The Greg Schardt Case 4cc061 Digital Forensic Investigation
Autor: Fabian Studach • April 3, 2016 • Case Study • 5,926 Words (24 Pages) • 1,982 Views
qwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghj
klzxcvbnmqwertyuiopas
dfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwe
CASE INVESTIGATION
The Greg Schardt case
4CC061 Digital Forensic Investigation
Bartosz Inglot
29/04/2009
Digital Forensics | 4CC061 Marking Tutor: HS Lallie Bartosz Inglot | 100090743
2
Case Study
A Dell CPi notebook was seized on 20th September 2004 with the serial number: VLQLW. An external
‘home made’ antenna (802.11b) was also seized. It is suspected that the notebook was used for
hacking purposes, however it cannot be directly linked to the suspect ‐ Greg Schardt. Schardt also
goes by the online nickname of “Mr. Evil”, it is believed that he has been parking his vehicle within
range of Wireless Access Points (such as Starbucks and T‐Mobile Hotspots) where he would then
intercept internet traffic in an attempt to get credit card numbers, usernames & passwords.
The task is to produce a report using FTK which answers the questions in the next section.
Specific Questions
1. Is there any software that could be used for hacking on the notebook?
2. Is there any evidence of the use of that software?
3. Is there evidence of any data that may have been generated as a result of the use of the software?
4. What is the image hash? Does the acquisition and verification hash match?
5. What was the operating system used on the notebook?
6. When was the installation date of the operating system and any other programs (hacking
software)?
7. What is the time‐zone setting?
8. Who was the registered owner?
9. What is the computer account name?
10. What is the primary domain name?
11. When was the last recorded computer shutdown date/time?
12. How many accounts are recorded (total number)?
...