Question

In: Computer Science

Facebook Investigation Scenario Part 1 Spring 2017 Note: the following scenario is fictional as are all...

Facebook Investigation Scenario Part 1 Spring 2017 Note: the following scenario is fictional as are all parties named in the story Initial Complaint: March 20, 2017– 8:41 AM.

Mary Jones, a junior at the University of New Haven has contacted local police stating that sometime between midnight on October 11th, 2016 and 8 am on March 20, 2017, her ex-fiancé, Pete Sampson, posted semi-nude pictures of Ms. Jones on his Facebook page and also called Ms. Jones several derogatory names on Facebook. Ms. Jones is very upset as many other students at the university have already seen and commented on her picture on Facebook. She feels that Mr. Sampson posted the picture as a way of harassing and humiliating her. As a criminal justice major, Ms. Jones is worried that Mr. Sampson’s postings may hurt her future career so she has contacted the local authorities.

In-person interview with Mary Jones: March 20, 2017– 9:30 am

Mary Jones is a 20-year-old criminal justice major at the University of New Haven in her junior year at the school. At approximately 8:00 am this morning, one of her friends texted Ms. Jones and asked her if she had checked out her ex- fiancé, Peter Sampson’s, Facebook page. When Ms. Jones loaded Mr. Sampson’s Facebook page she found a semi-nude picture of herself as well as derogatory comments about herself. When questioned about the origin of the picture, Ms. Jones stated that she had “sexted” the photo to Mr. Sampson sometime in the fall of 2014 when she and Mr. Sampson had just started to date. Ms. Jones also stated that she was only 17 years old at the time of the picture. Upon further questioning, Ms. Jones explained that she had Mr. Sampson had met in early September of their freshman year and had started dating immediately. While they had become engaged over the previous summer, Ms. Jones had broken off the engagement several weeks ago and had begun dating Mr. Sampson’s roommate, Michael Davis. Ms. Jones felt that Mr. Sampson had posted the picture in retaliation to her ending their relationship and that the purpose of Mr. Sampson posting the picture was to harass her and to cause harm to her reputation and to her potential career in law enforcement.

In-person interview with Peter Sampson: March 20, 2017 – 2:45 pm.

Peter Sampson is a 21-year-old criminal justice major in his junior year at the University of New Haven. During the interview, which took place in Mr. Sampson’s dorm room, Mr. Sampson confirmed that he and Ms. Jones had dated and that the relationship ended abruptly several weeks ago when Mr. Sampson discovered Ms. Jones in bed with Mr. Sampson’s roommate, Michael Davis. While Mr. Sampson was still visibly angry with Ms. Jones, he denied having anything to do with posting her picture and making comments about Ms. Jones on his Facebook page. Mr. Sampson further stated that following his discovery of Ms. Jones with Mr. Davis, Mr. Sampson deleted all of the digital photos he had of Ms. Jones as well as all correspondence between himself and Ms. Jones. Mr. Sampson claims to have used one Toshiba laptop computer that was a high school graduation gift for the past 3 years and that no one else has had access to the laptop over the past 24-hour period. When asked if anyone else had access to his computer in the past, Mr. Sampson stated that in Spring semester of 2016 he had loaned the laptop to his roommate, Michael Davis, so Mr. Davis could complete a paper because Mr. Davis’s laptop computer had been damaged and Mr. Davis had not yet gotten a new computer. Mr. Sampson again adamantly denied posting Ms. Jones’s picture on his Facebook page though he admitted that he had left the picture on his page until contacted by law enforcement. When asked who he thought might have posted the picture, Mr. Sampson stated that he believed that his roommate, Michael Davis, had posted the picture to get back at Mr. Sampson because of continuing hostilities between the two roommates following Mr. Sampson’s discovery of Ms. Jones with Mr. Davis. Officers did notice that Mr. Sampson had several “sticky” notes on his desk that contained his passwords for several online accounts including that of Facebook. As officers were preparing to leave, Mr. Sampson’s roommate, Michael Davis, returned to the room. When questioned about Mr. Sampson’s allegations that Mr. Davis had posted Ms. Jones picture, Mr. Davis denied any knowledge of the picture or of Mr. Sampson’s Facebook password. Mr. Davis stated that Mr. Sampson was trying to “pin” the posting of the picture of Ms. Jones on him in an attempt to get Ms. Jones back. When officers asked Mr. Davis about using Mr. Sampson’s laptop the previous Spring, Mr. Davis claimed that he did not remember whether or not he had ever used Mr. Sampson’s computer. Mr. Davis then stated he had to go to class and abruptly left.

