Question
Read the enclosed case studies below and discuss the following points in each case: What do you need to ask the police investigator for, and
Read the enclosed case studies below and discuss the following points in each case:
What do you need to ask the police investigator for, and what procedures should you follow?
What additional resources, such as other experts, might you need to collect data for investigation?
Case 1: Example of real-world use of computer forensics and cybercrime
This case study involves one terrorist convicted for the 9/11 attacks on the World Trade Center in New York City.
Background
There are some details of the investigation that students may not have heard, so cover this material as an introduction to forensic investigation techniques and issues.
Digital Evidence
Computer from Moussaouis apartment in Norman, Oklahoma
Computer from the University of Oklahoma computer lab
Kinkos computer in Eagan Minnesota used by Moussaoui
No information obtained from Hotmail email account
Other Kinkos computers connected to other hijackers
Laptop and floppy disk seized by INS
Emails to flight schools
Email account pilotz123@hotmail.com connected
Connected to address in Malaysia
Connected to computer lab at University of Oklahoma
Connected to apartment in Norman, Oklahoma
Connected to Kinkos in Eagan, Minnesota
Standby Counsel Objections
The prosecution failed to provide the defense with evidence from the Hotmail account and computers at Oklahoma University and Kinkos, or the computer at Moussaouis apartment
Methods of authentication of digital evidence questioned
MD5 message digest or SHA-1 verification of hard drives not provided
Defense unable to examine 200 hard drives
University of Oklahoma hard drive contaminated
Evidence connecting xdesetmen@hotmail.com to Moussaoui not provide
Mismatched IP addresses
Slack on the hard drive from apartment not examined
Prosecution Affidavit
Duplication methods used by the FBI
Linux dd
SafeBack
Logicube
NIST does not approve forensic tools, only the results
Internal CRC used by SafeBack and Logicube
Subsequent MD5 hashes matched
Exhibits
Emails
Wire transfers
Receipts
Email Evidence
Moussaouis email to flightsafety.com
Moussaouis email to Pan Am International Flight Academy
Sportys receipt for flight instruction videos
Hotel receipt for a room near flight academy
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Mastering PostgreSQL 12 Advanced Techniques To Build And Administer Scalable And Reliable PostgreSQL Database Applications
Authors: Hans-Jurgen Schonig
3rd Edition
1838988823, 978-1838988821
