Read the enclosed case studies below and discuss the following points in each case:

What do you need to ask the police investigator for, and what procedures should you follow?

What additional resources, such as other experts, might you need to collect data for investigation?

Case 1: Example of real-world use of computer forensics and cybercrime

This case study involves one terrorist convicted for the 9/11 attacks on the World Trade Center in New York City.

Background

There are some details of the investigation that students may not have heard, so cover this material as an introduction to forensic investigation techniques and issues.

Digital Evidence

_{Computer from Moussaouis apartment in Norman, Oklahoma}

_{Computer from the University of Oklahoma computer lab}

_{Kinkos computer in Eagan Minnesota used by Moussaoui}

No information obtained from Hotmail email account

Other Kinkos computers connected to other hijackers

Laptop and floppy disk seized by INS

Emails to flight schools

Email account pilotz123@hotmail.com connected

Connected to address in Malaysia

Connected to computer lab at University of Oklahoma

Connected to apartment in Norman, Oklahoma

Connected to Kinkos in Eagan, Minnesota

Standby Counsel Objections

The prosecution failed to provide the defense with evidence from the Hotmail account and computers at Oklahoma University and Kinkos, or the computer at Moussaouis apartment

Methods of authentication of digital evidence questioned

MD5 message digest or SHA-1 verification of hard drives not provided

Defense unable to examine 200 hard drives

University of Oklahoma hard drive contaminated

Evidence connecting xdesetmen@hotmail.com to Moussaoui not provide

Mismatched IP addresses

Slack on the hard drive from apartment not examined

Prosecution Affidavit

Duplication methods used by the FBI

Linux dd

SafeBack

Logicube

NIST does not approve forensic tools, only the results

Internal CRC used by SafeBack and Logicube

Subsequent MD5 hashes matched

Exhibits

Emails

Wire transfers

Receipts

Email Evidence

Moussaouis email to flightsafety.com

Moussaouis email to Pan Am International Flight Academy

Sportys receipt for flight instruction videos

Hotel receipt for a room near flight academy