Posted: Sat Sep 12, 2015 6:14 am Post subject: Need help with this Case
Hello all! I am doing this case project for my CMNW 121 class and I am stuck at this part. This case says that a bank has hired my private firm to investigate employee fraud, the bank uses four 20 TB machines on a LAN and I am permitted to talk to the Network Administrator who is familiar with where the data is stored. What diplomatic strategies should I use? Which acquisition method should I use? I was personally thinking about using ProDiscover Basic as my tool (since at least 1 tool is required) but I am not yet sure how to go about this case yet. I figured I would ask here before I made a mistake. Thanks in advance!
Do you believe the Network Admin to be a subject of the investigation? That would be a determining factor in how you treat them.
Which acquisition method should I use?
Are all the computers at a single location? What state are the computers in (on/off)? Do you believe a live acquisition will be beneficial? There are a lot of questions to consider.
I was personally thinking about using ProDiscover Basic as my tool (since at least 1 tool is required) but I am not yet sure how to go about this case yet.
What tool or tools are you proficient using? If you said you wanted to setup EnCase Enterprise and image the computers over the network but you had never used it, or you were going to setup a server with network shares and boot from a Linux environment but are not comfortable at the command line, I would ask why you are choosing those tools. The best tool is the human running the tool.
You have a lot of questions to ask yourself before proceeding.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum