Part I
Subject:Computer SciencePrice: Bought3
Share With
Part I. Install a Windows Virtual Machine
Install a Windows Virtual machine from the image below, and name the VM your lastName_SemesterYear ( For example: Messi_Fall2023 or Mbappe_Spring23) . Get the Windows ISO image from https://www.microsoft.com/en-us/software-download/windows8ISO.Links to an external site. Limit the Maximum disc size (storage ) 20 GB . Also when asked for product key xxxxx ..xxxxx.. skip the ‘Product Key Number’ ( and fill in the ‘Full Name’ , Password is optional , ) and move to next step with Click ‘Next
ITN260 being a Prerequisite of this course, you must be familiar with Virtual machines creation. If you have never installed a Windows VM on your system, follow the direction here . It is is based on Virtual Box , but you can use any hypervisor.
Part II. Log into your new VM and Conduct a few tasks
- Start your Windows Virtual Machine.
- Go to the Start Menu of the VM. This is at the bottom left of the screen. RUN.
- Type cmd in the search bar and hit Enter to open the command shell
- Type echo %cd% and Enter
- Type date , press Enter. When prompted to “Enter the New date” press Enter again or type CTRl C to exit. Take a screen capture
- Go to the Internet using a browser and do a few searches using any browser, (Visit dfrws.org; NVCC.edu; BBC.com; CNN.com; nsa.gov; and a few more websites of your choice)
- Install some software/application – another Browser like Firefox, or a tool like notepad++
- Download a few images (at least 5/6 from different sources and at least two (2) from NVCC.edu
- Save a few docs from NVCC’s website including this page https://www.nvcc.edu/policies/_files/224-Academic-Integrity.pdfLinks to an external site.
- Delete any three (3) pictures, which you have downloaded recently.
- Download the Final_Exam Final Exam.txt Download Final Exam.txt file and save it to your VM’s desktop.
- Log out of your VM.
Part III. Image the VM with a Forensic Imaging tool
Create a forensic image of the VM and save the image as "suspect_image "
-------------------------------------------------------------------------------------------------------------------------------------------------------
Deliverable
1. A lab report including the followings: ( 20 Points )
- The screen captures from Part II with the commands echo %cd% and date.
- A list to show what you have downloaded in Part II, where you have downloaded, and which pictures you have deleted from where.
- Full screen capture of the Desktop of your VM with Final_Exam folder
2. Image summary of the " suspect_image " ( 10 Points )
3. Forensic Image the VM, which you have created in part III ( " suspect_image " ) along with the MD5 Hash of the Image ( 20 Points )
-----------------------------------
Part 2
Case Facts:
Virginia Beach Police informed that Over 20 weapons stolen from a Virginia gun store. Federal agents have gotten involved in seeking the culprits who police say stole more than 20 firearms from a Norfolk Virginia gun shop this week. The U.S. Bureau of Alcohol, Tobacco, Firearms and Explosives is working with Virginia Beach police to locate the weapons, which included handguns and rifles. News outlets report they were stolen from a store called DOA Arms during a Tuesday morning burglary.
Based on the 'Probable Cause of affidavit' a search warrant was obtained to search the apartment occupied by Mr. John Doe and Mr. Don Joe at Manassas, Virginia. When the search warrant executed, it yielded miscellaneous items and a computer. The Special Agent conducting the investigation, seized the hard drive from the computer and sent to Forensics Lab for imaging.
You are to conduct a forensic examination of the image to determine if any relevant electronic files exist, that may help with the case. The examination process must preserve all evidence.
Your Job:
-
- Forensic analysis of the image suspect_ImageLinks to an external site. which is handed over to you
-
- The image file suspect_ImageLinks to an external site. ( Someone imaged the suspect drive like you did in the First part of Final Project ) MD5 Checksum : 10c466c021ce35f0ec05b3edd6ff014f
- You have to think critically, and evaluate the merits of different possibilities applying your knowledge what you have learned so far. As you can see this assignment is about "investigating” a case. There is no right and wrong answer to this investigation. However, to assist you with the investigation some questions have been created for you to use as a guide while you create a complete expert witness report. Remember, you not only have to identify the evidence concerning the crime, but must tie the image back to the suspects showing that the image came from which computer. Please note: -there isn't any disc Encryption like BitLocker. You can safely assume that the Chain of custody were maintained.
- There is a Discussion Board forum, I enjoy seeing students develop their skills in critical thinking and the expression of their own ideas. Feel free to discuss your thoughts without divulging your findings.
While you prepare your Expert Witness Report, trying to find answer to these questions may help you to lead to write a conclusive report : NOTE: Your report must be an expert witness report and NOT just a list of answered questions)
You should try to find answer the following questions:
- What is the first step you have taken to analyze the image
- What did you find in the image:
- What file system was installed on the hard drive, how many volume?
- Which operating system was installed on the computer?
- How many user accounts existed on the computer?
- Which computer did this image come from? Any indicator that it's a VM?
- What actions did you take to analyze the artifacts you have found in the image/computer? (While many files in computer are irrelevant to case, how did you search for an artifacts/interesting files in the huge pile of files?
- Can you describe the backgrounds of the people who used the computer? For example, Internet surfing habits, potential employers, known associates, etc.
- If there is any evidence related to the theft of gun? Why do you think so?a. Possibly Who was involved? Where do they live?b. Possible dates associated with the thefts?
- Are there any files related to this crime or another potential crime? Why did you think they are potential artifacts? What type of files are those? Any hidden file? Any Hidden data?
Submit Your Report:
Click the Submit button link above.
Your report is due on week 7 of this class - this is your final project.
Grading:
This assignment is worth up to 50 points towards your final grade. For this assignment clear rubrics is not provided intentionally. Since the overall goal of this project is investigating a case, a step by step rubrics will kill the investigation. However, you will be assessed on the methods of your analysis and how your analysis helped you to turn you finding into evidences. To earn the maximum number of points, you should try to address (NOT just answer) the above questions in your report, keeping the points below in mind
- Explanation of the findings: What did you actually do to make the findings into an evidence? ('I Opened the image' is not considered an action because your forensic suite does that anyway )
- A time line of events. Extremely important - This will lead the investigation.
- A brief explanation of list of names of people involved. You need to be very careful with this part. Just because you find word " Trex " somewhere in the image, that does not prove that Trex is related to your case. You need to make it an evidence.
- Your personal verdict on whether the suspect is guilty or not, and why. (This is the Fun part, just concluding the case. Remember you are stepping into the Administration of Justice area and this is not a Forensic Analyst's job) .
- Your analysis should NOT be more than 10-12 pages including the screen captures. Your analysis should be supported by appropriate screen captures! NO points will be given without appropriate screen capture of your analysis. All screen captures must accompany a date stamp. Inside the project report, if any screen capture is found without a date stamp, project won’t be graded.