(Solved) : Work Ccl Group Forensic Investigator Asked Contact Local Company Suspect Employee Breachin Q26203623 . . .
You work for CCL Group as a forensic investigator and have beenasked to contact a local company who suspect an employee ofbreaching company policies. You visit the company and meet with thesystem administrator and manager who explain that an employeeappears to have used a P2P program to download full length moviesonto their work computer. It is thought that they have alsodownloaded a Trojan virus which has resulted in not only theemployee’s computer system failing to boot, but also caused issueswith the entire network.
The employee has been suspended pending the investigation and youwill be provided with full access to the computer system andnetwork. The system administrator and manager have confirmed thatthe employee’s computer system has been left ‘in situ’ and nottampered with, but that the network issue had to be resolved due tothe business needing to function as normal.
You are required to plan and carry out an investigation of theemployee’s computer system and present your findings as a reportfor the system administrator and manager. You have a timescale oftwo weeks to plan and conduct your investigation, completing allrelevant documentation as well as preparing the final report.
Tasks 1 You are required to produce a documented plan of how youare going to approach your computer forensic investigation, whichwill be approved by your supervisor. The plan must include thefollowing:
A documented plan for the computer forensic investigation of theemployee’s system to include: a An annotated diagram of theevidence lifecycle b An explanation of the admissibility ofevidence providing four examples of good practice c Identificationof the types of evidence that could be gathered for thisinvestigation including a justification of the types of evidence tobe collected d Explanation of the precautions that will be taken topreserve the state of each type of evidence e Identification of thehardware and software tools that will be selected to analyse theevidence with a justification of the tools selected f Explanationof the importance of the chain of custody process g Explanation ofthe evidence handling procedures that will be used. 2 After yoursupervisor approves your plan, you can now carry out your computerforensic investigation of the employee’s computer system. Ensurethat you document the investigation process thoroughly to include:a date and time of action b activity type c personnelcollecting/accessing evidence d computer description information edisk drive descriptive information f handling procedure g completedescription of action: • procedure followed • tools used •step-by-step description of analysis and results h reasons foraction taken i notes j collection of evidence k review of evidencel analysis and interpretation of evidence m documentation ofevidence (printouts, photographs etc) and Chain of Custodyrecord.
. . .