Practicum 1 & 2
1. Practicum 1 – Evidence collection; this phase is meant to act as though you are the forensics investigator collecting the evidence directly from the source. In this instance, the memory dump information has been provided to you.
i. Download the Narcos files. NOTE: THIS WILL TAKE TIME, THE FILES ARE LARGE.
ii. Create a chain of custody form using the provided template. Document the receipt of evidence files (each memory dump file and image should be its own line) by entering your name, date, evidence info (what it is), and a hash value of the file.
iii. Make a second tab in the CoC and document any known information from the scenario (Persons, places, etc.) – use the above provided information as well.
2. Practicum 2 – Evidence Review; Focus on the actual review of the provided files and try to piece together an event trail by following forensic investigation standards (REMEMBER DAUBERT, FRYE, AND OTHER STANDARDS TAUGHT IN THE PROGRAM!) Your goal should be to collect evidence to present to your boss in part 3.
i. Continue to update the Chain of Custody form as you “check out” evidence to review.
ii. Review the evidence files and create an excel spreadsheet or Word doc (either is fine) documenting any relevant information you can find. NOTE: This portion of the project will not be given to you. All resources (including each other) are at your disposal (Others, GOOGLE!!) and all are accepted for your use!