Throughout this course, you will be creating a Forensic Electronics Management Plan document for a company of your choosing. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course Key Assignment that you will make contributions to each week.
Project Selection
The first step will be to select an organization as the target for your Electronics Management Plan. This organization will be used as the basis for the individual assignments throughout the course, and it should conform to the following guidelines:
- Sufficient business scope: The selected organization should be in an industry where it would be reasonably expected to execute an Electronics Management Plan.
- Domain knowledge: You should be familiar enough with the organization to allow focus on the report planning and execution tasks.
Note: Some students have difficulty finding an existing organization that they can use as a model for assignments. Therefore, you may feel free to identify a hypothetical organization that meets the requirements. You may make any necessary assumptions to fulfill the requirements of organization selection.
Assignment
For the assignments in this course, you will be developing an Electronics Management Plan with the goal of outlining how your organization will identify, collect, protect, and provide forensic evidence. For the Phase 1 Individual Project, you must complete the following tasks:
Task 1: Create a Shell for the Electronics Management Plan
As you proceed through each project phase, you will add content to each section of the final report document to gradually complete the final project delivery. All of this will be brought together in final form for the Key Assignment. Appropriate research should be conducted to support the analysis in your plan, and assumptions may be made when necessary.
Use the following document shell for your Electronics Management Plan:
- Use Word
- Title Page
- Course number and name
- Project name
- Student name
- Date
- Table of Contents (TOC)
- Use an autogenerated TOC.
- It should be on a separate page.
- It should be a maximum of 3 levels deep.
- Be sure to update the fields of the TOC so that it is up-to-date before submitting project.
- Create each heading on a new page with TBD as the content, except for the sections listed under New Content below.
- Include a references section.
Project Outline
- Introduction
- Media Preservation
- Forensic Tools
- Acquiring Evidence
- E-Evidence in Court Cases
Task 2: Project Outline and Requirements
Include the following in your Introduction section. This will be 2–3 pages of content.
1 New Content: Introduction
- Explain the purpose and importance of an Electronics Management Plan.
- Give a brief description of the organization (can be hypothetical) where the Electronics Management Plan will be implemented. Include the company size, location(s), and any other pertinent information.
- Identify the type of investigation that the organization is conducting (e.g., fraud, insider threat, etc.).
- Discuss the potential types of media that could be involved in the case (e.g., the architecture of seized media).
- Discuss the different architecture of seized media depending on the use or industry (e.g., government, military, or police)
- Name the document "yourname_CS351_IP1.doc."
2 Explain to the organization how the forensics team will be preserving and protecting its data. At a minimum, discuss the following:
- Physical protections
- Personnel protections
- Contingency or backup protections
3 New Content: Forensic Tools
This will be 2–3 pages of new content. Complete the following:
- Explain what tools the forensics team uses for each platform. If the team uses one tool for more than one operating system (OS), explain that. At a minimum, include a discussion on tools for the following:
- UNIX-like systems
- Windows systems
- Identify any special add-on features to tools that may be necessary (e.g., write-blockers).
- Explain how the team uses these tools in your organization (e.g., designated laptops, specialized lab setups, etc.).
- Explain why the team uses the tool with this specific configuration.
- Be sure to update your table of contents (TOC) before submission
4 New Content: Acquiring Evidence
This will be 2–3 pages of new content.
Complete the following:
- Download this forensics tool.
- Note: You will have to register to be able to download the tool, but it is free.
- Create an image.
- Once installed, go to File and select Create Disk Image. You may use any media for this (e.g., USB stick, CD, external hard drive)
- Note: This will go much faster if you choose small size media (e.g., a small flash drive).
- Follow through the Wizard to create the copy of your evidence.
- When the Create Image window appears, click Add. For image type, select E01.
- You can leave Evidence Item Information blank, but you would fill it in for a real case.
- Select your image destination folder and file name.
- When you return to the main Wizard window, click Start.
- Once the copy is created, look for the text file saved to the same location, and ensure that the hash files are verified (that you have an exact copy).
- Analyze the image.
- Go to File and select Add an Evidence Item.
- Select the Source of Evidence, and follow through the Wizard to acquire your evidence.
- Click here to view a 15-minute video to assist you with the installation and use of this forensics software.
Include the following in your Electronics Management Plan:
- Describe what you found by answering the following questions:
- What did you see on the media (evidence) that you used before you acquired it in the forensics tool?
- How did you verify that your acquisition was an exact copy of the original?
- What did you see when you used the forensics tool?
- What were the differences?
- What did you learn about that media?
- Use screen captures to illustrate your explanation.
5 the section on E-Evidence in Court Cases will be added to your plan. This will be 2–3 pages of new content. This section will include the following:
- Provide an explanation of the rules of discovery for E-Evidence.
- How is E-Evidence identified?
- What sources have E-Evidence (outside of the organization and within it)?
- How is E-Evidence seized?
- Give an explanation about how E-Evidence is used in court cases.
- What types of cases use E-Evidence?
- What standards are required so that the E-Evidence is admissible?