Final Project Milestone One: Draft of Report

To complete this assignment, review the prompt and grading rubric in the Milestone One Guidelines and Rubric document. When you have finished your work, submit the assignment here for grading and instructor feedback.

                            ISE 640 Final Project Forensic Notes

Use the information in this document to help you complete your final project. 

Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. 

Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. 

Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. 

The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. 

Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. 

At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. 

The following notes were provided by the Forensic Team: 

Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: 

 Chain of custody document was begun with the sizing of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer.  Hard drive was duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same.  The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file structure.  The hard drive was analyzed using Autopsy and Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. 

Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. 

CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. 

SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. 

EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. 

HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. 

SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.

                  ISE 640 Milestone One Guidelines and Rubric 

 Overview: The milestone assignments in this course directly support you in the completion of your final project, a forensic investigative report. Consider the feedback you have received in class discussions, along with notes you have made in your non-graded investigative journal, to complete this milestone assignment. 

This is Milestone One, a draft of Final Project One: Report. The final product will be submitted in Module Nine. 

Please note that your non-graded investigative journal will be submitted with this milestone to ensure completion. Make sure that you are adding to your investigative journal as you complete each module. 

Prompt: For the summative assessment, you will be taking on the role of a cybersecurity practitioner. You will need to act as a domain expert communicating to a non-expert stakeholder. For this milestone, you will be providing a summary of the scenario from the forensic notes document. You will also be explaining the relevant procedures needed to maintain evidentiary integrity: legal concerns, processes and procedures, and chain of custody. Lastly, you will be explaining details of the investigation, such as resources needed, methods, and findings. Ensure you review the full scenario in the main project document as well as the forensic notes document before drafting your report. 

Specifically, the following critical elements must be addressed: 

I. Executive Summary: Set the stage for your report, providing a brief overview of the situation and the stakeholders who are involved. 

II. Legal Concerns: Describe the problem(s) and objectives you are working with the company’s attorneys to solve. 

III. Relevant Procedures: In this section, you will outline the steps that (hypothetically) you will have to take prior to or as you investigate in order to maintain evidentiary integrity. Use your experiences from other situations you are engaging in within the lab environment to inform your responses. 

  A. Processes and Procedures: Describe processes or procedures necessary for handling a criminal situation by an internal employee. 

  B. Chain of Custody: Explain how to maintain the chain of custody as you investigate the various aspects of the incident. Support your response with specific examples. 

IV. Details of Investigation: Based on your experiences in the labs, there will be specific resources, methods, and tools necessary to support the investigation in the scenario.  

   A. Resources Needs: Explain what resources (team knowledge, skills, and abilities) are necessary for gathering the evidence for this forensic investigation. Provide examples based on your experiences from the labs. 

   B. Methods: Describe the specific forensic method or approach you used to effectively leverage your available resources. 

   C. Findings: Describe the specific findings and the forensic tactics and technologies you employed to reach them. 

V. Investigative Journal Notes: Submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. 

                                        Rubric 

 Guidelines for Submission: Your assignment should adhere to the following formatting requirements: Write 4 to 5 double-spaced pages using 12-point Times New Roman font and one-inch margins. You should use current APA style guidelines for your citations and reference list. Be sure to attach both Milestone One and investigative journal files. 

  9-1 Final Project One Submission: Report

To complete this assignment, review the prompt and grading rubric in the Final Project One Guidelines and Rubric document. Also review the information in the Final Project Forensic Notesdocument. When you have finished your work, submit the assignment here for grading and instructor feedback.

                          ISE 640 Final Project Forensic Notes

Use the information in this document to help you complete your final project. 

Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. 

Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. 

Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. 

The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. 

Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. 

At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. 

The following notes were provided by the Forensic Team: 

Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: 

 Chain of custody document was begun with the sizing of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer.  Hard drive was duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same.  The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file structure.  The hard drive was analyzed using Autopsy and Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. 

Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. 

CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. 

SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. 

EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. 

HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. 

SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.

                   ISE 640 Final Project One Guidelines and Rubric 

Overview As a cybersecurity practitioner, understanding the practice and application of digital forensics principles are necessary skills in all aspects of incident response. You will need these skills to effectively manage and resolve incidents that involve aspects of cybercrime, regulatory compliance, and legal concerns that arise in your organization. Additionally, you will often need to act as a domain expert communicating to a non-expert (as in a lawyer, executive, etc.)  

In this course, you will perform basic forensic tasks in order to “walk a mile in the shoes” of a forensic practitioner. You will use the knowledge you gain in the practice activities to address a scenario. Your tasks will be to develop a technical investigative report and a non-technical memorandum (Final Project Part 2) that will assist your executive stakeholders and organizational attorneys in managing and addressing the aftermath of a particular incident.  

You will complete a milestone for Final Project One in Module Seven, which is a draft of the Final Project One: Report. Ensure you review the feedback received on this milestone when your instructor returns it to you. Final Project One will be submitted in Module Nine. 

In this assignment, you will demonstrate your mastery of the following course outcomes:  

 ISE-640-01: Apply chain of custody processes and procedures used by practitioners for maintaining evidentiary integrity [MS.CSE.CORE.04]  ISE-640-02: Employ digital forensic tools and investigative practices to augment and enhance organizational incident response capabilities [MS.CSE.CORE.04] 

Prompt Write a clear analysis report of a specific security incident based on a provided scenario and template and exemplar based on experiences in lab(s). 

Scenario: A management, director-level employee appears to have stolen intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. This employee has access to corporate secrets and files. The employee is planning on leaving the company, taking the intellectual property with them, and going to work for a competitor. Due to some suspicions on the part of several managers, human resources (HR) notified the information technology (IT) department to monitor the employee’s past history. An internal investigation is launched due to the employee’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by the employee. Evidence found will be used to support legal civil and criminal proceedings. Read the Final Project Forensic Notes document for all the necessary details. 

Specifically, you must address the critical elements listed below. Most of the critical elements align with a particular course outcome (shown in brackets).  

I. Executive Summary: Set the stage for your report, providing a brief overview of the situation and the stakeholders who are involved. 

II. Legal Concerns: Describe the problem(s) and objectives you are working with the company’s attorneys to solve. [ISE-640-01] 

III. Relevant Procedures: In this section, you will outline the steps that (hypothetically) you will have to take prior to or as you investigate in order to maintain evidentiary integrity. Use your experiences from other situations you engaging in within the lab environment to inform your responses. A. Processes and Procedures: Describe processes or procedures necessary for handing a criminal situation by internal employee. [ISE-640-01] B. Chain of Custody: Explain how to maintain the chain of custody as you investigate the various aspects of the incident. Support your response with specific examples. [ISE-640-01]  

IV. Details of Investigation: Based on your experiences in the labs, there will be specific resources, methods, and tools necessary to support the investigation in the scenario.  A. Resources Needs: Explain what resources (team knowledge, skills, and abilities) are necessary for gathering the evidence for this forensic investigation. Provide examples based on your experiences from the labs. [ISE-640-02] B. Methods: Describe the specific forensic method or approach you used to effectively leverage your available resources. [ISE-640-02] C. Findings: Describe the specific findings and the forensic tactics and technologies you employed to reach them. [ISE-640-02] 

Milestones 

Milestone One: Report Draft In Module Seven, you will submit a complete draft of this report. This milestone will be graded with the Milestone One Rubric.  

Final Project One Rubric Guidelines for Submission: Your investigative forensic report must be 4–5 pages in length  (excluding cover page and references) and must be written in APA format. Use double-spacing, 12-point Times New Roman font, and one-inch margins. Include at least 3 references cited in APA format.                         

Design a class named Month. The class should have the following private members:

• months– a string of array object that holds the name of a month, such as "January," "February," etc.               (2 points)
• grossAmount– an array of double variable that holds the total amount of each month.                                     (2 points) 
• Structure of Branch that includes:
  • branchName shows a name of the branch.                                                                                                      (2 points) 
  • branchID shows the branch number.                                                                                                                (2 points) 
  • branchManager shows branch manger name.                                                                                                  (2 points)

You will need to build and provide the following member functions:

• A default constructor that has no arguments and sets all grossAmount to 0.0 to all 12 months                                                                                                                  (20 points)
• A constructor that accepts the name of a month as an argument. It should Search for the name of the month set grossAmount of argument month to 0.0 value.     (30 points)
• A constructor that accepts a double number of grossAmount and the month name as arguments. It should set grossAmount with value passed as the argument to the passed correct month name.                                                                                                                                                                                                                                                                                                                 (20 points)
• A constructor that accepts branch items information.                                                                                                                                                                                       (20 points)
• Appropriate set and get functions for the name of the month and grossAmount variables.                                                                                                                          (10 points)
• Appropriate set and get functions for the Branch data structure.                                                                                                                                                                     (10 points)
• Member Function that set array of months such as:
  • void initializeNames() to set the array of 12 month names:                                                                                                                                                              (10 points) // Initialize the array of month names.
    months[0] = "January"; months[1] = "February"; months[2] = "March";
    months[3] = "April"; months[4] = "May"; months[5] = "June";
    months[6] = "July"; months[7] = "August"; months[8] = "September";
    months[9] = "October"; months[10] = "November"; months[11] = "December";
• Function that return the total groosAmount for all 12 months.                                                                                                                                                                             (20 points)
• Using Month class the main function shows:
  • How to call ALL different constructors, set and get data of the different instance of objects .                                                                                                           (20 points)
  • Crate an array of objects from class Month with size of 5.                                                                                                                                                                            (20 points)
  • Create a function that Sort an array of objects base on total groosAmount on descending order                                                                                                                 (30 points)
  • Create a Menu function for user selection to do a Loop for the following:                                                                                                                                                (30 points)
    • select (1) to input 5 data for the array object of class month
    • select (2) to display the sort of data objects base on total groosAmount
    • Select (3) to exist

Demonstrate the class in a program.

{Reminder – think through the design – like from where could I assign the month name from? Create functions for repetitive tasks. Place all class definitions in the header file for the class. Utilize a class implementation file for those files that cannot appropriately live in the class header file (e.g., everything except the getters in this example). Utilize main to test your class.}

Throughout this course, you will be keeping an investigative journal. The purpose of this journal is to archive any artifacts and information that may support your final projects. You will submit it as part of Milestone One and receive points within the milestone rubric for this. Additionally, it will assist you by allowing you to organize information in a chronological order that you can easily retrieve when completing the final projects in the later modules. This journal can be kept as a Word document. You can compile journal entries within the same document and submit this document as one file submission at the end of the course with your Milestone One submission.

In your investigative journal, develop a chain of custody form to be used within a business based on forensic notes for the final project.

In your investigative journal, record how data is acquired and the tools used in the final project scenario.

In your investigative journal, record how data is acquired and the tools used in the final project scenario.

In your investigative journal, record network analysis for the final project scenario.

ISE 640 Final Project Forensic Notes

Use the information in this document to help you complete your final project. 

Drew Patrick, a director-level employee, is stealing intellectual property from a manufacturing company. The company is heavily involved in high-end development of widgets. Drew has access to corporate secrets and files. He is planning on leaving the company, taking the intellectual property with him, and going to work for a competitor. There is suspicion of him doing this, so human resources (HR) notified the information technology (IT) department to monitor Drew’s past history. An internal investigation is launched due to Drew’s abnormal behavior. The IT department confirms that they have found large files and emails. Forensics identified unauthorized access, transmission, and storage of intellectual property by Drew. Evidence found will be used to support legal civil and criminal proceedings. 

Scenario ACME Construction Company designs, manufactures, and sells large construction vehicles that can cost upwards of a million dollars. They spent hundreds of thousands of hours redesigning their premier excavator. Every piece that goes into the excavator is individually designed to maximize the longevity of the equipment. Known for attention to detail, high-quality work, and industry innovation, this painstaking work is what sets ACME Construction company apart and is attributed for the excellent reputation they enjoy. This, in turn, allows them to charge a premium on their exceptionally well-built products. 

Drew Patrick is a senior manager directly involved with the overall development of ACME’s excavators. His role provides him with access to design documentation, schematics, support documents, and any other technical references maintained in the company’s research and development (R&D) database. The R&D database is maintained by ACME’s information technology (IT) department, which is supported by a security operations center (SOC). The SOC uses Snort as a core component of their security information and event management (SIEM) system to keep tabs on network traffic, authentication requests, file access, and log file analysis. 