Assignment .

Your team of digital forensics and computer crime investigators has been assigned this case. Your goal is to attempt to determine who posted Mary Jones’s photo on Facebook.

Solutions

Expert Solution

A Computer Forensic Investigation generally investigates the data which could be taken from computer hard disks or any other storage devices with adherence to standard policies and procedures to determine if those devices have been compromised by unauthorised access or not. Computer Forensics Investigators work as a team to investigate the incident and conduct the forensic analysis by using various methodologies (e.g. Static and Dynamic) and tools (e.g. ProDiscover or Encase) to ensure the computer network system is secure in an organization. A successful Computer Forensic Investigator must be familiar with various laws and regulations related to computer crimes in their country (e.g. Computer Misuse Act 1990, the UK) and various computer operating systems (e.g. Windows, Linux) and network operating systems (e.g. Win NT). According to Nelson, B., et al., (2008), Public Investigations and Private or Corporate Investigations are the two distinctive categories that fall under Computer Forensics Investigations. Public investigations will be conducted by government agencies, and private investigations will be conducted by private computer forensic team. This report will be focused on private investigations, since an incident occurred at a new start-up SME based in Luton.

This report also includes a computer investigation model, data collections and its types, evidence acquisitions, forensics tools, malicious investigation, legal aspects of computer forensics, and finally this report also provides necessary recommendations, countermeasures and policies to ensure this SME will be placed in a secure network environment.

2. Case Study

A new start-up SME (small-medium enterprise) based in Luton with an E-government model has recently begun to notice anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received a number of customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.

The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full scale malware/forensic investigation.

As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised, and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.

Your task is to investigate the team’s suspicions and to suggest to the team how they may be able to disinfect any machines affected with malware, and to ensure that no other machines in their premises or across the network have been infected. The team also wants you to carry out a digital forensics investigation to see whether you can trace the cause of the problems, and if necessary, to prepare a case against the perpetrators.

The company uses Windows Server NT for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.

Deliverables

Your deliverable in this assignment is a 5,000 word report discussing how you would approach the following:

• Malware investigation

• Digital Forensic Investigation

You should discuss a general overview of the methodology that you will use, and provide a reasoned argument as to why the particular methodology chosen is relevant.

You should also discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence.


