Computer Forensics The issue at hand involves the examination of a scene from an office space within Widget Corporation. We find that this is the assigned office for a Mr. Didit. The information we have at hand is digital -- a photograph taken from an approximate distance of 3 feet from the occupant's desk. Using the photograph, we find that there are a number of electronic and non-electronic devices and our initial inspection finds an inventory made up of computers, keyboards, monitors, hard drives, a mouse, a digital box or receiver, a usb drive, a backup hard drive, cords and various office supplies and personal items (National Institute of Justice, 2008)

Our very preliminary analysis of the material shows that:1. Types of computer equipment

Telephone

Personal Items

Office Supplies

Schedules or Instructions

Disks, external and internal storage

Potential Digital Evidence

The best way to establish a complete inventory of the items in question is to use a gridding technique, with the X-axis representing a series of letters and the y-axis a series of numbers. In this way, one can systematically move through the evidence without missing any details. Of course, some items (like desks) take up multiple areas, and thus may confirm to many parts of the grid. As an example, if we take the photograph given and apply a grid to it, we find:1

2

3

4

5

6

7

8

9

ABCDEFGHIJ

We can then simply make a simple model to ensure that we cover all aspects of the gridded material, A-J and 1-9 (Krotski, 2011).

Listing of the Evidence

Significance

Preservation and Storage

Black or dark wood desk, left side

Office furniture, but has unopened cabinets

Contents of drawers examined piece-by-piece and logged, desk photographed, wrapped in plastic and stored in warehouse.

Computer disk or DVD

Data may be on disks

Data examined, noted and stored electronically. Material swept for trace and fingerprints and stored in evidence bag.

Coffee cup

Fingerprints potential

Fingerprints processed, contents processed in lab, material placed in evidence bag and stored in warehouse.

Hard drive

Data may be on Disk

Data examined, noted and stored electronically. Material swept for trace and fingerprints and stored in evidence bag.

Paper clips, colored

Office supplies, likely little overt significance

Bagged in evidence bag.

Desk pad

Office supplies, likely little overt significance

Bagged in evidence bag.

Collateral or instructions on paper

Information content needs to be examined.

Bagged in evidence bag .Information or data analyzed and noted

Various office supplies

Office supplies, likely little overt significance

Bagged in evidence bag.

Plastic case, contents unknown

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

CD or DVD Cover

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Multiline telephone, black with white cord

Office supplies, likely little overt significance

Bagged in evidence bag.

Desk cam or external hard drive (Grey)

Office supplies, likely little overt significance

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Clear plastic cup with tools or writing utensils (Pens, screwdriver, highlight marker)

Information content needs to be examined. Other tools may be included.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Container with the words "Fab" might be fabric softener

Manufacturer and usage needs to be examined

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

2 monitors, appear 20-23" side each

Office supplies, likely little overt significance

Fingerprints, note anything missing or out of order.

Unplugged USB cable

Why unplugged and from what

Cables bagged and tagged.

Monitor stand with 2 cords trailing on right side

Office supplies, likely little overt significance

Monitor stand bagged and tagged.

Yellow Sticky note attached to L. monitor

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Opened computer disk or DVD disk

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Advertising or collateral material (yellow)

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Steno Pad, white with black pen on left

Information content needs to be examined. (e.g. what else is on pad)

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Various papers including green card

Information content needs to be examined.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Microphone or potential external electronic device (center of monitors)

Identify and examine for info.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Computer keyboard

Wear pattern or unusual issues

Fingerprints, bagged and tagged.

Bagged in evidence bag. Analyzed depending on logo or info.
Black electronic device, might be control board for electronics or external hard drive

Identify and examine for info.

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

3 unplugged audio plugs / cords

Electronic equipment, but why unplugged, is device missing

Bagged in evidence bag.

1 unplugged black USB memory stick

Data and why unplugged

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Keyboard tray with various incidental supplies in pull out drawer

Contents need to be identified

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Grey computer desk

Office supplies, likely little overt significance

Photographed, any hidden or objects not identified visually bagged and tagged.

1 electronic device, appears to be back up power supply (left under grey desk)

Log of power or what is unplugged?

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

2 Desktop computers, one black, one silver

Data and usage content might be quite important

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Instruction collateral, appears to be from dual monitor stand

Information or notes may be on material

Data analyzed and noted. Bagged in evidence bag. Analyzed depending on logo or info.

Various computer cables and cords

Why unplugged, what are the devices?

Bagged in evidence bag. Analyzed depending on logo or info.

White computer mouse

Fingerprints or potential hiding place inside of mouse

Bagged in evidence bag. Analyzed depending on logo or info.

Black mouse pad

Logo might establish pattern of behavior.

Bagged in evidence bag. Analyzed depending on logo or info.

Potential Non-Digital Evidence

Potential Non-Digital Evidence

Significance

Contents of black desk draws, 2 on left side of desk

Information, files that are pertinent, work and non-work product

Information on electronic devices: data from potential external hard drive, computer disks, usb memory sticks, two computers

Information and data analysis could lead to significant clues in the case surrounding the work habits, personal habits and information exchange from the employee and/or others in the office. This might establish a pattern of behavior, ancillary devices and locations, friends or colleagues, vices, areas of frequency, etc.

Information from collateral, sticky notes, note pads, papers

Information and data analysis could lead to significant clues in the case surrounding the work habits, personal habits and information exchange from the employee and/or others in the office. This might establish a pattern of behavior, ancillary devices and locations, friends or colleagues, vices, areas of frequency, etc.

Logos from mouse pad, bottles

Information and data analysis could lead to significant clues in the case surrounding the work habits, personal habits and information exchange from the employee and/or others in the office. This might establish a pattern of behavior, ancillary devices and locations, friends or colleagues, vices, areas of frequency, etc.

Information from potential web cam

Information and data analysis could lead to significant clues in the case surrounding the work habits, personal habits and information exchange from the employee and/or others in the office. This might establish a pattern of behavior, ancillary devices and locations, friends or colleagues, vices, areas of frequency, etc.

Information from unplugged cords

What devices appear to have been unplugged?

Fingerprint information from Mouse, phone, pens, keyboard

May establish who was using devices, frequency of use and potential DNA trace

Forensic Examination and Analysis Tools

1. DNA trace evidence -- Are their biologicals left on the keyboard, saliva in the coffee cup, other evidence of DNA materials. May use Orion-Lite DNA Recovery field Kit, #9064 which includes an LED light for stain detection, swabs and evidence packaging equipment (Evident Crime Scene Products, 2014).

2. Latent Fingerprint Processing Kit -- What fingerprints are on the keyboard, monitors, cups, electronic devices, desks, etc. May use deluxe Fingerprinting kit to include measuring devices, different grades and colors of powers, scales, etc. May use the Charlie Walsh Deluxe Fingerprinting Recovery Kit, #9075 (Evident Crime Scene Products, 2014).

3. Forensics analysis of computer materials often require tools that scans disk images, files and directories that extract information like credit card numbers, domains visited, e-mail addresses, urls and zip files. It is helpful that this data be reviewed through text files, which can be analyzed manually or using other tools. The Bulk Extractor, current version 1.4.1, is able to do a series of forensic analyses on data in hard drives, cell phones, usb memory sticks and computer discs. Materials managed and available through Digital Corp and downloaded at: http://digitalcorpora.org/downloads/bulk_extractor/, Instructions available as well. (Garfinkel, 2012).

Summation of Prepared Court Documents

1. I am a certified forensics examiner for the City of Winslow. My identification is 238723, and I have been with the organization for 10 years.

2. My education includes: xyz university, abc university, over 400 hours in complimentary forensics training courses and I am Board Certified in Forensics analysis. I have taught courses and seminars at over 200…