Include the background of the case, search warrant authorization, where, when, and how the evidence was found, type of evidence, how/where evidence was obtained, how/when/who created image and how you obtained it
Evidence Analyzed
Give details about the evidence – i.e. what type of evidence are you examining? Give an explanation of how the evidence was acquired and steps taken. Hint: You were given the image file, who created this, how did you obtain this?
Verification of Evidence Integrity
Explain the hash process, and what tools were used. Explain what a hash is and why it is important. Show the hash value given with the evidence and compare it to the hash value you calculated with the image verification. Hint: You were given an image file, do not create an image of the image, just verify it.
Forensic Tools
Explain what tools and systems you are using to conduct the analysis, include versions of the tools and additional information about the tools or any details to give credibility.
Overview
Give an overview explaining your approach to the forensic investigation and analysis of the evidence.
Give an overview of the structure of the drive, number of files, folders and folder organization, etc.
Documents
Explain the steps you have taken to get here
Explain relevance and other details
Evidence File Name #1
Give all of the details about this evidence item in a way a non-technical person would understand
Explain exactly HOW you found it using the tools (not just “I found this using FTK”)
Give the file path (full file path from the root of the EVIDENCE drive, not of your image you are working off)
Explain information about the file properties, metadata, and any relevant technical information, including the file type. Is it a file or a deleted file? How can you tell? How can you recover this if it’s “deleted”?
Last Completed Projects
| topic title | academic level | Writer | delivered |
|---|
