What applications are running on the memory dump computer?

In Albuquerque, New Mexico, there has been a mass shooting at the Welker Compound on Daniel Road with over 10 casualties. The owners of the property have long been suspected to be a criminal gang with white supremist ideologies. The compound had been under police surveillance with network traffic for the day of the shooting captured by the ISP. A damaged laptop was discovered at the scene and a memory dump was made but the disk image was unrecoverable. There has also been a mobile phone found near the body of the gang leader and several other suspected criminals and victims. [1]

Task 1

You are a digital forensics analyst for the Albuquerque Police Department. You have been tasked with examining any digital forensic evidence found at the scene as well as the network capture. The case supervisor suggests you address the following questions.

  1. Who are the suspects in the transmission? When does the first communication begin?
  2. What browsers are the suspects using and on what operating systems?
  3. Are there undercover DEA agents within the gang? If so, who are they?
  4. What was sent for Jesse to collect?
  5. Is Jesse a DEA agent?
  6. What applications are running on the memory dump computer?
  7. What web pages has the memory dump computer visited recently?
  8. What is email address of the owner of the memory dump computer?
  9. What is password of the memory dump computer?
  10. Create a detailed timeline of the significant events that take place on the memory dump computer.
  11. What are the non-stock applications installed on the phone?
  12. Who is in the contacts list?
  13. What messages and calls have been sent and received by the phone?
  14. What Internet searches has the owner of the phone made?
  15. Is there a link between this phone and the disk image provided in Assessment A2. If so what is it?

As part of the answer for each of these questions you must include:

  • A clear description of the evidence and reasoning for your answer.
  • A detailed description of the process that you followed and the tools that you used to obtain the evidence. It is expected that you will include screenshots in your description.

Evidence Details

  • DestroyedLaptopMemory.zip (md5sum: 02094d46e9b3277b5f653000e3dee4b1)
  • welkercapture.zip (md5sum: 480b054a95e589861ed2566a561aaee6)
  • victimphone.zip (md5sum: 274ec2b5afdbbe562728315c56581ae3)

Evidence for this assessment can be downloaded at the following links:

  • DestroyedLaptopMemory.zip (https://cloudstor.aarnet.edu.au/plus/s/4MwGA9ULsXgwzKN)
  • welkercapture.zip (https://cloudstor.aarnet.edu.au/plus/s/bHZGk4t2MeuPB0z)
  • victimphone.zip (https://cloudstor.aarnet.edu.au/plus/s/mYHz4qKKmUJaKOw)

If you are using the SIFT workstation on the Griffith Cyber Range you can download it from the following link if you are logged into the SIFT workstation. This link is only accessible if you are logged into the SIFT workstation.


Task 2

As it appears that survivors of this incident will be prosecuted, you must complete a digital forensic report for the police department. However, it must be written for a non-IT audience and may be used in court proceedings. This report should follow the recommended report structure and be addressed to non-technical possibly legal staff. Your answers for Task 1 should make up the appendix of this report.

Your report on the investigation should include the following main headings:

  • Introduction and Executive Summary – Provide an overview of the case, the relevance of the evidential media being examined, who requested the forensic analysis, and what was requested.
  • Evidence Summary – Describe the items of digital evidence that were analysed, providing details such as MD5 values, make and models of equipment
  • Examination Summary– Provide an overview of the critical findings relating to the investigation, an executive summary, with any recommendations or conclusions in short form
  • Forensic Analysis and Findings– Provide a detailed description of the forensic analysis performed and the resulting findings, along with supporting evidence.
  • Conclusions – A summary of conclusions should follow logically from previous sections in the report and should reference supporting evidence.

Marking Criteria

This rubric provides you with the criteria to which your assessment will be marked as well as information as to how you might achieve the best possible marking outcomes.

Please review the marking rubric before you commence work on this assessment task.?Ensure that you have addressed the relevant criteria outlined in the rubric when completing the assessment task.

7906ICT A3 Marking Criteria.pdf Click for more options 7906ICT A3 Marking Criteria.pdf – Alternative Formats


[1]The story, all names, characters, and incidents portrayed in this assignment are fictitious. No identification with actual persons (fictitious, living or deceased), places, buildings, events, and motion pictures is intended or should be inferred. No person or entity associated with this assignment received payment or anything of value, or entered into any agreement, in connection with the depiction of tobacco products. No animals were harmed in the making of this assignment.

determine the context, order, and any linkages between the required elements listed below

 Demonstrate your understanding of Assembly in relation to other languages, your ability to apply existing ARM64 assembly mnemonics and techniques to a specific purpose, and to demonstrate the ability to….

Identify and write the main issues found discussed in the case (who, what, how, where and when (the critical facts in a case).

Case Study: You have just been hired to perform digital investigations and forensics analysis for a company. You find that no policies, processes, or procedures are currently in place. Conduct….

Identify dependencies between various business areas and functions.

PROJECT TITLE Business Continuity Plan for Financial Institutions ABSTRACT Due to increase in customers’ demand, competition, 24hrs continuous service, frequent changes in regulatory policy requirements and changes in various threats….