Final Project – M57 Patents
Purpose: To introduce working through a realistic case process that involves
examining multiple images.
Application location: Virtual Computing Lab: FTK 5.0 / Windows 7
Evidence file(s) location: Forensics Data folder under project data in VCL
Case Scenario: M57.biz Company slides/video (on Blackboard)
Format for answers: Please make sure each question is answered thoroughly.
Be sure to provide the chain of evidence (include: image name,
screen shots or email or images, path name where evidence was
found along with a detailed description of what was learned through
Example of report format:
Question 1: < answer to question>
1. Is Jo the owner of these files? What evidence is there to confirm or reject
2. How did the computer come to be sold on the secondary market?
3. Who (if anyone) was involved in the sale (theft?) of the computer?
4. Were any attempts made to hide the activities mentioned above?
5. Are there any other suspicious activities occurring in Part 1 that should
6. Who is exfiltrating the data?
7. How are they doing it? Can you identify the specific items they have
stolen? What is required to access the data?
8. Who is the outside contact for the exfiltration? What is the name of the
9. Is there anything in your analysis to suggest that this person might be
charged with more than one criminal offense? Provide evidence of
wrongdoing if any including outside contact.
10. Who is spying on Pat?
11. How are they doing it? Can you identify specific methods or software
they have used to facilitate this?
12. Why is the employee spying on Pat?
13. Is anyone else involved? Would you characterize them as
14. A number of outside professional contacts and persons (friends of the
employees) appear in this scenario. Who are they? Are they involved in
any of the activities uncovered?