You are the computer forensics investigator for a law firm. The firm acquired a new client, a young woman who was fired from her job for inappropriate files discovered on her computer. She swears she never accessed the files. You have now completed your investigation. Using what you have learned from the text and the labs, complete the assignment below. You can use your imagination about what you found!
Write a one page report describing the computer the client used, who else had access to it and other relevant findings. Reference the tools you used (in your imagination) and what each of them might have found.
As the computer forensics investigator for the law firm, I analyzed the computer used by the newly acquired client, a young woman who was fired for having inappropriate files on her computer. After conducting a thorough investigation, I discovered that the client's computer was a Dell Inspiron laptop, running on Windows 10 Home with an Intel Core i7 processor.
During my investigation, I utilized tools such as EnCase Forensic, FTK Imager, and Autopsy. These tools allowed me to examine the hard drive, recover deleted files, and view the computer's internet history and usage. It was found that the client was the primary user of the computer, logging into her account with a strong password.
However, upon further examination, it was discovered that the client's roommate had access to the computer as well. This roommate had a history of accessing inappropriate content on their shared Wi-Fi network. Additionally, the client's computer had remote desktop access enabled, providing a potential avenue for someone else to access the computer.
Upon analyzing the internet history, it was determined that the inappropriate files were downloaded during the evening hours, a time when the client was away from the computer. This further strengthened the suspicion that the roommate was behind the downloads.
Overall, it can be concluded that while the client's computer was used to download inappropriate files, the actual individual responsible for these downloads remains unknown. However, with the evidence found, it is clear that the client's roommate had both motive and opportunity to conduct such actions. This information will be crucial as the law firm moves forward with the client's case.
Report on Computer Forensics Investigation
Date: [Date of Report]
To: [Name of Law Firm]
Subject: Computer Forensics Investigation Report
Introduction:
As the computer forensics investigator for our law firm, I have completed a thorough investigation into the case involving our client, a young woman who was terminated from her job due to inappropriate files discovered on her computer. The objective was to determine whether the client accessed the said files or if there were any alternative explanations for their presence on her computer.
Computer Description:
The client primarily used a company-issued laptop, Dell XYZ, running the Windows 10 operating system. The laptop's specifications include an Intel i5 processor, 8GB RAM, and a 256GB solid-state drive. The device was provided by the employer, and thus might contain additional security measures such as encryption and remote monitoring software to facilitate compliance with company policies.
Tools Utilized:
During the investigation, several tools were employed to thoroughly examine the client's laptop and gather relevant evidence. Some of the key tools used include:
1. Forensic Imaging: A forensic imaging tool, such as FTK Imager, was utilized to create a bit-by-bit duplicate of the client's laptop's hard drive. This ensured that the investigation did not compromise any original evidence while allowing for a detailed examination.
2. Data Recovery: Software like EnCase Forensic was used to conduct an in-depth analysis of the laptop's allocated and unallocated spaces. This allowed for the recovery of deleted files, hidden partitions, and temporary files that might contain important evidence.
3. Internet Browsing History Analysis: Tools such as Internet Evidence Finder (IEF) were employed to analyze the laptop's internet browsing history, cache files, cookies, and temporary internet files. This phase aimed to identify any online activities related to accessing or downloading the inappropriate files.
4. Metadata Analysis: Tools like Metadata Analyzer were utilized to scrutinize the metadata of the files in question. By examining the file creation, modification dates, and user details, it was possible to establish if the client was involved in their creation or modification.
Findings:
Based on the investigation, the following notable findings were made:
1. Lack of Direct Involvement: Despite thorough analysis using the aforementioned tools, no evidence was found indicating that the client directly accessed or interacted with the inappropriate files. The internet browsing history contained no references to relevant websites or downloads related to the files in question.
2. Multiple User Access: The analysis revealed that the client's laptop had multiple user accounts with administrative privileges. It was discovered that other individuals, including the client's coworkers and potentially network administrators, had access to the same machine.
3. Remote Access Possibility: The forensic analysis discovered remote monitoring software installed on the laptop. This software, used by the employer for compliance and security purposes, enabled authorized personnel to access the client's system remotely. Investigation into the logs and remote access records is necessary to determine if anyone accessed the client's computer without her knowledge.
Conclusion:
In conclusion, the computer forensic investigation into our client's terminated employment case yielded significant findings. The evidence collected suggests that the client did not directly access the inappropriate files on her laptop. Instead, it indicates the possibility of alternative explanations such as unauthorized access by other individuals who had administrative privileges or remote access to her laptop. Further investigation, including analysis of remote access logs and potential interviews with coworkers and network administrators, would provide a clearer understanding of the events leading to the presence of these files on the client's computer.
Please consider this report as an initial summary of our findings. If you require any further assistance or clarification based on the information presented above, please do not hesitate to reach out.
Best regards,
[Your Name]
Computer Forensics Investigator
[Law Firm]