The SIEM alerted SOC personnel of potential peer-to-peer (P2P) traffic originating from the internet protocol (IP) address associated with Drew’s computer. However, analysis of Active Directory logs indicated that Drew was not logged into his account at the time the files were transferred via the P2P application. ACME enforces two-factor authentication and does not allow for computer sharing. The SOC personnel began an incident report based on the identification of P2P traffic, which violates company policy. As per company policy, the SOC personnel gave human resources (HR) and the legal team the incident report. The legal team asked for further investigation. Upon further inspection of the P2P activity, several file transfers were discovered. The files transferred match the names of files in the R&D database containing intellectual property developed by Drew’s development team. Additionally, the files were transferred to IP addresses that are not owned or controlled by ACME Corporation. 

Analysis of the server access logs indicated that Drew had been logging into the R&D database for several weeks prior to the external file transfers taking place. Network logs from the Intrusion Prevention Systems (IPSs) indicated that the files of interest had been transferred to Drew’s desktop computer prior to the external transfer. ACME has a strict policy against maintaining intellectual property anywhere other than the designated servers. File access logs on the R&D servers confirmed that the account belonging to Drew had copied the files in question. 

At this point, fearing a loss of intellectual property, in addition to numerous policy violations, ACME called in the digital forensic team to take over the investigation. The forensics team proceeded to capture the log files from relevant computer systems and created a forensically sound copy of the hard disk drive on Drew’s computer. The log files investigated included the corporate mail, domain name server (DNS), and dynamic host configuration protocol (DHCP) servers, as well as physical access logs. Additionally, packet capture logs from the firewalls and intrusion detection system (IDS) were gathered and analyzed. This detailed investigation revealed that file transfers of intellectual property were indeed done from Drew’s computer, however, Drew’s account was not logged in at the time of the transfer. The only account active on the suspect computer was an anonymous account that had been created on 9/17/2016 at 9:57 p.m. 

The following notes were provided by the Forensic Team: 

Forensic Team Investigation Notes Notes from the investigative team about the forensic findings of the hard drive image obtained from Drew Patrick’s hard drive: 

 Chain of custody document was begun with the sizing of the Western Digital Hard Drive 500 GB with serial number NB497356F from Drew Patrick’s computer.  Hard drive was duplicated using forensic toolkit (FTK) software to preserve the original hard drive image. A hash was created for the original and the copied image to prove both images were the same.  The operating system of the image was Windows-based. The operating system used a new technology file system (NTFS) file structure.  The hard drive was analyzed using Autopsy and Windows Forensic Toolchest. The sort and index functions were used to isolate the files needed for further analysis. These files include types SQL, Excel, email, chat, and HTML. Slack space was also analyzed. 

Files and Findings EMAIL (Microsoft Outlook): Numerous emails were found that contained references to proprietary information. Some emails were to non-ACME Corporation email accounts, and they promised information pertaining to equipment design. Follow-up emails were found that asked for assurance of a promised managerial position. 

CHAT (AOL Instant Messenger): Several chat conversations were recovered containing information about possession of proprietary documents. 

SQL (Microsoft Database): SQL database files revealed proprietary information and connection logs to a remote SQL server. Two additional SQL database files were encrypted and were not successfully unencrypted. 

EXCEL (Microsoft Excel): Numerous Excel files were located on the hard drive. These files contained parts list and parts specifications concerning proprietary construction equipment. These files had csv and xls extensions. 

HTML: Recovered internet web browser cache revealed that the dark web was searched for proprietary information brokers. An email address was created to correspond in the dark web for buyer transactions called [email protected] Internet cache also revealed that YouTube was searched for the subjects “selling intellectual property” and “selling on the dark web.” Recovered internet browser history revealed pictures and illustrations on encrypting SQL database files. Internet browser history also revealed searches concerning how to exploit the vulnerabilities of an SQL database. 

SLACK SPACE (hidden data and temporary files): Hidden information in the slack space was revealed to contain temporary internet files on searches for “advertising stolen data” and “hacking sql servers.” These files, once revealed, were in plain text and read using Notepad.

                                                            Delivery

four and half pages single spacing not double please, correct and clear citations, submit your investigative journal that outlines most of the basics from each of the modules upon which you based your notes. using 12-point Times New Roman font. You should use current APA style guidelines for your citations and reference list.

My Database System

The final assignment for this course is an eight to ten page Final Project according to APA style. The purpose of the Final Project is for you to culminate the learning achieved in the course by describing your understanding and application of knowledge in the field of database management systems through the creation of a proposed database system to meet the data needs of a business or individual personal needs.  This is a cumulative assignment where you will complete most sections of the Final Assignment during your weekly course activities.    

