Investigative Conclusions and Testimony
Questions and Answers
Investigative Conclusions and Testimony
Questions and Answers代写 For the ongoing investigations Randy Capisi, the Information Security Director for Allied Technology Systems and Jon Dewberry···
Section 1 Questions and Answers代写
For the ongoing investigations Randy Capisi, the Information Security Director for Allied Technology Systems and Jon Dewberry, the Product Engineering Manager in the same company as well as Mr. Jackson fiancé Ms. Suzanne, should be interviewed regarding their relationship and connection with Mr. Jackson. Randy Capsi, being the Information security director have questions to answer about the circumstances under which Keith Jackson have been operating and what he has done to protect the company systems and products. Further, need to answer under which circumstance that might Jackson have product x source code.
On the other hand, Jon Dewberry is responsible for answering questions related to Keith Jackson circumstances at work as his supervisor. As he was responsible for supervisory work in the product engineering department during the Jackson tenure with the company, critical information could be gathered from him, which would offer better insight into Jackson’s case. Additionally, another critical party to this interrogation is Mr. Jackson’s Fiancé. She has been close to Mr. Jackson and knew better about him. Therefore, her involvement to Jackson investigation is valuable to learn what Mr. Jackson has been contemplating while in the company and maybe shed more light on the reasons why he could have taken the product x.
ii. Questions and Answers代写
The interviews will not be predetermined with the target people, but instead, it will be conducted erratically on each of the parties in a privately. Before the interview, it will be essential to prepare the scope of questions for each one of the interviewees. This approach will make sure no exchange of thought between the parties and also to improve the quality of responses on which to compare.
Before the actual interviews, everything will be typically running to not raise suspicion as to activities that may lead to targeted parties be alarmed. During the interview, each of the interviewees will be assured of the privacy to his/her interview they will be required to sign the papers of secrecy, confidentiality, and honesty. Their action will also be monitored to make sure no connection between them and Mr. Jackson or they are no the accomplice.
The three stages are essential to a successful interview to allow for preparation for the interview, how to conduct the interview and ascertain the dependability of the information(Israel, 2012). Another important thing is to avoid victimization of the employee either from outside or inside. It is assumed that the former employee had friends in the place of work and that some might have the knowledge about the alleged breach or are part of the scandal
Section 2 Questions and Answers代写
Because of “flash memory amnesia” effect, the user of the thumb drive may not have been able to erase the data from the flash memory chip. Mr. Jackson had no control like any other user over the FTL or wear-level and garbage-collection algorithms. Therefore, regardless of him trying to cover his tracks, as long as he had no control over the NAND or NOR flash memory, it is very hard. Therefore, the forensic examiners will be able to recover any data in the thumb.
To be specific, some of the data that needed from the thumb drive are product x source codes, contacts, and emails saved or deleted from the drive as well as any program in the drive. This information is essential as it will inform on the intention of Mr. Jackson and perhaps give the lead to his network. The evidence may implicate the company he works for poaching him to gain access to the program on his possession.
2. Questions and Answers代写
For the investigation, the company needs to search for evidence on Ms. Suzanne workstation including her desktop, phone, and files. Mr. Randy Capisi workstation should also be investigated for the same type of evidence as Ms. Suzanne, but his contact information will be analyzed. Also, investigations on Jon Dewberry might give a lead with communication or traces of the program.
Other areas will need law enforcement like searching for Mr. Jackson’s home and the new workplace. The company needs to obtain as search warranty for such purposes. Additionally, for the company to search its employees’ phones and email addresses for communication links, the warranty must be obtained.
Before any activity with the drive, it is essential to make a forensic image of it and use the image to make the forensic analysis. To do that, AccessData FTK Imager 3.2 can be used. By applying this program tool, a bit to bit image of the drive is created. Then use Prodiscover to acquire and analyze the window and Linux file in the drive.
Making the image of the drive is encouraged because working with the original drive may make modify or destroy the evidence during the analysis. The forensic image is used to make the analysis.
