Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

SECRET//20340424
Appendix A: (U) Forensic Examination Results
(U) Tool Name: Express Lane v3.1.1
(U) Date of Report: 28 Apr 2009
(U) Reference Documents
(S) IMIS Req #: 2009-1655
(S) Live Examination Checklist V1.doc
(S) Post Mortem Analysis Checklist V1.doc
S:\DO\IOC\EDG ALL\Front Office\EDG Systems Engineering\IVV\Forensics\Checklists
(U) Executive Summary:
(S/NF) Though the tool does not change the modified date/time for the collected files, the
accessed date and times are changed. Table 1 contains a list of files and/or directories
containing evidence of tool activity categorized by operating system. Details of the
evidence discovered in each file can be found in the Examination Results section of this
report.
Table 1. (S) Files/Directories Containing Evidence
Windows XP Pro SP2 32-bit
*.eft
*.ldf
*.mdf
(U) Subject Computers and Media Examined:
Subject A. Dell Vostro 200 with Windows XP Professional SP2 64 Bit installed
(U) Examination Procedure:
(S) This examination was conducted in accordance with established IV&V checklists and
procedures. Supporting documentation can be found on the CWE Share at the following
path:
S:\DO\IOC\EDG ALL\Front Office\EDG Systems Engineering\IVV\Forensics
(U) Examination Results:
(U) Findings
(S/NF) In accordance with COG Requirement #2009-1655 from the IMIS requirement
documentation, the following statement below is categorized as a finding:
(S/NF) 1. None.
(
U) Observations
SECRET//20340424
9

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh