I performed a hands-on investigation by using forensic imaging and other forensic tools on multiple suspects’ hard drives and memory images to document and create a full in-depth 73-page Chain of Custody Report and an Evidence Intake Form in the role of a Digital Forensic Examiner to discover evidence and document the timeline of events in our evidence collection process, for a drug possession and drug trafficking operation case. Performed the four steps of collection, examination, analysis, and reporting in digital forensics.
This Forensic Evidence Report contains a table of contents, summary, hashes of original evidence, malware analysis, a timeline of documented forensic evidence, and contact lists discovered during the investigation (names, emails, phone numbers, addresses). Encrypted document artifacts showing logs, books, business plans, suspect's email, browser history, and images found on hard drives showing shipping labels, drugs, money, plane tickets, personal life memories, and cracked passwords.
This case contained three main suspects, however, we also discovered a fourth suspect by using digital forensics. In this project, two other students and I utilized MD5 Checker to verify the integrity of the drives and memory images before using FTK Imager to create a copy of the drives. Used Autopsy to search through three malicious computer hard drives/memory images in a virtual environment. We searched through emails, browser history, messaging apps, and documents, and utilized QuickStego to discover hidden messages embedded within images. When we completed the report, I wrote an Evidence Disposition and Forensic Examiner’s Conclusion to include at the end.
Steganography · MD5 · Autopsy · FTK Imager · Chain of Custody · SHA1 · VMware
