Student will be provided with the Firestarter.dd file.
1. An insurance company has asked your computer forensics firm to review a case for an arson investigation. The suspected arsonist has already been arrested. During the raid, a desktop computer was seized. The computer was running at the time of the raid, and Mr. Kasey was using the computer at that time. A forensic image of Mr. Kasey’s hard drive is provided (the Firestarter.dd file). Your boss have asked you examine the provided forensic image and to create a list of search terms that apply to the case, such as explosives, bombs, and fires to be used for evidence that could link him to acts of arson.
Task 1: Run the search in your preferred computer forensics tool and take screenshots as evidence of any findings.
2. Continue your analysis of the image file for your investigation of the arson running case against Mr. Kasey. Determine whether any incriminating images are contained in the evidence.
— Write a one-two page report on any relevant findings and your recommendation:
Task 2: Report must include the location of the file when you document any images you deem as evidentiary value.
Task 3: Report must include your concluding statements and recommendations.
3. You’re investigating a case involving an employee who’s allegedly sending inappropriate photos via e-mail in attachments that have been compressed with a zip utility. As you examine the employee’s hard disk, you find a file named Orkty.zip, which you suspect is a graphics file. When you try to open the file in an image viewer, a message is displayed indicating that the file is corrupt.
Task 4: Write a one page report explaining how to recover Orkty.zip for further investigation