The Cybersecurity major in Old Dominion University required I take a class called “Cybersecurity Digital Forensics” or “CYSE 407.” In that class we had to do a mock digital forensic case.
The case instructions were to read the following scenario and then prepare an official evidence report that incorporates all of the elements stated in the grading criteria. In the mock case, we were hired as a forensic expert to investigate alleged contact between US and Russian officials. We performed a mock forensic analysis on a laptop and a cell phone of a high-ranking US government official. During the investigation we found the following: On the phone – a text confirming a lunch meeting on 2/15/2016 and the phone number was labeled “Red Ralph” in the contact list. On the laptop – several email communications about meetings and payment for “consulting services” between the official and RedRalph@gmail.com. On the laptop – several deleted zip files of classified material that weblogs show were uploaded to a file-sharing site. It is not clear if they were downloaded by anyone. The owner of the laptop and phone has “lawyered up” and is not saying anything about what they were doing on either device or any meetings that may have happened. You are now preparing your official report to the special prosecutor as evidence that may go to court in the future.
The grading criteria included: Case identifier or submission number. Case investigator. Identity of the submitter. Date of receipt. Descriptive list of items submitted for examination, including serial number, make, and model. Brief description of steps taken during examination, such as string searches, graphics image searches, and recovering erased files.
Included in the pdf images below is my entire mock forensic evidence report.
