Recovery Data with xways app

mosy

New member
Hi

this is my Scenario: could you help me:


Ian McShane is under investigation by trading standard. He is suspected of a number of art heists and antique fraud. Online surveillance of an eBay page with a username matching his name, has identified that he is selling a number of antiques. Images of these antiques have been acquired from the eBay pages (the evidence package is provided separately for reference) and a warrant has been conducted at his place of business. The antiques were not recovered, however a desktop computer has been found and seized.
You are tasked with investigating the data on this desktop computer to determine whether there is any evidence of these antiques on the hard disc drives. The array will first need to be rebuilt in order to analyse the information stored within it.
The SIO wants a complete analysis of the operating system user account and activity taking place on the computer.
Any and all artefacts of note should be subject to manual verification by examination of the raw hexadecimal data present and/or manual interpretation of the internal structure of any key files found. This includes, but is not limited to key file-system artefacts, application-specific artefacts and Registry artefacts.
The DFU technician has imaged the hard drives and provided the E01 files for you to analyse. The technician noted that there were 5 hard drives present in the system and that 4 of them appeared to be connected to a special connector which he believes to be a RAID adapter. An image is shown below for reference:
No further details were obtained by the technician on the arrangement of these discs, however they have been imaged with reference numbers BEF2_[1-4], in the order that they were found to be connected to the card’s SATA ports.
///

anyone have any idea??
 

Jared

Administrator
Staff member
Not to discourage you from posting here, but you may find that a forum like Forensic Focus is better geared toward this sort of thing. Most of us are in pro data recovery, not really forensics.

We can certainly help explain what's going on with the RAID (if you actually post those pictures for us), but investigative procedures aren't what most of us specialize in.
 
Top