Project #13356 - Project 2

Project 2


Related Book: “Computer Forensics Principle and Practices”. Download link:


Question 1

Several recent cases have used computer forensic evidence especially metadata. Research these cases to determine how the evidence was discovered:

• In 2005, one file sent by the BTK killer to a Wichita television station led police to investigate Dennis Rader, a church president, and ended the 30-year murder spree of this serial killer.

What evidence was pivotal in this case?

• A dossier on Iraq's security and intelligence organizations was released to the public by Prime Minister Tony Blair as a Word document on the 10 Downing Street Web site ( in February 2003. An analysis of the document by Dr. Glen Rangwala, a Newnham College, Cambridge University, lecturer in modern politics, found that much of the material in the dossier was plagiarized from a postgraduate research student, Ibrahim ai-Marashi. Mr. Marashi was based at the Monterey Institute of International Studies in California at the time. What information was used to prove that the UK government was not the original writer of this document?


Question 2

Several recent cases and incidents have included e-mail as evidence. Two examples are:

• In 2005, a high-profile deal between media owner Ronald Hale and Quantum Communications went sour. Quantum had executed a preliminary deal with Hale to purchase two radio stations.

However, before the deal was complete, Hale sold one of the stations to a competitive media company, Cumulus Media, Inc. Quantum took Hale to court and won an injunction to stop

the sale of the radio station primarily because of e-mail evidence.

• In February 2006, the Abramoff scandal investigation reached into the electronic communications of the White House. New e-mail evidence found while investigating Jack

Abramoff indicated that the relationship between Abramoff and President George W. Bush may have been closer than previously alleged. The e-mails prompted a request to the White House for all records of meetings and correspondence with Abramoff and the appointment of a special counsel to oversee the investigation .

1. In each of these situations, consider how e-mail made an impact on the case and write a paragraph or two on your observations.

2. How might the criminals have attempted to cover up the trails of e-mails?

3. Draft a plan as to where and how you might get e-mail evidence for a trial in one of these cases.


Question 3

You are the head of the IT department for a Fortune 1 00 company. Up until now you have been unaware of any serious break-ins to your company, but you have the sneaky suspicion you may not know because you do not have the tools to see the attacks. You have been approached by the CIO to look into an enterprise-wide IDS system. Your network spans several continents and has multiple entry points onto the Internet. Your research so far has pointed to using an NFAT system instead of using an IDS, but you are debating on how to implement NFAT across your enterprise network without straining your budget and network. Research the different types of NFAT systems and how they are deployed. Design a topology using agents, servers, and forensic technician computers that will cover a network of this size efficiently.

Explain the role of firewalls, hosts, and any network devices you have on the network within the framework of the NFAT system. Remember to account for large amounts of data and how the NFAT system will analyze these data streams.


Question 4

The Kosovo crisis was the first known major use of information warfare. In 1999, during the Kosovo crisis and NATO bombing campaign, Yugoslav hackers reportedly launched a DoS attack against a NATO Web site with viruses and thousands of e-mails daily. Serbian supporters clogged nonmilitary Internet sites in the United States. In the "first cyberwar," Serbian supporters also used e-mail to warn of NATO strikes and to send messages of support. After NATO mistakenly bombed the Peoples' Republic of China (PRC) embassy in Belgrade, PRC-based sources brought down the U.S. White House Web page and defaced the U.S. embassy Web site in Beijing. The U.S. military has acknowledged that NATO's air war against Serbia included "limited" computer warfare. The United States used computer attacks on Yugoslav President Milosevic's and other Serbian leaders' foreign bank accounts in 1999. Earlier, during the 1990-1991 Gulf War, hackers in the Netherlands reportedly offered to help Iraq by penetrating and attacking coalition information networks, but Iraq rejected the offer.

Adapted from George K. Walker. Conflicts and Computer-Based Attacks: Information Warfare and Neutrality. (accessed March 20, 2006).

1. Create a list of each use of the Internet in the conflicts described in the Case Study. Classify each use as either a criminal or noncriminal use. Explain the reason for each classification.

2. Search online databases or the Internet for information about examples of Internet resources or Internet-based attacks that have been used in the war with Iraq. Draft a report describing those resources or attacks and where e-evidence of their existence might be found.

3. In your opinion, how does an investigation of cyber warfare activities differ from an investigation of profit-motivated hacker attacks?


Question 5

An ongoing scam was discovered when John Kothanek, PayPal's lead fraud investigator, noticed too many Hudsens and Stivensons opening accounts with PayPal, Inc., an online payment processing company in Palo Alto, California. Ten names opening batches of 40 or more accounts were being used to buy high-value computer goods in auctions on (Radcliff, 2005). One of PayPal's merchants reported being redirected to a mock PayPal site. Sniffer software, which catches packet traffic, was set up at the mock site. The software showed that operators of the mock site were using it to capture PayPal user log-ins and passwords. Investigators also used the sniffer to log the perpetrators' own IP address, which they then used to search against PayPal's database. It turned out that all of the accounts in question were opened by the same IP address. Using two freeware network-discovery tools, TraceRoute and Sam Spade, PayPal found a connection between the fake PayPal server address and the shipping address in Russia to which the accounts were trying to send goods.

Using the EnCase® forensic toolkit, Kothanek's team helped the FBI tie its case to PayPal by using keyword and pattern searches familiar to the PayPal investigators to analyze the slack and ambient space, on a mirror-image backup of the suspects' hard drives. Links were established between their machine's IP address, credit cards, and the Peri scripts they were using to open accounts.

You have been asked to write a report that identifies and explains the types of e-evidence that could be used at trial. Organize your report according to the Figure 11.1 fraud-to-trial process and the legal elements of fraud outlined in Table 11.1.

See attachment for figure and table


Question 6

The majority opinion in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 ( 1993), was authored by Justice Blackmun. According to the opinion, "general acceptance" is not a necessary condition for the admissibility of scientific evidence under the Federal Rules of Evidence. But according to the Rules of Evidence, trial judges need to ensure that an expert's testimony both rests on a reliable foundation and is relevant to the task at hand.

1. Read "Daubert in a Nutshell" at www.daubertontheweb. com/Chapter _2.htm.

2. What was the Frye test? What rule replaced (supplanted) Frye?

3. How does Daubert help prevent "absurd and irrational pseudoscientific assertions" by expert witnesses?

4. What was the response to the fear that Daubert's new evidentiary standards would sometimes stifle courtroom debate?


Question 7

USA PATRIOT Act, Section 225 gives immunity to one who complies with a court order or valid request for emergency assistance. If the government has a court order, there is no problem. Without a court order, however, immunity is not automatic because a court might later determine that the "emergency" was not valid. Imagine, for example, that you are a network administrator. A federal officer comes to your office and says that he believes that a terror attack is planned in an hour. He needs confidential customer information in your custody. He does not have a court order, warrant, or any other formal authority. If you turn over the information, you may save lives, but you are also exposing yourself and your firm to potential civil liability if a court later determines that no valid emergency existed .

1. What ethical dilemmas do you face in this situation?

2. Discuss what you should do. How much evidence should you demand before you turn over the information?

3. In your opinion, does the heavy-handed use of techniques such as sneak-and-peek searches violate ethical rules or legal obligations under the Constitution? Explain your opinion.

Subject Computer
Due By (Pacific Time) 10/03/2013 12:00 am
Report DMCA

Chat Now!

out of 1971 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 1164 reviews

Chat Now!

out of 721 reviews

Chat Now!

out of 1600 reviews

Chat Now!

out of 770 reviews

Chat Now!

out of 766 reviews

Chat Now!

out of 680 reviews
All Rights Reserved. Copyright by - Copyright Policy