INFO 373 – Digital Forensics – Final Examination
Please address the following two questions and submit to Blackboard no later than 11:59pm on Friday, September 1st.
1) You are the chief research officer of an incident response and forensic investigation firm. You are developing a brief overview of what individuals new to the firm should understand in regard to the field and the different types of investigations that they may encounter. These different types of investigation include: 1) law enforcement assistance 2) forensic assistance to corporate CIRTs and 3) disaster recovery.
In 750-1000 words please:
· Detail a plan for implementing a computer investigation/forensic recovery for each of the three scenarios identified above. You may write-up one plan and discuss the similarities and differences for each of the different scenarios.
· Analyze issues related to data acquisition that take into account different legal and ethical issues for the scenarios.
· Address the differing requirements for tools based on each scenario.
2) I have uploaded a number of whitepapers that discuss specific APT campaigns to the week 10 Blackboard folder, (“APT Campaigns”). Please choose one of these whitepapers and in approximately 500 words address the following questions.
· Why did you choose the APT that you did?
· How was digital forensics used to understand the APT?
· What role did online-based or collaborative information sharing play in uncovering details about the APT?
· What would you have done differently given the data they provided by the firm? In other words, what gaps in analysis can you identify in their analysis.