Final Project Milestone One: Draft of Report

To complete this assignment, review the prompt and grading rubric in the Milestone One Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback.

                            ISE 640 Final Project Forensic Notes

Use the information in this document to help you complete your final project. 

Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. 

Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. 

Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. 

The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. 

Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. 

At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. 

The following notes were provided by the Forensic Team: 

Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: 

 Chain of custody document was begun with the sizing of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer.  Hard drive was duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same.  The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file structure.  The hard drive was analyzed using Autopsy and Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. 

Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. 

CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. 

SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. 

EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. 

HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected]. Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. 

SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.

                  ISE 640 Milestone One Guidelines and Rubric 

 Overview: The milestone assignments in this course directly support you in the completion of your final project, a forensic investigative report. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. 

This is Milestone One, a draft of Final Project One: Report. The final product will be submitted in Module Nine. 

Please note that your non-graded investigative journal will be submitted with this milestone to ensure completion. Make sure that you are adding to your investigative journal as you complete each module. 

Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be providing a summary of the scenario from the forensic notes document. You will also be explaining the relevant procedures needed to maintain evidentiary integrity: legal concerns, processes and procedures, and chain of custody. Lastly, you will be explaining details of the investigation, such as resources needed, methods, and findings. Ensure you review the full scenario in the main project document as well as the forensic notes document before drafting your report. 

Specifically, the following critical elements must be addressed: 

I. Executive Summary: Set the stage for your report, providing a brief overview of the situation and the stakeholders who are involved. 

II. Legal Concerns: Describe the problem(s) and objectives you are working with the company’s attorneys to solve. 

III. Relevant Procedures: In this section, you will outline the steps that (hypothetically) you will have to take prior to or as you investigate in order to maintain evidentiary integrity. Use your experiences from other situations you are engaging in within the lab environment to inform your responses. 

  A. Processes and Procedures: Describe processes or procedures necessary for handling a criminal situation by an internal employee. 

  B. Chain of Custody: Explain how to maintain the chain of custody as you investigate the various aspects of the incident. Support your response with specific examples. 

IV. Details of Investigation: Based on your experiences in the labs, there will be specific resources, methods, and tools necessary to support the investigation in the scenario.  

   A. Resources Needs: Explain what resources (team knowledge, skills, and abilities) are necessary for gathering the evidence for this forensic investigation. Provide examples based on your experiences from the labs. 

   B. Methods: Describe the specific forensic method or approach you used to effectively leverage your available resources. 

   C. Findings: Describe the specific findings and the forensic tactics and technologies you employed to reach them. 

V. Investigative Journal Notes: Submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. 

                                        Rubric 

 Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 4 to 5 double-spaced pages using 12-point Times New Roman font and one-inch margins. You should use current APA style guidelines for your citations and reference list. Be sure to attach both Milestone One and investigative journal files. 

DATA REPRESENTATION

(1). FORENSIC DESIGN ASSESSMENTS

This task relates to a sequence of assessments that will be repeated across Chapters 6, 7, 8, 9 and 10. Select any example of a visualisation or infographic, maybe your own work or that of others. The task is to undertake a deep, detailed ‘forensic’ like assessment of the design choices made across each of the five layers of the chosen visualisation’s anatomy. In each case your assessment is only concerned with one design layer at a time.

For this task, take a close look at the data representation choices:

1. Start by identifying all the charts and their types
2. How suitable do you think the chart type choice(s) are to display the data? If they are not, what do you think they should have been?
3. Are the marks and, especially, the attributes appropriately assigned and accurately portrayed?
4. Go through the set of ‘Influencing factors’ from the latter section of the book’s chapter to help shape your assessment and to possibly inform how you might tackle this design layer differently
5. Are there any data values/statistics presented in table/raw form that maybe could have benefited from a more visual representation?

(2). CHART VOCABULARY: CAPABILITIES

Evaluate your ability to potentially create as many as possible of the chart types presented in the Chapter 6 chart gallery. Go through each chart assigning a score based on the points system (0, 1, 2, 3) described in the ‘Influencing factors’ section at the end of the chapter.

(3). CHART VOCABULARY: THINKING

Building on your data familiarisation and editorial thinking work over the past two chapters, pick one of the subjects you have been looking at and follow one of three different data representation task tracks, referring to the book’s chart type gallery in each case:

1. Identify a chart type that could be used to display the different editorial perspectives you identified in your brainstorming activity of chapter 4
2. Identify as many chart types as possible that could show something interesting about the subject in general, though maybe not confined to the data you have been looking at
3. Force yourself to identify at least 2 chart types from each of the 5 classifying chart families (CHRTS) that could portray different interesting editorial perspectives about this subject, starting with the data you have and then considering what additional data you would need to fulfil this activity

 Health Informatics: Assignment Week 2

Student PowerPoint Presentation: Chapter 3 and 4

Objectives: The presentation assignment has several goals. It requires students to apply concepts from Medisoft and scheduling. Medisoft Clinical is a practice management and electronic health record program for physician practices, a skill they will be using as Healthcare Administrator.

Format and Guidelines: The student will create a Power Point Presentation from Chapter 3 and 4 of the Textbook and the Article related to Week 2 (Choose your desire topic form these chapters). The Presentation should have a minimum of 12 slides, including Title Page, Introduction, Conclusion, and References. 

The student must use other textbooks, research papers, and articles as references (minimum 3).

EACH PAPER SHOULD INCLUDE THE FOLLOWING:

1. Title Page: Topic Name, Student Name

2. Introduction: Provide a brief synopsis of the meaning (not a description) of the topic you choose, in your own words

3. Content Body: Progress your theme, provide Material, illustrations and  Diagram to explain, describe and clarify the Topic you choose.

4. Conclusion: Briefly summarize your thoughts & conclusion to your critique of the articles and Chapter you read. 

5. References: The student must use other textbooks, research papers, and articles as references (minimum 3).

ASSIGNMENT DUE DATE:

The assignment is to be electronically posted no later than noon on Saturday, July 06, 2019

1. From our Chapter 9; – Records Management (RM) is a key impact area of IG – so much that in the RM space, IG is often thought of as synonymous with or a single superset of RM.  From that perspective, the International Organization for Standardization (ISO) defined business records as……………………………………….?A.A.   information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction in the form of records

   B.Both A and BC.A
   A.information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations
   D.A. information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction in the form of Files

    

1 points   

QUESTION 2

1. Legal functions are the most important area of IG impact.  Under the FRCP amendments, corporations must proactively manage the e-discovery process to avoid what?A.All of the aboveB.Sanctions,

   C.unfavorable rulingsD.a loss of public trust

1 points   

QUESTION 3

1. TRUE or FALSE: According to the Intersection of IG and E-Discovery, the Legal Hold Process is NOT a foundational element of Information Governance (IG). True
    False

1 points   

QUESTION 4

1. According to the best business practices associated with and approved by IG Subject Matter experts, there are three (3) key Event-Based prerequisites that must be completed before an event-based disposition can be implemented.  These prerequisites are?A.A clear start date is a required, Retention periods must be segmented into active and inactive, Clarify trigger events

   B.Clarify trigger events, an aautomated capture of agreed-on trigger events must be performed and sent to the ERM, The ERM Systems must have complete retention and disposition capabilities

   C.The ERM Systems must have complete retention and disposition capabilities, A clear start date is a required, Clarify trigger events

   D.None of the above

    

1 points   

QUESTION 5

1. Which one of the following is TRUE about the IG Reference Model?A.Linking duty + value to information asset = efficient, effective management

   B.Linking duty + value to information asset = Unified governance, effective management

   C.All of the above

   D.Linking duty + policy integration = efficient, effective management

1 points   

QUESTION 6

1. According to recent surveys regarding Big Data and its impacts, approximately 25………………. percent of information stored in organizations has real business value, while 5……………. percent must be kept as business records and about 1…………… percent is retained due to a litigation hold.A.           25, 5, 2

   B.        25, 5, 1

   C.      1, 5, 25

   D.None of the above

    

1 points   

QUESTION 7

1. TRUE or FALSE: Good data governance ensures that downstream negative effects of poor data are avoided and that subsequent reports, analyses, and conclusions are based on reliable, and trusted data. True
    False

1 points   

QUESTION 8

1. What is the ITIL?A.All of the above. B.A group of metrics that govern the program

   C.Focuses on value deliveryD.A set of process-oriented best practices

    

1 points   

QUESTION 9

1. The ………………………….is a visual planning tool created by EDRM.net to assist in identifying and clarifying the stages of the e-discovery process?A.None of the above

   B.Information Management Protocol

   C.Guidelines for E-Discovery Planning

   D.E-Discovery Reference Model

    

1 points   

QUESTION 10

1. Principles of IG are on the evolutionary edge, and therefore, most successful IG programs have been characterized by ten key principles which have become the ………………………………………and should be designed into the IG approach.A.Basic foundation

   B.Both A and B

   C.basis for best practices

   D.Design

    

1 points   

QUESTION 11

1. What’s the fundamental function of the GAR Principle?

   A.None of the above

   B.Foster awareness of good record-keeping practices, and provides associated metrics to provide an IG framework to support continuous improvement

   C.Generally Accepted Recordkeeping principles is used to measure program profits

   D.To deploy Gastric Analysis Revenue

    

1 points   

QUESTION 12

1. Predictive coding software leverages ……………………….. when experts review a subset of documents to teach the software what to look for, so it can apply this logic to the full set of …………………….?A.Human analysis, documentsB.Human Intelligence, documentsC.Pattern search, intelligenceD.Human analysis, pages

1 points   

QUESTION 13

1. The implementation of an LHN program attacks some of the low-hanging fruit within an or an organization’s overall IG position. This part of the e-discovery life-cycle must not be outsourced.  Why is this the case?A.Retained counsel provides input, but the mechanics of the LHN must be managed and owned by the internal corporate resources

   B.Both A and CC.No internal ownership is required by the counsel’s engagement in this situation

   D.Retained counsel does not provide input or the mechanics of the LHN don’t need to manage and owned by the internal corporate resources

    

1 points   

QUESTION 14

1. Risk Profile creation is a basic building block in the Enterprise Risk Management to assist executives to understand the risks associated with?A.Stated Business Goals

   B.Stated Business Agreements

   C.Stated Business Objectives

   D.Both A, B, and C

    

1 points   

QUESTION 15

1. TRUE or FALSE: Clean, build and maintain, and monetize are the 3 phases in the Yard’s rebirth True
    False

1 points   

QUESTION 16

1. Principles of IG are on the evolutionary edge, and therefore, most successful IG programs have been characterized by …………………………… key principles which have become the basis for best practices and should be designed into the IG approach.

   A.ElevenB.FiveC.None of the aboveD.Ten

1 points   

QUESTION 17

1. Creating a …………………… is a basic building block in an ………………… that assists business executives understand the risks associated with stated business objectives.A.All of the above

   B.Risk Profile, Framework

   C.ISO 9000, Heatmap

   D.Risk profile, Enterprise Risk Management

    

1 points   

QUESTION 18

1. The principles of successful IG programs are emerging, and they include executive sponsorship, and………………, ………………, ………………, ……………, ……………, …………, …………, ………………, and ……………?A.Information classification, integrity, security, accessibility, control, monitoring, auditing, policy development, and continuous metrics

   B.A and BC.Information classification, integrity, security, accessibility, control, monitoring, auditing, policy development, and continuous improvement

   D.Information classification, integrity, security, personally identifiable information, control, monitoring, auditing, policy development, and continuous improvement

    

1 points   

QUESTION 19

1. ……….is a process-based IT governance framework that represents a consensus of experts worldwide.

   A.CobiTB.CobiTLC.All of the aboveD.CobiTX

1 points   

QUESTION 20

1. IG is sort of a super discipline that encompasses a variety of key concepts from a variety of ………………………………?

   A.Related and overlapping disciplinesB.All of the above.C.Isolated discipline but comprehensiveD.Never overlapping disciplines

1 points   

QUESTION 21

1. One of the ten IG principles is a Continuous improvement. What is the importance of this principle to the organization program?

   A.Document management and report management software must be deployed for control

   B.Ensure guidelines and policies are being followed to measure employee compliance

   C.Provide periodic program review and necessary adjustment against gaps and or shortcomings

   D.None of the above

1 points   

QUESTION 22

1. Generally Accepted Recordkeeping Principles are sometimes known as the ………………………..?A.The GAR Principles

   B.None of the above

   C.The ARMA Principles

   D.The IG Principles

    

1 points   

QUESTION 23

1. What is ISO 38500? ……………………………………. that provides high-level principles and guidance for senior decision-makers

   A.International Organization Law

   B.International standardC.A.  International Metric

   D.European and American Standard Procedure

    

1 points   

QUESTION 24

1. TRUE or FALSE: Unknown or useless data, such as old log files that take up space and continues to grow and requires regular clean-up is sometimes known as dark data True
    False

1 points   

QUESTION 25

1. TRUE or FALSE: Clean, build and maintain, Survey and monetize are the 3 phases in the Yard’s rebirth.

    True
    False

• Prompt
  For this assignment, you’re going to make additional enhancements to your website. As we have learned, generating traffic to your website is important in helping to drive users and generate advertising revenue.
  Assignment Instructions:
  Create two additional pages for your website. This should result in a homepage, with three additional pages. One, contact.html, you created earlier in this module. Add two other pages. Suggestions might include menu.html, history.html, owners.html, descriptionofdish.html, etc. Basically, you can select the two additional pages to complete your website. Include the requirements on these two pages to comply with the requirements of the first two pages you created.
  Submission Requirements: Using what you have learned this week, add an advertisement to your website. The advertisement should be placed on the home page of your website and should not be distracting to your users. The advertisement should be for a product that is consistent with the overall design and theme of your website.
• Submit all the HTML, CSS, JavaScript and image files as a compressed (.zip) file.
• Resources and References

4 easy ways to get advertisers on your website – Entrepreneur web site (n.d.).  Retrieved from https://www.entrepreneur.com/article/159412 (Links to an external site.)

10 ways to drive traffic to your website – Thrive Hive web site (n.d.). Retrieved from https://thrivehive.com/ways-to-drive-traffic-to-your-website/ (Links to an external site.)

Ad placement and how to create it – AdSense Help web site (n.d.). Retrieved from https://support.google.com/adsense/answer/160534?hl=en (Links to an external site.)

How to add Google Ads to your website – InformationWeek web site (n.d.). Retrieved from https://www.informationweek.com/enterprise/how-to-add-google-ads-to-your-website/d/d-id/1099927 (Links to an external site.)

Januska, Jan. SEO sitemap best practices in 2019 + cheat sheet (2018, March 12). Retrieved from https://blog.spotibo.com/sitemap-guide/ (Links to an external site.)

Patel, Neil. How to get traffic to your website: Neil Patel’s ultimate guide (2018, July 24). Retrieved from https://www.crazyegg.com/blog/how-get-traffic-website/ (Links to an external site.)

Scholz, Jes. How to use XML sitemaps to boost SEO (2018, August 29). Retrieved from https://www.searchenginejournal.com/xml-sitemaps-seo/266907/#section2 (Links to an external site.)