Forensic Case Capstone
GIAC Certified Forensic Examiner Objective:
Foundations of Digital Forensics Acquisition
- The candidate will demonstrate an understanding of the methodologies and tools used to collect and process digital forensic evidence.
Fundamental Digital Forensics
- The candidate will demonstrate an understanding of forensic methodology, key forensic concepts, identifying types of evidence on current Windows operating systems and be familiar with the structure and composition of modern Windows file systems.
Overview
This lab is part of a series of lab exercises intended to support courseware for Forensics training. The development of this document is funded by the Department of Labor (DOL) Trade Adjustment Assistance Community College and Career Training (TAACCCT) Grant No. TC-22525-11-60-A-48.
These are the two capstone challenges for the Digital Forensics labs.
Forensic Challenge 1 – Analysis and Reporting in Autopsy
Susie Stapleton has gone missing for 3 days. Her husband and kids are worried sick. A police officer has acquired an image of her hard drive.
- Look through her user profile to find any pictures that might reveal where she is
- Bookmark any photos that you find that you deem to be relevant
- Generate a forensic report in HTML format
Forensic Challenge 2 – Analysis and Reporting in Autopsy 64 bit
Jimmy Jamison has been arrested for stealing credit cards. He has used five different credit cards that were not his. A police officer has acquired an image of his hard drive.
- Look through his user profile to find any documents that Jimmy had
- Export the documents and view them to determine if credit card info is present
- Bookmark any documents that you find that you deem to be relevant
- Generate a forensic report in HTML format
OUTCOMES:
In this lab, you will learn to:
- Analyze and Report in Autopsy
- Analyze and Report in Autopsy 64 bit
Key terms and descriptions
Other hashes, such as SHA-1, which is 160 bits, are more accurate than the 128-bit MD5.