Digital Investigation II HW2
As a lead federal forensic examiner, you have been asked by a federal government senior executive to perform an actual postmortem forensics analysis in order to play back events related to an external network attack. This network also involves the authorized manipulation of national security classified information; therefore the senior executive would like to know both the procedures and the tools to be used to collect the data and evidence of the intrusion. The specific executive request is for you to formulate postmortem analysis procedures to be used against the suspected unauthorized intrusion.
Provide a forensic plan that may be used by the investigator to perform this postmortem forensics analysis. Make sure to include the following:
- The report should include the following:
- A title page
- An introduction to the contents of the report
- An overview for why the postmortem analysis must be
conducted within the given scenario above to reproduce digital activity, former systems states and activity
- The procedures typically used by investigators to operate postmortem forensics simulators/tools, and the types of digital activity and system states the investigator may detect
- A conclusion to the report, revealing what may be detected through postmortem analysis and the security impact to the federal organization
- A reference page in APA format
The report should be a minimum of 3–5 pages in length (excluding the title page) and neatly formatted. Sources should be properly cited in APA style.
Asked by rebeccacox 4 years ago