4. Questions and Answers代写
The critical tools needed are SANS SIFT, ProDiscover Forensic, and Volatility Framework(“InfoSec,” 2018).
i. SANS SIFT: Are Ubuntu-based open-source incident response and forensic tools made by Rob Lee together with his team. It is used for in-depth forensic investigations. The tool supports Expert Witness Format, Advanced Forensic Format (AFF), and RAW (dd) evidence format.
ii. ProDiscover: The ARC Group produced the tool for advanced solution to crimes. The user can locate the data in a disk. In compliance with the Daubert standards, the tool also protects evidence and generate an evidentiary report which is admissible in the legal proceedings. Further, the tool can recover deleted files, access Windows Alternate Data Streams, examine slack space and more. What makes it unique and powerful is because it works from the sectoral level. Therefore, no data can bypass its algorithms.
iii. Volatility Framework: BlackHat made it and released for public use. It is advanced in-memory analysis and forensic. The tool is a cutting-edge platform for memory research and analysis for the digital investigators. The tool is used by police, military, education, and businesses to do an investigation.
5. Questions and Answers代写
Details of the thumb drive
i. Hash value: Is the representation of the original information in a memory drive(Kumar, Sofat, Jain, & Aggarwal, 2012). That is, hush function takes specific information and map it to a value which is called hash value. It is used in the encryption of information.
ii. In order to determine the presence of source codes Hashing technique was used to identify code in a group of objects in the drive(Kumar, Sofat, Jain, & Aggarwal, 2012). Hashing means converting large files to smaller ones then assigning them to a table. Then the elements in the table are assigned keys for identification.
iii. Hashing is used to make calculations of the hash value of the digital evidence drive MD5 and SHA. A hash function is used to calculate and verify the authenticity of the data.
6. Questions and Answers代写
It will not be advisable to report the crime to the law enforcement because the evidence gathered has already violated the 4thAmendment on search and seizure (Kerr, 2016). One cannot go against the law to correct a crime. Although every company is allowed to report for the legal course of action, there was a violation of the Act when the investigations on Mr. Jackson commenced without his consent nor statutory warranty.
Being a qualified expert witness is critical in building or determining the understanding of the facts in the evidence. A simple fact witness may not be able to vivid explain the facts in the evidence because he/she lacks skills, training, expertise, and education in the field. The expert opinion can be scientific or empirical but reliable because of trust created for being an expert.
8. Questions and Answers代写
To begin with, security analysis is my area of expertise, and have been offering these service for years. I want to clear that I am not an interested party to the said company nor do I have any connection with anyone working for or otherwise which could affect my impartial judgment in the investigation. Being a blogger on digital forensic issues does not whatsoever link to my work, and therefore when making decisions, I do not base them to what I write but rather to the findings within the scope the work.
That said, my record speaks for itself with various investigations that I have done over my career, not a single one had anybody complained of my biases nor conflict of interest. Most importantly, I do away with investigations when I find no evidence to link the suspects with a digital crime.
References Questions and Answers代写
Israel, S. (2012). 9 Tips on Conducting Great Interviews. Retrieved from https://www.forbes.com/sites/shelisrael/2012/04/14/8-tips-on-conducting-great-interviews/#7ec5f1b356f1
InfoSec. (2018). 7 Best Computer Forensics Tools. Retrieved from https://resources.infosecinstitute.com/7-best-computer-forensics-tools/#gref
Kumar, K., Sofat, S., Jain, S. K., & Aggarwal, N. (2012). The significance of hash value generation in digital forensic: A case study. International Journal of Engineering Research and Development, 2(5), 64-70.
Kerr, O. S. (2016). The Effect of Legislation on Fourth Amendment Protection. Mich. L. Rev., 115, 1117.
Moenssens, A. (2009). Federal Rule of Evidence 702. Wiley Encyclopedia of Forensic Science.