AMU Digital Forensics United States Office of Personnel Management Case Study In order to complete this assignment you will need to answer the below questi

AMU Digital Forensics United States Office of Personnel Management Case Study In order to complete this assignment you will need to answer the below questions. Please complete the questions in a Word document and then upload the assignment for grading. The assignment must be a minimum of 6-full pages in length with a minimum of 3-outside sources. Please be sure to follow APA guidelines for citing and referencing source. 1) This is a culmination of the past 8 weeks of work. The case is closed and you need to turn in a final report. Please take a look at this page and read how to outline the report: In essence, you will be combining the information from Assignments 2, 3, 4, 5, 6, and 8. The Case Summary is the key part of this report where you sum up all of your work. The Forensics Acquisition and Exam Preparation will need to be a mixture of some content identified already and some “imagination”. Findings and Report will be a combination of the case and its key aspects/facts. And then you got your conclusion. I know this is a bit of a stretch and is going to require some “imagination” on parts, but I want you to properly understand what types of documents that you will be experiencing in these investigations. Running head: COMPUTER FORENSICS
Computer Forensics
Olubode, Taiwo
American military University
Computer Forensics in Criminal Justice
In the modern world, there is an increasing application of computers and internet services.
Organizations have incorporated the latest technological developments into their operational systems so
that they can remain competitive in the market place. Innovations in technology have led to a rise in
criminal activities associated with the platforms, and cybercriminals commit computer crimes that are
reported to security agencies daily. These criminals also engage in email harassment, violations of
company policies, and leakage of proprietary data essential for an institution. With the increase in
digital crime, computer forensic experts are required in law enforcement since they know about
researching these types of crimes. The group needs to carry out detailed investigation and obtain
relevant information to be used in a court of law. Some of the crimes forensic experts deal with are
hacking activities, bank fraud, and espionage. They utilize devices such as tablets, mobile phones, hard
drives, and computer devices to collect evidence required to prove premeditation in a case.
Investigation of a Child Pornography Cache
Children involvement in pornographic acts is illegal in the United States. When a person is
found to have such material, they are prone to prosecution. However, forensic experts have the mandate
of carrying intense investigation to determine the origin of these materials so that they can present a
solid case to an attorney. However, security officers are not allowed to duplicate the evidence collected
into more copies as they analyze the data (Yaqoob et al., 2019). The duplication should only happen
through a court order. In tracking the digital activities involved in specific content, the investigator
would be able to uncover the criminal intent and help in preventing future occurrence of such cases.
The case under investigation involves the acquisition of pornography content. The content was
found in one of the suspect’s computer device where he claimed that he had received a pop-up and
clicked on it. In determining whether the allegations are true, a detailed forensic procedure needs to be
carried out. The process entails the following:
Procedure and Policy Development
Evidence related to the cyber activity is highly sensitive and delicate. Critical information can
be compromised when mishandled, and this is the reason which makes it essential to follow strict
procedures and guidelines. In dealing with the above case, the first step is to entail system preparation
evidence that would be retrieved, which includes a storage device for the content.
Documentation of this information is vital in ensuring its authenticity. The suspect claims to
have received the content from a pop-up, but the most critical step is establishing the right storage
device for the already obtained content. Besides, before the digital investigation commences,
understanding the investigative actions related to the case is an essential component (Joshi & Pilli,
2016). As a forensic expert, understanding the warrants of arrest, reading the case briefs, and obtaining
permission to pursue the incident are critical procedures to adhere to.
Evidence Assessment
This is a crucial component of the investigation process. Before processing the evidence,
understanding the case details would ensure the appropriate classification of the case at hand.
Sophisticated methods are supposed to be applied in accessing the computer hard drives, social
platforms associated with the individual and their email accounts to retrieve any information that is to
serve as practical evidence of the child pornography crime.
Evidence Acquisition
A detailed plan for acquiring evidence is critical for the success of a forensic investigation
process. Extensive documentation is required before, after, and during the acquisition process. Detailed
information, which includes software and hardware specifications, is recorded. These processes would
help in ensuring that the integrity of evidence to be acquired is preserved. In acquiring potential
evidence, advanced boot discs make it possible to retrieve sensitive information where steps in copying
and transferring this data into the forensic investigation system are taken. Evidence acquisition is
carried legally since the child pornography case is complex.
