In today’s digital world, most fraud can be tracked electronically. In this task, you will use Basis Technology’s Autopsy application to analyze a storage device for evidence related to a possible violation of company policy. You will analyze the storage device for data files, deleted data files, directories, or drive partitions. You will need to provide screenshots of your evidence and then write a final report to present the findings to senior management.
To access the Autopsy application and the files you need to recover, you will use the “Performance Assessment Lab Area” (see Web Links section). Instructions for how to access the tools will be included in the lab area.
An oil company’s senior management has reason to suspect that John Smith, one of the company’s mechanical engineers allegedly took information that was clearly identified as proprietary. The company’s legal office has requested digital evidence regarding the potential violation of company policy, which prohibits the sharing of proprietary information without prior approval. The employee was not authorized to access proprietary information. All employees sign nondisclosure agreements (NDAs) and acceptable use policies (AUPs). Senior management and the legal office have approved this request.
You are a member of the investigative team that has been assigned to examine the digital evidence captured from the suspect’s office laptop computer and create an incident report.
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. The originality report that is provided when you submit your task can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless specified in the task requirements. All other submissions must be file types that are uploaded and submitted as attachments (e.g., .docx, .pdf, .ppt).
A. Write a report for the team of investigators by doing the following:
1. Describe all steps taken in Autopsy to create the forensic system case file. Provide screenshots of these steps along with the Name, Email, and Student ID located on the desktop of the virtual environment.
Note: The “Student ID” that appears on the desktop of the virtual lab environment is not intended to be your actual WGU Student ID, but it is generated by the lab as a different identifier. Therefore, you should provide all screenshots of the virtual desktop as it appears in the lab.
2. Describe all steps taken in Autopsy to identify potential evidence, including data files, deleted data files, directories, or drive partitions. Provide screenshots of these steps along with the Name, Email, and Student ID located on the desktop of the virtual environment.
3. Summarize the findings you identified during your investigation and the conclusions you made regarding the suspect and the collected evidence. Provide screenshots from Autopsy or reports in support of your findings and conclusions. In each screenshot, include the Name, Email, and Student ID located on the desktop of the virtual environment.
B. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
C. Demonstrate professional communication in the content and presentation of your submission.