Forensic Investigation Of A USB Flash Drive Provided By Practical Gaming Solutions
This report has been generated for the external forensic investigation of a USB Flash drive provided by Practical Gaming Solutions. The USB drive was received in a sealed envelope with profile data and registry content of a former employee, Mr. George Dean. PAGS would like to verify the contents of the USB drive to determine if there is any indication of activities by him which would violate the company’s employment agreement.
After validating the integrity of the image by comparing the MD5 hash, the USB image was processed using the Forensic Tool Kit and WinHex. In the USB drive traces of pornography, narcotics and online gambling was found in carved/deleted data. There were unexpected virtual machines, and uncommon associated software downloads, …show more content…
The president, James Randell, and HR lead, Mr. Singh, initially provided a recovered USB drive found in a laptop case which was examined and reported thoroughly. Being the ACSO, Mr. Dean had access to a variety of sensitive data in the state gaming commissions. During the briefing, the policies of ethical standards and expectations, were explained and understood, due to the nature of security consulting with in the gaming community. This continuation of the previously submitted forensic report one, is to examine a new piece of evidence. Mr. Singh provided a sealed envelope containing a USB drive created by the IT support technician Mrs. Valentina Reyes. The company standards require that profiles directories and registry files are copied when re-imaging devices. The sealed USB, PAGS03_USB, contained this data in need of …show more content…
Consent to search and monitoring of computers, media, and communications used by the employee in the performance of his or her duties for the company.
3. Immediately before his departure, Mr. Dean was using a company issued laptop in the office as a temporary replacement for his workstation; an empty soft-sided laptop case was found under Mr. Dean’s desk but the company issued laptop was not found in the office.
4. Mr. Dean’s company provided workstation was sent out for repair earlier in the week; the repair ticket listed repeated operating system crashes as the primary symptom. The IT Support Center reported that the workstation had been infected with a “nasty rootkit” which required a complete wipe and reload of the hard disk (operating system and software applications).
5. The IT Support technician, Ms. Valentina Reyes, has already re-imaged the hard drive for Mr. Dean’s workstation. Per company standard practice, she saved a copy of Mr. Dean’s profile (entire directory) and the user registry file. Ms. Reyes copied the user profile from Mr. Dean’s workstation hard drive to a USB which she provided to Mr. Singh at his request. This USB was placed in a sealed envelope by Mr. Singh.
Case Objectives /
After validating the integrity of the image by comparing the MD5 hash, the USB image was processed using the Forensic Tool Kit and WinHex. In the USB drive traces of pornography, narcotics and online gambling was found in carved/deleted data. There were unexpected virtual machines, and uncommon associated software downloads, …show more content…
The president, James Randell, and HR lead, Mr. Singh, initially provided a recovered USB drive found in a laptop case which was examined and reported thoroughly. Being the ACSO, Mr. Dean had access to a variety of sensitive data in the state gaming commissions. During the briefing, the policies of ethical standards and expectations, were explained and understood, due to the nature of security consulting with in the gaming community. This continuation of the previously submitted forensic report one, is to examine a new piece of evidence. Mr. Singh provided a sealed envelope containing a USB drive created by the IT support technician Mrs. Valentina Reyes. The company standards require that profiles directories and registry files are copied when re-imaging devices. The sealed USB, PAGS03_USB, contained this data in need of …show more content…
Consent to search and monitoring of computers, media, and communications used by the employee in the performance of his or her duties for the company.
3. Immediately before his departure, Mr. Dean was using a company issued laptop in the office as a temporary replacement for his workstation; an empty soft-sided laptop case was found under Mr. Dean’s desk but the company issued laptop was not found in the office.
4. Mr. Dean’s company provided workstation was sent out for repair earlier in the week; the repair ticket listed repeated operating system crashes as the primary symptom. The IT Support Center reported that the workstation had been infected with a “nasty rootkit” which required a complete wipe and reload of the hard disk (operating system and software applications).
5. The IT Support technician, Ms. Valentina Reyes, has already re-imaged the hard drive for Mr. Dean’s workstation. Per company standard practice, she saved a copy of Mr. Dean’s profile (entire directory) and the user registry file. Ms. Reyes copied the user profile from Mr. Dean’s workstation hard drive to a USB which she provided to Mr. Singh at his request. This USB was placed in a sealed envelope by Mr. Singh.
Case Objectives /