Evidence Examination
The step is crucial in the case since the suspect has suggested that he received the pornographic
content as a third party. To determine whether this is true, procedures in examining the material in the
computer device, email accounts associated with the individuals, and his social media platform are to
determine whether the allegations are true. There is software available for forensic experts to search for
data using specific keywords effectively. Also, any deleted and encrypted content can be retrieved and
used as evidence (Moriarty, 2017). Files names present in the computer device are to help in
establishing the exact location where data was downloaded, created, or uploaded.
Documentation and Reporting
All the details and methods used to retrieving information need to be documented. As a forensic
investigator, the actions taken in acquiring, examining, and assessing evidence are also to be
documented to demonstrate user data integrity and adherence to policies governing the process. The
primary purpose of the above methods is obtaining information that will be used in a law court. With
the acquisition of detailed data from the suspect’s computer device, it is possible to determine whether
he was directed engaged in the crime so that appropriate legal procedure can be carried out.
An Ethical Decision in the Case
For investigators in criminal justice, they are often faced with ethical dilemmas. In the above
study, new evidence has emerged, which is equally reliable and needs to be considered for
investigation. Recognizing the moral dilemma facing a criminal justice investigator is one step that
seeks to resolve the issue. The consequences of making a particular decision are to be analyzed and a
conclusion made (Braswell, McCarthy, & McCarthy, 2017). The code of conduct governing the
investigator needs to be reviewed so that the actions taken display these codes.
In my forensic investigator capacity, I would not ignore the child pornography case but would
establish it as new evidence in the OPM attack case. The OPM attack is a serious case that led to the
exposure of numerous records for former and current government employees in the United States. The
suspects involved in the case could as well have played a part in generating child pornographic material
and distributing it to the internet in encrypted form. This is a way to hide the source; hence the two
cases should be given priority. In case the child pornography case is withdrawn and focus given on the
OPM attack case, it would also be difficult to prosecute the case at a later date. This is because the two
cases are related to cybercrime and could potentially have been executed by the same or related
Computer forensics has proved to be essential in criminal justice investigations. With the rise in
cyberspace crimes, government agencies ought to take measures in protecting personal details for the
citizens who are prone to such attacks attack. Criminals are interested in this data since it helps them
hack into their financial accounts, acquiring vast amounts. When a forensic expert is investigating a
case, detailed procedures are supposed to be followed so that they can manage to obtain critical
information for presentation in a court of law.
Braswell, M. C., McCarthy, B. R., & McCarthy, B. J. (2017). Justice, crime, and ethics. Taylor &
Joshi, R. C., & Pilli, E. S. (2016). Network Forensic Process Models. In Fundamentals of network
forensics (pp. 17-45). Springer, London.
Moriarty, L. J. (2017). Criminal justice technology in the 21st century. Charles C Thomas Publisher.
Yaqoob, I., Hashem, I. A. T., Ahmed, A., Kazmi, S. A., & Hong, C. S. (2019). Internet of things
forensics: Recent advances, taxonomy, requirements, and open challenges. Future Generation
Computer Systems, 92, 265-275.
Running head: THE OPM INCIDENT
The OPM Incident-Week 5 Assignment
Olubode, Taiwo
American Military University
The OPM Incident-Week 5 Assignment
Summary of the key facts
The OPM incident took the US with shock, and the effect of the attack is still not known.
Congress stated that “the exact details of how and when the attackers gained entry … are not exactly
clear.” However, we have done several investigations and studies and have to collect some critical
information that can be used to extradite the hackers behind the attack. These details, although some
still need further research and confirmation, can pave the way for a fair trial and provide proof and
evidence for several aspects of the case. The impact of the OPM attack, the possibilities that it may
cause, and the consequences it has caused the human resources department of the federal government,
we need to make well-informed steps in prosecuting the perpetrators behind the attack.
There is a significant stake in the possible outcomes of how the case is handled with the players
involved in the case as well as the wellbeing of the whole US population. Therefore, we believe that
through the following details, we have made significant steps towards understanding the critical
component of the OPM incident, including the need for expatriating the attackers, the agencies
involved in prosecuting the attackers, and the significance of doing so.
Overview of the OPM hack
In 2015, the United States Office of Personnel Management (OPM) had a cyber-attack that
affected its data and IT systems, compromising the organizational data of roughly 4.2 million present
and previous federal staffs. The incidents that led to the attack have not clearly been established, but
what is clear is that OPM had already been roundly criticized for poor security practices in the period
leading up to the intrusion. In June, OPM also had a different case focusing on databases holding
background probe or investigation accounts in the same agency. Besides, OPM’s Electronic
Questionnaires for Investigations Processing (e-QIP) framework, the model established to assist in the
processing of forms utilized in carrying out background study or investigation got suspended for
security reasons. The attack occurred in two major phases, with the first attack taking place in June
2013, and the Congress dubbed the group X1. The second attackers were dubbed X2. The effects are
thought to have affected approximately 21 million people.
The impacts of the attack-the need for prosecuting the hackers
The most considerable damage to the OPM attack was on the Government’s reputation.
Successful and dreadful security of one of the government’s systems caused a negative impact on the
government’s credibility more than it caused to security (Marks, 2017). Nonetheless, initially, OPM did
not report the case of the first attack, including the effects, for reasons that are still not clear. However,
we cannot overlook the almost 21 million people whose information had been compromised. Based on
these effects, the perpetrators need to be prosecuted as part of the attempt to try and fix the damages
that have already happened, and as a warning to future similar attacks. In regards, the effects of the
cyber-attack led to the penetration Anthem, which is a health insurance company, and led to the lose of
data of almost 80 million US citizens (Koerner, 2016). Yet, political constraints have prevented US
leaders from pointing fingers despite the available evidence such as IP addresses and the email
accounts that link the attackers to China.
The prosecution processes-those involved and their inputs
Our investigation have pointed that some of the organizations that will be involved in the
hearing and trial of the case involving the OPM incident hackers is the House Oversight and
Government Reform Committee. The Federal Bureau of Investigations is another body that will be
available for the prosecutors of the hackers. The FBI will be responsible for conducting investigations
into the case, including the exact impact of the attack and unearthing all the parties that were possibly
involved in the OPM incident. The United States Intelligence Community is another body that will be
associated with the prosecution of the hackers.
Additionally, the American Federation of Government Employees, acting on behalf of the
affected federal employees who were affected by the OPM breach. Other laws and organizations,
treaties, and laws that will be associated with the prosecution of the OPM hackers include the recently
adopted National Cyber Strategy, which has a few short sections committed to pursuing hackers, the
Bush Administration’s Comprehensive National Cybersecurity Initiative (CNCI), and North Atlantic
Treaty Organization’s (NATO), the Tallinn Manual, Digital Geneva Convention, among other several
others (Eoyang et al., 2018). Noteworthy, prosecuting the hackers requires the input of several
organizations, treaties, and laws on national security and foreign affairs.
So far, we have performed a detailed study on major features that surround the OPM attack,
trying as much as possible to bridge the gaps on how and why the attack took place. One significant
gap in the current study is the underpinning motives that led to the two attacks, which, even if they are
thought to be unrelated, evidence points to the possibility of having been staged by two entities
operating in tandem. X1 stole information about OPM’s network that would’ve been helpful to X2’s
agenda (Fruhlinger, 2020). Therefore, we believe that with this information, we are good to go with the
process to extradite the people responsible for the OPM incident.
Rule 41-its implications on the investigation process
One of the major authorities and benefits that Rule 41 will is that it would allow the agencies
like FBI to access computers outside of the US. Besides, the rule would permit global access to
computers, as well as those run by reporters, informers, martial personnel, policymakers, and business
directors. These access authorizations will have a positive impact in our investigation because
accessing the computers all over the world would allow identification of factors like browser
fingerprints, emails messages, and IP addresses that would point to the hackers, their locations and
other several data that would facilitate the investigation process (Federal Rules of Civil Procedure,
2020). Conclusively, Rule 41 will assist the investigation process despite the possible obstacles.
