A Case Study of Digital Forensics Investigation
Dr. Xinli Wang; email@example.com
Each studied tool was examined for search function, special features, organization of data and cost to own it. Autopsy and OS Forensics were comparable to identify indicators of compromise and evidence of illegal activity. FTK Imager was good to image a disk, it was not designed for in-depth examination without previous knowledge of operating system structure. With the consideration of cost, Autopsy was considered as the first-choice forensics tool for this case study because it was free of charge, easy to use, and well organized.
Interesting evidence was recovered through further examination of this disk. Pornography was detected within the web history; however, a final conclusion could not be reached due to the presence of malware and the lack of other corroborating evidence. The results of the timeline analysis, usage of USB devices examination, image investigation and document inspection indicated a high possibility of illegal transfer of proprietary information by the suspect.
Shears, Robert, "A Case Study of Digital Forensics Investigation" (2019). Technical Library. 333.