logo

SIT703: Advanced Digital Forensics - Case Investigation Report

35 Pages2867 Words282 Views
   

Added on  2023-06-07

About This Document

This case investigation report discusses unauthorized computer access, password cracking, and log files to track events and rectify the problem. It also covers programs to scan for rootkit programs, windows logs, cracking passwords, and more. The report is for SIT703: Advanced Digital Forensics course.

SIT703: Advanced Digital Forensics - Case Investigation Report

   Added on 2023-06-07

ShareRelated Documents
SIT703: ADVANCED DIGITAL FORENSICS
TASK: CASE INVESTIGATION REPORT
STUDENT NAME:
STUDENT ID:
DATE:
SIT703: Advanced Digital Forensics - Case Investigation Report_1
Introduction
Computer crime is a crime that is directed at computers or other devices where the computer is
an integral part of the offence. Such crimes can be in forms of hacking, online scams, identity
theft, attacks on computer system and many others, (Agarwal et al 2011).
There are many ways through which one can gain access into somebody’s computer without his
or her permission. This can be by stealing the person’s computer and cracking the password.
This is known as advanced cybercrime. It involves interference with the computers software and
hardware, (Beebe 2009). Unauthorized computer access can also be done through hacking where
an individual applies spamming or phishing in order to acquire the computer user’s details to use
in cracking his or her password.
In the case of Amy, we are considering her case that her laptop was accessed by someone who
cracked her password and created another account, (Biggs & Vidalis 2009).
This case study is about how the unknown person possibly cracked the password of Amy’s
computer, the time he logged in, the type of activities he performed and the time he terminated
her activities.
In addition, the work will look on the important log files that are to be checked in the event of
unauthorized log in into the computer.
Lastly, the security of the windows system shall also be discussed. On how one’s password and
user name can be generated, how passwords can be generated using rainbow tables from hashes
generated by passwords, (Cao et al 2010).
SIT703: Advanced Digital Forensics - Case Investigation Report_2
Task 1. Two programs to scan for rootkit programs.
I will use Avast antirootkit and AVG anti root kit. These programs have the ability to detect and
remove the malwares using rootkit technologies, (Perumal, Norwawi & Raman 2015).
Fig 1. Avast antirootkit
SIT703: Advanced Digital Forensics - Case Investigation Report_3
Fig 2. AVG antirootkit.
Task 2. The four windows logs found after decompressing the windows registry are event,
auditing, security and access logs. The windows event log contained a detailed record of
application, security, setup, system and forwarded events of the system.
The application event log had information on the type and time that a computer software was
installed into the computer, (Casey 2011).
The security event log contained the computer’s audit policy which included the time of invalid
logins, number of attempts, and place from which the attempts were made, attempts to create and
edit objects in the system such as user account and system files.
The setup event log contained information on the application setup events performed on the
system such as windows updates, (Chung et al 2012).
The system event log contained information on the current state of the computer drivers after
configuration, including windows failure to start.
SIT703: Advanced Digital Forensics - Case Investigation Report_4
Forwarded event log contained information from the device from which another user used to
remotely access Amy’s computer by forwarding them.
To repair the logfiles and view the contained information on event viewer, I clicked to the start
button and entered “event viewer” into search field. I then selected the critical level event log.
Fig 3. Event viewer.
Arif then clicked on the filter in order to view the application, security, setup, system and
forwarded event log for trouble shooting and repair. On the action menu of the event viewer, he
selected “open saved log” then proceeded to event log file and then navigated to the windows
registry logfiles and selected application event log and opened it. The event viewer automatically
converted the application event log file into event log format which was displayed and read on an
event viewer. He did the same process for security, setup, system and forwarded event logs
respectively to view their file log contents, (Dykstra & Sherman 2013).
SIT703: Advanced Digital Forensics - Case Investigation Report_5
Task 3. The logfile having information on the creation of new account was security event log.
Event ID 4720 was used to create a new local user account which was recognized by the existing
account, (Martini & Choo 2012). To locate this ID,Security on “event viewer” was clicked and
ID number was keyed in as shown below.
Fig 4. Event ID number
SIT703: Advanced Digital Forensics - Case Investigation Report_6
The account creation event is as shown below.
Fig 5. Account-creation event.
SIT703: Advanced Digital Forensics - Case Investigation Report_7
Task 4. There are many ways that her password would have been cracked either by the hacker
accessing his computer through malware or by having it physically. In this case, we are cracking
a password by having a physical access to the computer, (Raghavan 2013).
The first step is to restart the computer.
Fig 6. Restarting computer
SIT703: Advanced Digital Forensics - Case Investigation Report_8

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Assignment of Digital Forensics
|18
|1528
|292

Open Vulnerability Assessment System (OpenVAS)
|9
|1326
|180

Advanced Digital Forensics Investigation | Desklib
|31
|1904
|361

Audit Policy and Security Guidelines for Rouge Company
|5
|973
|230

Security Issues in Networking
|6
|1229
|54

Enhancing Network Security for NextGard: Best Practices and Recommendations
|11
|2582
|64