JONES&BARTLETT LEARNING Project: Forensic Investigation Scenari D&B is conducting a very large electronic discovery (eDiscovery) investigation for a major client. This case is so large that dozens of investigators and analysts are working on specific portions of the evidence in parallel to save time and improve efficiency. Since this is the first time you will be working on this type of investigation for D&B, your manager gives you a Test (a sample email archive) so she can assess whether you need additional training before you begin working with the rest of the team on the eDiscovery case. Your manager tells you that this archive was extracted from a hard drive image marked "suspect, but at present nothing more is known about the user. She expects you to examine the archive and document all findings that might be of interest toa forensic investigator. She explains that she will use your report to evaluate your investigation skills, logic and reasoning abilities, and reporting methods. Tasks Review the information about email forensics and Paraben P2 Commander E-mail Examiner . (EMX) in the chapter titied "Email Forensics" in the course textbook .Using P2 Commander E-mail Examiner, create a case file, select Add Evidence, and import the email archive (filename: Outlook.pst). P2 Commander will automatically begin sorting and indexing if you choose that option. .Search for information about the user, your goal is to learn as much as possible about who the user is and what he or she has been doing. You may find evidence in the inbox or other mailboxes. You can use E-mail Examiner features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting attachments. Write a report in which you: Document your invesigation methods. Document your findings. Explain what you found that may be of interest to a forensic investigator, and provide your rationale for including each selection. o o Required Resources .Course textbook -Outlook.pst file (email archive) * Intemet access JONES&BARTLETT LEARNING Project: Forensic Investigation Scenari D&B is conducting a very large electronic discovery (eDiscovery) investigation for a major client. This case is so large that dozens of investigators and analysts are working on specific portions of the evidence in parallel to save time and improve efficiency. Since this is the first time you will be working on this type of investigation for D&B, your manager gives you a Test (a sample email archive) so she can assess whether you need additional training before you begin working with the rest of the team on the eDiscovery case. Your manager tells you that this archive was extracted from a hard drive image marked "suspect, but at present nothing more is known about the user. She expects you to examine the archive and document all findings that might be of interest toa forensic investigator. She explains that she will use your report to evaluate your investigation skills, logic and reasoning abilities, and reporting methods. Tasks Review the information about email forensics and Paraben P2 Commander E-mail Examiner . (EMX) in the chapter titied "Email Forensics" in the course textbook .Using P2 Commander E-mail Examiner, create a case file, select Add Evidence, and import the email archive (filename: Outlook.pst). P2 Commander will automatically begin sorting and indexing if you choose that option. .Search for information about the user, your goal is to learn as much as possible about who the user is and what he or she has been doing. You may find evidence in the inbox or other mailboxes. You can use E-mail Examiner features to help you keep track of the evidence you identify, for instance, by bookmarking sections of interest and exporting attachments. Write a report in which you: Document your invesigation methods. Document your findings. Explain what you found that may be of interest to a forensic investigator, and provide your rationale for including each selection. o o Required Resources .Course textbook -Outlook.pst file (email archive) * Intemet access