ABSTRACT
Computers, hard drives, storage media, cell phones, etc., are considered containers. As an analyst, one must have the legal authority to search these “containers” before conducting an analysis. In digital forensic analysis, it is imperative that the original evidence not be altered. The hard drives were then connected to a piece of hardware called a write blocker. This tool prevents any writes or alterations to the original media and maintains the integrity of the original evidence source. CentraStage software was also installed on this device. Background information on this software indicated it was a remote monitoring software tool utilized by Information Technology professionals for support. Federal agencies were called in to investigate the foreign intrusions and identify victims based on the tax records, military records, credit cards, etc., and notified their data had been compromised. The suspect had also transferred child sexually abusive material from one of the intrusions and was charged with possession of that material.
