Part 3: Examining the Mac OS X Scenario’s Evidence
D&B Investigations was recruited two weeks ago to handle an incident response for significant oil business in North Dakota.
The senior management of the company had cause to believe that one or more workers were attempting to engage in corporate espionage.
The incident response team arrived on the scene, started keeping an eye on the network, and isolated a number of suspects.
On the suspects’ computers, they took forensic pictures. Your team leader has now requested that you review a forensic image that was taken from a suspect’s Mac OS X-powered computer.
The suspect, John Smith, works as a research engineer for the business.
Review the details on the Mac OS X file structure that are offered in the course textbook’s “Macintosh Forensics” chapter.
Create a case file in Paraben P2 Commander and include the photo the incident response team took (filename: Mac OS JSmith.img).
Sort and go through each directory in the Mac OS X image. Identify any proof or clues that John Smith was or was not engaging in business espionage.
Both direct evidence that John Smith stole corporate property and indirect evidence or indicators regarding the suspect’s identity and conduct while on the clock may be included in this.
By bookmarking pages of interest and exporting files, for example, you can use the software’s functions to keep track of the evidence you find.
Compose a report in which you
Keep a record of your research techniques.
Record your discoveries. Describe what you discovered that might be pertinent to the case and give an explanation for each thing you chose to use as a sign or piece of evidence indicating John Smith was or was not engaging in corporate espionage.
Consider the probable effects of these discoveries on the business and a legal case.
Resources needed include the course text.
Apple Mac JSmith.img
Microsoft Word format (or compatible)
12-point, double-space, Arial font
Citation Style: Adhere to your institution’s recommended style manual
2 to 4 pages long
Self-Assessment Checklist I used the right techniques for gathering and managing the evidence.
I successfully located and evaluated data that is pertinent to the investigation.
I investigated the scenario’s commercial implications.
I looked at any legal implications the situation might have.
I produced a polished, well-developed report that adhered to all grammatical, punctuational, and spelling rules.