🐉 neospace ~

📝 Latest Posts

Lab 3 DFEH

Jan 17, 20255 min read

Question 1 - Suspected Communication Between Ringleaders

I. Introduction:

This report outlines the investigative strategy to uncover potential covert communication between two suspected drug ringleaders. The absence of direct communication via conventional channels necessitates the exploration of less obvious methods.

II. Investigative Approach:

Given the lack of direct communication via standard channels, the investigation will focus on identifying indirect forms of communication. The following avenues will be pursued:

A. Pre-Apprehension Investigation:

  1. Digital Footprint Analysis: A comprehensive analysis of both suspects’ online presence will be conducted. This includes:

    • Social Media: Examination of Facebook, Instagram, Twitter, Snapchat, and other platforms for private messages, group chats, shared posts, and connections between the suspects.
    • Publicly Available Data: Review of any public records, online forums, or websites where the suspects might be active.

  2. Telecommunication Records: Legal acquisition of call detail records (CDRs), SMS logs, and data usage records from their respective mobile carriers will be sought to identify any indirect communication patterns (e.g., frequent calls to mutual contacts, unusual data usage spikes at correlated times).

  3. Cloud Storage & Syncing Services: Legal warrants will be sought to access data from cloud storage services (Google Drive, Dropbox, iCloud, etc.) to identify shared files, documents, or photos that might contain coded messages or evidence of communication.

B. Post-Apprehension Investigation:

  1. Mobile Device Forensics: Upon apprehension, both suspects’ smartphones will undergo a thorough forensic examination. This will include:

    • Application Data Extraction: Examination of all installed applications, including popular encrypted messaging apps (WhatsApp, Telegram, Signal) and lesser-known alternatives. Advanced techniques will be employed to overcome encryption where possible.
    • File System Analysis: A complete search of the file system for hidden files, deleted data, and any evidence of data transfer via Bluetooth or NFC.
    • Metadata Analysis: Examination of photo and file metadata for geolocation data, timestamps, and other potentially revealing information.
    • Network Log Analysis: Review of network logs (Wi-Fi and mobile data) to identify any unusual connections or data transfers.
    • Draft Emails and Notes: Search for unsent emails, drafts, notes, or other forms of incomplete communication.

  2. Third-Party Data Acquisition: Legal warrants will be sought to obtain data from relevant third-party service providers, including social media platforms and cloud storage providers.

III. Search for Traces:

The search for communication traces will focus on identifying patterns, inconsistencies, and anomalies in the data acquired. This will require expertise in data analysis and the identification of potential steganography or covert communication techniques.

IV. Data Acquisition:

Data acquisition will be performed in accordance with all applicable laws and regulations, ensuring the chain of custody is maintained throughout the process. Warrants will be sought for all data acquisitions from third parties and suspects’ devices.

V. Conclusion:

This investigation will utilize a multi-faceted approach to identify potential covert communication between the suspected ringleaders. The successful outcome depends on a thorough and meticulous examination of both digital and traditional communication channels.

Question 2

  • Use Protective Gear: Wear disposable gloves to prevent contamination and minimize health hazards. Consider using non-powdered gloves to avoid leaving any residue on the device.
  • Physical Inspection: Without directly touching potentially sensitive areas (e.g., parts where fingerprints may be present), carefully inspect the phone for immediate risks, such as damaged parts or liquid exposure (indicated by the droplets).
  • Avoid Turning It On: Do not power on the device or interact with it electronically, as this could alter or damage the data.
  • Assess Liquid Exposure: If liquid is visible under the screen, this could be a biological hazard. Handle the phone cautiously and ensure you work in a controlled environment where potential contaminants can be managed safely.
  • Use a Faraday Bag or Box: To prevent any potential remote wiping or tampering with the device, place the phone in a Faraday bag or a signal-blocking container before proceeding. This ensures that no external signals can reach the device.
  • Use a Faraday Bag or Box: To prevent any potential remote wiping or tampering with the device, place the phone in a Faraday bag or a signal-blocking container before proceeding. This ensures that no external signals can reach the device.
  • Avoid Cleaning: Refrain from attempting to clean or remove any visible residue or biological material; this should be done by forensic experts specializing in biological evidence.
  • Transfer to Experts: Once data acquisition is complete, carefully transfer the device back to the original evidence bag or a protective container with clear labeling.

Question 03

  • Ensure the Scene is Secure: Confirm that the scene has been secured and that there is no immediate danger, such as electrical hazards or unstable structures.
  • Warrant and Legal Authorization: Make sure you have the appropriate legal authorization, such as a search warrant, to collect the electronic device. This helps ensure any evidence collected is admissible in court
  • Remote Access and Wiping: Be aware that some devices may be set to delete or alter data when certain conditions are met (e.g., receiving a remote command). To prevent this, consider using a Faraday bag or container to block signals.
  • Power State: Check whether the device is on or off without interacting with it. The state of the device can affect how it should be handled to preserve data.
  • Digital Evidence Volatility: Electronic devices contain volatile data (e.g., RAM) that may be lost when the device is turned off or if the battery runs out. Handling the device in a way that preserves this data requires specialized tools and techniques.
  • Damage Assessment: Observe if the device is damaged (e.g., cracked screen, liquid damage, exposed wires). This can help determine the safest and most effective way to handle it without further damage or data loss

Graph View

Backlinks

  • No backlinks found