CSU

CSU — Official HQ

Crime Scene Unit · Secure Access

Field Action Order

CASE REF: CSU-001 · CLASSIFIED
SYSTEM: INITIALIZING
DATABASE: LOADING
ACCESS LEVEL: INVESTIGATOR
SESSION: --:--:--
FORENSIC SYMBOL SET: HEX-16
0 1 2 3 4 5 6 7 8 9 A B C D E F

SQL Query Terminal

SECURE CONNECTION · ENCRYPTED CHANNEL
forensic_db>
Stage 1 objective 0/1 Recover the original MAC (ROT-7), then query access_logs to reveal the session IP.
Recover original MAC offline, then: SELECT * FROM access_logs WHERE device_mac = '…original…'
استعد الماك الأصلي، ثم استعلم من access_logs بالماك الأصلي لاستخراج عنوان IP.

Analysis Results

AWAITING QUERY
Query executed successfully · 0 rows returned · 0ms
NO DATA — AWAITING SQL QUERY EXECUTION

Device Owner Query

OWNER CORRELATION · STAGE 2

Device Owner Query — Locked

Recover the session IP in Stage 1 before correlating the registered device owner.

Local Workstation Lock

IDENTITY CONFIRMATION · STAGE 3

Local Workstation Lock — Locked

Complete Stage 2 owner correlation (devices + employees) before unlocking the workstation.

Device Environment

READ-ONLY FORENSIC REVIEW · STAGE 4

Device Environment — Locked

Workstation access must be confirmed before environment inspection.

Mail Archive Review

LOCAL MAIL CACHE · STAGE 5

Mail Archive Review — Locked

Device environment access required to review archived correspondence.

Final Report / التقرير النهائي

CASE CONCLUSION · خلاصة القضية · STAGE 6

Final Report — Locked

Complete all investigation stages before submitting the final report.