Computer Forensics Investigation - Analyze an Unknown Image

This paper is the practical assignment required to obtain the GIAC Certified Forensic Analyst (GCFA) security certification (version 2.0 - Option 1). It consists on the investigation and forensic analysis of a piece of evidence, an USB flashdrive, collected during the incident response phase of a case involving personal harassment in CC Terminals. The investigation focuses on obtaining a clear picture of the incident based on the analysis of the evidence gathered, establishing how it might have been used by the suspect. In order to ensure success of the forensic process, four basic principles were followed: attempt to minimize data loss, record everything, analyze all the data collected and report the findings effectively. The methodology followed, the tools and procedures used and the conclusions obtained have been included in this paper, being as much accurate as possible. The report also covers legal issues related to the laws in my home country, Spain. The forensic analysis has been mainly performed using open-source tools, because they are free and work well from a forensic perspective 1 .