Include the following major points in your paper:

• Introduction
• Background:
  • Describe the proposed new database system.
  • What business requirements or personal requirements will be satisfied by your proposed database system?
  • Who will be the users of the database system?
  • What specific functionalities will your completed database system provide?
• Structure (Conceptual):
  • What are data items that should be in your database?
  • Entities become tables in a database.  List all entities for your database.  List a minimum of 5 entities.
• Structure (Logical)
  • Attributes become fields in a table.  Attributes describe entities (For example, a Customer entity could have attributes such as: name, address, and telephone number).  List a minimum of 5 attributes for each entity.
• Relationships and Constraints (Logical):
  • Define constraints/restrictions for at least two attributes in each entity. (e.g. Number of digits in student ID, range of values for Age attribute, an employee’s salary must be between 6,000 and 350,000 …)  If some attribute should not be NULL, use NOT NULL to specify this aspect. Also provide DEFAULT values wherever applicable.
  • Define relationships between entities in your database.  A relationship describes an association among entities [one-to-many ex. a Painter can have many Paintings, many-to-many e.g.  An employee may learn many job skills, and each job skill may be learned by many employees, or one-to-one e.g. a store is managed by a single employee and an employee manages only a single store. 
•  Entity Model:
  • Create Entity-Relation (ER) model of your database.
• Keys (Physical):
  • Keys are one way to categorize attributes. A primary key is an attribute or combination of attributes that uniquely identifies one and only one instance of an entity. The primary key becomes a foreign key in any entity type to which it's related through a one-to-one or one-to-many relationship.
    • Specify Primary Keys on your Entity Relationship Diagram.
    • In a foreign key reference, a link is created between two tables when the column or columns that hold the primary key value for one table are referenced by the column or columns in another table. This column becomes a foreign key in the second table.
    • Identify and discuss at least two foreign keys in your table relationships.
• SQL (Physical):
  • Provide the SQL CREATE TABLE commands for the five tables in your proposed database.  Include PRIMARY KEY and NOT NULL commands. 
    • Use the Week3 Understanding Core Database Concepts Exercise 1 instructions to execute your CREATE Table statement for one of your proposed tables.
    • Take a screen shot of your query results.  Copy your query statement and add the screenshot of your query results to a MS Word document or PDF for upload.
  • Provide the SQL INSERT commands to insert five rows of data into your five tables.           
    • Use the Week3 Understanding Core Database Concepts Exercise 1 instructions to execute your INSERT statement.
    • Take a screen shot of your query results.  Copy your query statement and add the screenshot of your query results to a MS Word document or PDF for upload.
• Views:
  • Provide the CREATE VIEW commands to create two views for your database.
    • Use the Week3 Working with Views instructions to execute your CREATE VIEW statements.
      • Take a screen shot of your query results. 
      • Copy your query statement and add the screenshot of your query results to a MS Word document or PDF for upload.
• Normalization:
  • Analyze your five tables and confirm if normalization is needed to avoid data redundancy and ensure the efficient and reliable management of data.  Justify your position.
• Security and Impact of Globalization Diversity:
  • Protecting data security, privacy, and integrity as well as managing impacts of diversity are important database functions.  Identify key activities that are required in the DBA’s managerial role of enforcing those functions in your proposed database?
• Distributed or Centralized
  • Justify whether your proposed database has to be distributed or centralized?
• Summary

The Final Project – My Database System

• Must be eight to ten double-spaced pages in length (not including title and references pages) and formatted according to APA style as outlined in the Ashford Writing Center (Links to an external site.)Links to an external site..
  • Must include a separate title page with the following:
  • Title of paper
  • Student’s name
  • Course name and number
  • Instructor’s name
  • Date submitted
• Must use at least three scholarly sources in addition to the course text.
  • The Scholarly, Peer Reviewed, and Other Credible Sources table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for a particular assignment.
• Must document all sources in APA style as outlined in the Ashford Writing Center.
• Must include a separate references page that is formatted according to APA style as outlined in the Ashford Writing Center.

Carefully review the Grading Rubric (Links to an external site.)Links to an external site. for the criteria that will be used to evaluate your assignment.