a basic lack of information that will call your processes into question in court.
4. The evidence you seized in Questions two (2) and three (3) must be transported, secured and stored after removing it from the original scene (the work area) and prior to sending it for analysis. Describe the security procedures in place as well as any environmental considerations or protections (specific to computer/digital devices) that are in place within the storage area, and why they are important.
5. Look at the Evidence Custody Document (See file attachment Evidence Custody Document.doc) and item photographs (Items-seized (pics).pptx). Read the Evidence Custody Document prepared by your co-worker, Brian Duggars in which he was attempting to document the seizure of three (3) items pictured in the accompanying photos. Did Brian adequately describe each item? What could be added to the descriptions, and for which items (based on what you see in the photos) to make them more complete and serve as an example to your co-worker of what they SHOULD look like (how they should be described)? Or, did he do a good job and no modifications need to be made.
Project Requirements:
• Each question should be answered thoroughly looking at all the issues presented, so do your research, be specific, be detailed, and demonstrate your knowledge; submitting your project through the appropriate assignment folder.
• This project should be submitted in a single Microsoft Word document (.DOC/.DOCX), with answers separated and/or numbered in respect to the question, so as to make it clear which question is being answered. It may be in a question and answer format, or as described with answers to the associated question numbers;
• The paper should be written in third-person grammar, not first person (which means – I, me, myself, etc.);
• The submission is to have a cover page that includes course number, course title, title of paper, student’s name, and the date of submission per APA writing format;
• Format: 12-point font, double-space, one-inch margins;
• It is mandatory that you do some research, and utilize outside resources! You must have a reference page at the end of your project that is consistent with APA citation style and format (see https://owl.english.purdue.edu/owl/resource/560/01/ for help). You should have a minimum of (5) five references for this paper, and properly cited in the body of the paper per APA guidelines.