Computer Forensics Analysis Project

Table of Content

Case Background

The Suni Munshani v. Signal Lake Venture Fund II, LP, et al suit is about email tampering, perjury, and fraud. On December 18, 2000, Suni Munshani (Plaintiff) filed a suit against Signal Lake Venture Fund. Mr. Munshani claimed that he was entitled to warrants in excess of $25 million dollars from Signal Lake. In February 2001, Signal Lake Venture Fund II, LP, et al. (Defendant) became privy to the court filings in this case. Within the filings there was an email provided by Mr. Munshani from Hemant Trivedi, CEO of one of the portfolio companies, stating he was indeed entitled to the warrants. Mr. Trivedi denied any knowledge of the email or any such communication with Mr. Munshani. In an effort to prove their innocence, Signal Lake hired a computer forensic group to conduct a private investigation. The investigation did not show any evidence of the supposed email provided to the court by Mr. Munshani. Mr. Trivedi filed an affidavit stating that the email was forged, while Mr. Munshani filed an affidavit stating the email was real.

In March 2001, a computer forensics expert, Kenneth R. Shear was appointed by the court to perform a forensic examination on the questioned message (the message provided by Mr. Munshani) and the comparative message (a second message from Mr. Trivedi found on Mr. Munshani’s computer). Mr. Shear worked for a company called Electronic Evidence Discovery, Inc. (EED). Mr. Shear’s forensic analysis involved the examination of 33 drives of both Mr. Munshani and Mr. Trivedi. The drives included laptops, personal computers, tape disks, and SCSI backups. In addition, multiple CDROM’s were analyzed. The report was written in a format that explained complicated details so that a layman could understand.

This essay could be plagiarized. Get your custom essay
“Dirty Pretty Things” Acts of Desperation: The State of Being Desperate
128 writers

ready to help you now

Get original paper

Without paying upfront

A variety of software and techniques were used in the imaging and evaluation of the drives. Duplicate “mirror” copies of the computer hard drives were performed using a computer program called Safe back, version 2. 0. Once the images were restored to clean hard drives, a computer program called EnCase was used to search the restored drives. EED also used EnCase and proprietary utilities to search the hard drives of restored image copies performed by Deloitte and Touche. Mr. Shear’s report included a step-by-step analysis of the examinations performed. Mr. Shear and his associates were able to determine that the questioned email message was downloaded from an email server onto Mr. Munshani’s laptop on August 3, 2000. On December 19, 2000, Mr. Munshani altered the email message and the contents of the email header. Mr. Shear noted that although Mr. Munshani knew what the header data need to reflect, he did not understand what should have been changed.

Mr. Shear also noted the following opinions:

  • The questioned email was copied from the comparative email.
  • There was an inconsistency between the message ID and the message time in the questioned email.
  • There was an inconsistency between the sent and received dates shown on the questioned email and the creation and modified dates.
  • There was an absence of any record of the transmission of the questioned email in the email server logs for Signal Lake.

Mr. Shear took 7 months to complete his investigation, presenting his report in September 2001. His report totaled 147 pages and provided evidence that showed the questioned message was not authentic. Ultimately, Mr. Munshani was caught by the duplication process he used in which the questioned email contained the same ID number (known as an ESMTP ID) as in the comparative email.

An ESMTP ID number is unique to a particular email and no two emails passing through the same server would have the same ESMTP ID number. The Court ordered the case dismissed and Mr. Munshani to pay all the costs incurred by Signal Lake due to Mr. Munshani’s fraud, including the cost of Mr. Shear.

Lessons Learned

There are multiple lessons to be learned from this case.

  1. First, and foremost, don’t lie.
  2. Archive your email. Have a retention policy in place.
  3. Email is important and necessary to save.
  4. Email can be dangerous, so use it cautiously.
  5. That there is a multitude of tools and methods for evaluating data.
  6. Analyze message headers and Outlook metadata.
  7. Use keyword searches during your forensic analysis.

References

  1. Shear, Kenneth. Report of Kenneth Shear. 12 September 2001; http://www.signallake.com/litigation/shear_report_munshani. pdf;
  2. Suni Munshani v. Signal Lake Venture Fund II, LP, et al. 1-7. No.00-5529. Suffolk County Superior Court. 9 October 2001; http://www. signallake.com/litigation/ma_order_munhshani.pdf;
  3. Weigarten, Michael and Adam Weingarten. Email Tampering – This Time, The Good Guys Won. January 2002. Business Communications Review.

Cite this page

Computer Forensics Analysis Project. (2016, Dec 12). Retrieved from

https://graduateway.com/computer-forensics-analysis-project/

Remember! This essay was written by a student

You can get a custom paper by one of our expert writers

Order custom paper Without paying upfront