Checkout MY Digital Forensics Portfilio
Clicking the header will open a PDF of my reports from each project.
★
Project 1
For this project, I was tasked with determining whether two forensic images, PortableBrowser.e01 and CoffeeShopThumb.e01, originated from the same thumb drive. Using FTK Imager, I began by extracting both images and comparing their MD5 hash values to ensure data integrity. I analyzed the file systems (FAT32) and reviewed the storage sizes and device models. While both images had the same storage capacity and originated from similar models, differing hash values led me to conclude they were likely not from the same drive. I documented each step carefully to ensure accuracy and compliance with forensic standards.
★
Project 2
In this project, I was tasked with analyzing a forensic image from a thumb drive to investigate potential evidence of stolen property at UNC Charlotte. Using FTK Imager and Autopsy, I examined the image to identify relevant photos, including images of stolen Apple devices. I verified file locations, checked metadata for camera details, and matched the device tags with university property records. Additionally, I uncovered deleted files containing crucial evidence, such as images taken with the suspect’s iPhone 6s, further linking the suspect to the stolen property.
★
Project 3
In this project, I was asked to investigate communications found in a Chat App database extracted from a device belonging to a suspect, Rett Harring, a known “goon for hire.” Using DB Browser for SQLite, I analyzed the chat database to uncover conversations, contact details, and possible criminal activity. I used DCode to convert epoch timestamps into readable formats and identified key communications between Harring and other individuals, including discussions of a stolen item and Harring’s frequent contacts. The investigation provided a clear timeline and context for the suspect’s communications.
★
Semester Project
For this semester project, I conducted a forensic investigation of Eugene “Gene” Poole’s computer, suspected of involvement in illegal drug and weapons manufacturing. Using FTK Imager and Autopsy, I mounted the forensic image GP2022.E01 and conducted a comprehensive analysis. I discovered evidence such as email communications about ransomware, pictures of military rockets, and anti-forensics tools like Eraser and CCleaner. I also recovered hidden files in a poem and a spreadsheet containing chemical ingredients, as well as GPS coordinates pointing to the location of a stolen vehicle.
★
Graduate Report
For my graduate forensic class project, I was tasked with conducting a full forensic investigation of a laptop and thumb drive belonging to a suspect, Trebor White, who was under suspicion of involvement in drug and weapons trafficking. As part of the project, I created all the evidence, including encrypted files, hidden data, email communications, and location data. Using tools like FTK Imager, Autopsy, and Registry Explorer, I simulated the investigator’s role by analyzing the data, unlocking encryption, identifying external drives, and retrieving deleted files. The evidence I built for the project tied White to criminal activities through encrypted documents, communication records, and GPS coordinates for illicit pickups and drop-offs.
The project required me to meticulously document each step of the investigation, ensuring the integrity of the forensic process. I also matched the computer to a stolen laptop from UNC Charlotte by verifying the device’s registry data. Finally, I compiled a comprehensive forensic report that outlined my findings and linked the suspect to various criminal activities, demonstrating how a forensic investigator would go about solving such a case in the real world.
★
Skills From Duke Energy
During my internship at Duke Energy, I worked on several cases where I utilized tools such as Microsoft Purview for data governance and compliance, Splunk for log analysis and incident monitoring, and Magnet Axiom for deep forensic investigations, including file and artifact recovery. I also used FTK Imager to acquire and analyze forensic images, ensuring data integrity and proper documentation throughout each investigation. These tools helped me perform comprehensive forensic analysis and secure large data transfers in compliance with NERC CIP standards.