Federal Rules of Civil Procedure. (2020). Rule 41 – Dismissal of Actions | 2020 Federal Rules of Civil
Procedure. 2020 Federal Rules of Civil Procedure. Retrieved 1 April 2020, from
Fruhlinger, J. (2020). The OPM hack explained: Bad security practices meet China’s Captain America.
CSO Online. Retrieved 1 April 2020, from
Eoyang, M., Peters, l., Mehta, I., & Gaskew, B. (2018). To Catch a Hacker: Toward a comprehensive
strategy to identify, pursue, and punish malicious cyber actors – Third Way.
Retrieved 29 March 2020, from
Koerner, B. (2016). Inside the OPM Hack, the Cyberattack That Shocked the US Government. WIRED.
Retrieved 1 April 2020, from
Marks, J. (2017). Greatest Damage from OPM Breach was to Government’s Reputation.
Retrieved 1 April 2020, from
Running Head: OPM INCIDENT
OPM Incident
Olubode, Taiwo
American Military University
OPM Incident
The unethical hacking of the United States Office of Personnel Management took place in April
2015, and it involved personnel files of the government’s civilian workforce. The indecent involved
access to sensitive data such as SF-86 forms that contain personal information for individuals seeking
security clearance for government work. The unauthorized access to OPM database led to a
congressional investigation and executives’ resignation. The congressional OPM data breach report
reveals that X1 and X2 were dubbed the perpetrators of the incident. However, law enforcement
claim that the two perpetrators were a foreign entity. This paper analyses the psychological aspects of
X1 and X2 suspects to the OPM incident (Fruhlinger, 2020).
Psychological aspects of X1 and X2
According to the congressional OPM data breach report, cyber intrusion, especially hacking is
not done just for fun. The intruders must have psychological aspects towards the motive. Most research
reveals that hackers have a motivating background in their attacks. In this investigative analysis,
psychological aspects such as opportunity, means, and motive will be the central point.
In the opportunity psychological aspect , the concentration point will be how and when the
incident occurred. Importance is also placed on vulnerabilities caused by the users. The incident started
in November 2013, when the OPM network was first breached. In the first attack, the X1 perpetrator
was not able to succeed in personal records access. However, the perpetrator managed to gather
information on IT system architecture and manuals In December 2013, the X1 preperator used
government contractors who conducted background checks to access the OPM servers alerting the
security team. The group registered on April 25, 2014 and in May 2014, they loaded
keyoggers to the administrator’s workstation database (Fruhlinger, 2020).
Due to the keyloggers on the administrator’s workstation database, the X2 group, on May 7,
2014, established a foothold in the OPM network using credentials from KeyPoint, creating a backdoor
by installing malware. In October 2014, the X2 intruder had already breached the server of the
Department of Interior by moving through the OPM environment. Despite security personnel noticing
unusual activity within the OPM network, the hackers went ahead with fingerprints data theft
(Fruhlinger, 2020).
During the intrusion, OPM had several criticisms on its weak security practices. Further, OPM
technical leadership became overconfident in defeating X1 failing to put measures to prevent another
cyber intrusion. The security team did not implement two-factor authentication, making the system
vulnerable to X2 username and password theft. X2 used active directory privilege escalation technique
to obtain OPM system root access, which made it possible for the hackers to install PlugX malware
which also allowed them to fit more malware such as jumpbox and sakula, which enabled them to
navigate easily in the system (Fruhlinger, 2020).
The means psychological aspects involves tools and channels used by the group. Additionally,
it is vital to access whether there was an insider or if just malware and unauthorized access were used.
The X1 group breached two contractors’ systems, USIS and KeyPoint, they also loaded keyoggers to
the administrator’s workstation database. X2, on the other hand, stole the login credentials of KeyPoint,
which enabled them to install malware and create a backdoor. Once the X2 intruder had access to the

Purchase answer to see full

Submit a Comment