Need help with this Case


Contribute to the community and build up your resume

Contribute to this forum by helping to moderate and answer questions.

If interested, please contact us at forum@ComputerForensicsWorld.com


iSlayerdx

New Member
Sep 4, 2015
6
0
#1
Hello all! I am doing this case project for my CMNW 121 class and I am stuck at this part. This case says that a bank has hired my private firm to investigate employee fraud, the bank uses four 20 TB machines on a LAN and I am permitted to talk to the Network Administrator who is familiar with where the data is stored. What diplomatic strategies should I use? Which acquisition method should I use? I was personally thinking about using ProDiscover Basic as my tool (since at least 1 tool is required) but I am not yet sure how to go about this case yet. I figured I would ask here before I made a mistake. Thanks in advance!
 
Dec 31, 2006
3,405
0
#2
What diplomatic strategies should I use?
Do you believe the Network Admin to be a subject of the investigation? That would be a determining factor in how you treat them.
Which acquisition method should I use?
Are all the computers at a single location? What state are the computers in (on/off)? Do you believe a live acquisition will be beneficial? There are a lot of questions to consider.
I was personally thinking about using ProDiscover Basic as my tool (since at least 1 tool is required) but I am not yet sure how to go about this case yet.
What tool or tools are you proficient using? If you said you wanted to setup EnCase Enterprise and image the computers over the network but you had never used it, or you were going to setup a server with network shares and boot from a Linux environment but are not comfortable at the command line, I would ask why you are choosing those tools. The best tool is the human running the tool.

You have a lot of questions to ask yourself before proceeding.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu