CS 340/440 Final Exam Report
Instructions: For the Final Exam Report, you will be doing a simple forensic investigation of a hard drive image. In the scenario below you are asked to answer certain questions through examination of this system.
This part of the exam is worth 60 points (3 points per question, 3 points for any grammar or spelling errors per question).
You will submit a forensic report that includes the answer to the questions, along with supporting evidence to show how you got the answers. Keep in mind the answer to a question might be that there is no evidence of something actually occurring (because it didn’t), so if you can’t find evidence that something did happen, then that’s your answer (and how you confirmed it). This is designed to test your investigation skills, applying the lab/homework assignments we’ve done over the semester, and the reading you’ve been assigned. Remember the way to answer a question may come from your reading assignments, not necessarily something I covered in a lecture.
Since this will be similar to an “official” report, make sure you include things like:
· Software used and versions
· Any testing you did to confirm your findings
Ground Rules:
1) Your final report is to be submitted to me electronically by 12/16/2022 at 6:00pm Central. NO EXCEPTIONS.
2) Make sure your name is on EVERY page of the report. Put it in the header or footer.
3) You are allowed to ask for help from your fellow classmates or work in groups.
4) You are allowed to search for information online to help you answer the questions.
5) You are NOT allowed to ask for help from anyone outside of your classmates in the Fall 2022 CS340/440 class.
6) You must submit your own individual report. I don’t want to receive 20+ copies of the same report.
7) I will take off points for spelling/grammatical errors!
8) You may use any forensic software tool to find the answers. Not just the tools on your Windows 10 VM.
9) You can copy the hard drive image to another machine. You do not have to do the examination on the Lab VM’s. OneDrive folder with the image can be found here:
10) You must submit your report via Sakai in the Assignments section. If your file is too large for Sakai you can either email it to me, or send me a link to where I can download it.
11) DO NOT SIMPLY SUBMIT A DOCUMENT WITH THE QUESTIONS AND THE ANSWERS. You will lose 30 points right off the bat for doing that.
12) You do not HAVE to use all the sections of a report we discussed in class. Use whatever headings are appropriate for your report.
Take advantage of the SANS DFIR Posters under Resources (Week Fifteen) for locations of different artifacts in Windows.
Scenario: On December 16th, 2022 you were contracted to perform a forensic analysis for Dewey, Cheatum, and Howe, LLP. The CEO of Kidco, William L. Howard has been compromised by an unknown individual. He believes it began sometime around November 19th, 2021. Mr. Howard is concerned that company information has been stolen off of his computer. He recalls receiving an email with an attachment that would not open prior to the 19th, but he’s not sure on the exact date.
Kidco had another security incident in 2020, but that was handled by another firm. As part of the company’s security improvements from that incident, they started testing an open source program called Velociraptor to monitor their workstations and servers. However the software has not been fully implemented yet and was unavailable for this current incident.
A third party forensic firm, Grouppunch, was brought in to image the hard drive of Mr. Howard’s computer. A copy of that image has been provided for your investigation.


(USA, AUS, UK & CA PhD. Writers)


The Best Custom Essay Writing Service

About Our Service

We are an online academic writing company that connects talented freelance writers with students in need of their services. Unlike other writing companies, our team is made up of native English speakers from countries such as the USA, UK, Canada, Australia, Ireland, and New Zealand.

Qualified Writers

Our Guarantees: