BIT362 Digital Forensics:The Case of M57 Jean Scenario



The purpose of this report is investigating the case of M57 jean scenario. It is actually a single disk image scenario which involves the exfiltration of corporate type of documents from the laptops of some senior executive. A small start up company, is involved in the scenario, called M57,Biz.  A few weeks in to the inception of the confidential spread sheet which can contain the salaries and names of the key employees of the companies has been found posted to the comments section of some another company which is the competitor of this company. As the spread sheet is existed only on one of officers of M57. Autopsy tool will be used for the investigation.


The digital forensics is actually a branch of forensic which involves the investigation and recovery of material which can be found in the digital devices for the incident of occurrence of digital forensics. The digital forensic is having the involvement of examination of the digital media files which are stored in the hard drives for the purpose of investigation. The data analysis can investigate the patterns of the fraudulent actions by utilizing the final data. The analysis and preservation is needed for the tasks related to investigation process.

The acquired disk image will be investigated as well as analysed in this paper. Just like the other evidences the digital evidences also can come across some of the difficulties. With the help of acquiring data, it can be figured out that who has committed or who is responsible for the crime. With the help of data acquisition the investigators can try to recover all of the possible files which are deleted, hidden or password protected as they are the crucial information for the case of M57 Jean. With the help of data acquisition method the areas will be looking at the evidences which are existed on the hard drive, swap or temporary files, page files as well as unallocated spaces. At the time of collecting evidences there are no changes or modifications for the evidences which must be made or the evidence will be considered as inadmissible.

For the investigation Autopsy tool will be used. The forensic investigation has been conducted with the help of Autopsy tool. The recovery and acquisition of data is included with digital forensics from the devices such as computer PCs, hard drives, mobile phones which are having the ability to store any type of data. The autopsy tool can be used by the law enforcements as well as by various agencies and organisations when ever forensic investigation is needed. The autopsy tool is actually the GUI based version of one of the popular most digital forensic tool called Sleuth Kit Autopsy. The tool is utilized for retrieving the evidences from the physical drive.

Creating new case:


The data preservation technique has been used. Whenever the proper warrant will be issues then the ability of protecting data from the systems which are recovered must need to be protected as well as unaltered in any of the ways. The digital forensic investigators will need to the pay close attention for the steps for avoiding Murphys’ Law. For avoinding the mishap at the point, an exact copy of the original file should be created for preserving the best evidences. One of the effective most way for take back up is utilization of the bit stream image back ups.

The method can preserve as well as copy the all of the data which are enclosed to the logical drive, partitions as well as physical drives which is existed in the hard drive. Another idea of thinking about the at the time of preservation of the digital evidences is where it will be needed to be saved as well as it is having dependencies on the investigator as well as the for the organisation for which they are working.