Related Solutions

Assessment Part 1: Read the scenario and address all of the checklist items. Scenario: A new...
Assessment Part 1: Read the scenario and address all of the checklist items. Scenario: A new product manager presents to you, the Chief Financial Officer, a proposal to expand operations that includes the purchase of a new machine. The product manager is certain that the positive cash flows, which exceed the initial outlay by $20,000 by the end of year 4, will bring both praise and approval. You explain the company uses a 12% discount rate for cash flows and...
Identify the issue under investigation, the population, and the sample in the following scenario. Then determine...
Identify the issue under investigation, the population, and the sample in the following scenario. Then determine whether or not this sample is likely to be representative of the population. The Sierra College Campus Parking and Security Services Department wanted to know the percentage of Sierra College students who use the parking lots on the Rocklin campus that feel there is not enough parking spaces on campus. In order to address their concern, members of the department took positions within parking...
Comprehensive Problem 4 Part 2: Note: You must complete part 1 before part 2. After all...
Comprehensive Problem 4 Part 2: Note: You must complete part 1 before part 2. After all of the transactions for the year ended December 31, Year 1, had been posted [including the transactions recorded in part (1) and all adjusting entries], the data that follows were taken from the records of Equinox Products Inc. Income statement data: Advertising expense $150,000 Cost of merchandise sold 3,700,000 Delivery expense 30,000 Depreciation expense—office buildings and equipment 30,000 Depreciation expense—store buildings and equipment 100,000...
Comprehensive Problem 4 Part 2: Note: You must complete part 1 before part 2. After all...
Comprehensive Problem 4 Part 2: Note: You must complete part 1 before part 2. After all of the transactions for the year ended December 31, 2016, had been posted [including the transactions recorded in part (1) and all adjusting entries], the data that follows were taken from the records of Equinox Products Inc. Income statement data: Advertising expense $150,000 Cost of merchandise sold 3,700,000 Delivery expense 30,000 Depreciation expense—office buildings and equipment 30,000 Depreciation expense—store buildings and equipment 100,000 Dividend...
In the fictional country of Symposia, we have the following information for the year 2017: *Consumers...
In the fictional country of Symposia, we have the following information for the year 2017: *Consumers bought $2 billion dollars worth of goods and services, 20% of which were produced and initially sold in 2016. *Labour wage income was $250 million in 2017* *Businesses invested $100 million dollars in new capital (i.e. machinery) stock in 2017. *Businesses also bought $200 million dollars worth of company stocks in 2017. *Foreigners with working visas in Symposia lived in foreign-only households that bought...
Problem 1 Part A (11 Marks) Note: It is suggested that you read all both parts...
Problem 1 Part A Note: It is suggested that you read all both parts of Problem 1 before you start so that you structure your space requirements for the answer appropriately. Several friends grouped themselves as shareholders and Emerald Delivery Limited opened for business September 1 2018. The transactions for the month are listed. You are to create the journal entries in good form for these transactions. Sept 12015 - Shareholders started the company with 20,000 of their own cash...
Scenario (fictional): The following four employees have different attitudes towards their jobs and different levels of...
Scenario (fictional): The following four employees have different attitudes towards their jobs and different levels of job satisfaction which impacts their behavior on the job at this beverage company. You are the HR Director who is becoming concerned regarding the behavior of some employees at work. Read the following background information on each of the four employees and address all the checklist items. Employee #1: Marketing product manager: She experiences cognitive dissonance every time her boss tells her she should...
Prepare an F-DAR chart note with the following scenario; SCENARIO A: Mrs. Rose Tiny is a...
Prepare an F-DAR chart note with the following scenario; SCENARIO A: Mrs. Rose Tiny is a resident at Good View’s Nursing Home. She has dementia in the early stages. She takes direction well, but often must be assisted due to her memory problems. Sometimes she forgets to call for assistance when she needs to be toileted. You did her VS they are 100/68-37-64-20 and during that time, you noticed a smell. Mrs. Tiny is sitting in a geri chair by...
On April 1, 2017 FIRE retired its note payable and on July 1, 2017 the company...
On April 1, 2017 FIRE retired its note payable and on July 1, 2017 the company issued a bond. Bond information Face value $90000 Coupon rate 6.0% Term 9 years Net proceeds $98,000 Interest will be paid semi-annually on December 31 and June 30. At the investor's option, each $2,000 bond is convertible into 50 common shares of the company. Your investigation into similar bond issues showed that had the company issued the debt without the conversion option, the market...
Question 1 1 pts (The following research scenario is the basis for all the questions in...
Question 1 1 pts (The following research scenario is the basis for all the questions in this assignment.) According to a Gallup survey from 2013, Americans sleep an average of 6.8 hours per night. I was curious whether sleep time is significantly different now (2018) compared to 2013. So I measured the sleep of 16 different people over a week, and came up with an average score for each person. I assume that the sleep time among all Americans is...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT