Computer Forensics Analysis of Clown Content on a Hard Drive
Added on 2023-06-03
46 Pages6164 Words456 Views
Page 1 of 46
Introductory
computer forensics
Introductory
computer forensics
Page 2 of 46
Executive summary
In this project the analysis is made based on the given case study. Initially the given disk
image is analyzed. The autopsy tool is considered as the best tool for the disk analysis. The
overview of the forensic tools are made. The description and installation procedures are
delivered regarding the forensic tools. The screenshots are added for the installation. The clown
contents are identified from the hard drive. The discovered clown contents are mentioned in the
presentation part. The clown contents are found in the way of pictures, videos and pdf contents.
The discovered images are added in the presentation section. The justification is provided for
each findings. From the clown images and contents the suspect could be identified. The Clark is
decided as a suspect from the analysis. Next the identification is made regarding the ownership
of the files. In that the owner of the clown contents has been identified. The intention of this
analysis is explained. And the quantity of the files are described. Totally ten or more clown
images are found. One clown dancing video is found. The installed software’s are found from the
analysis. The running sheet and the timeline are provided regarding the event analysis.
Executive summary
In this project the analysis is made based on the given case study. Initially the given disk
image is analyzed. The autopsy tool is considered as the best tool for the disk analysis. The
overview of the forensic tools are made. The description and installation procedures are
delivered regarding the forensic tools. The screenshots are added for the installation. The clown
contents are identified from the hard drive. The discovered clown contents are mentioned in the
presentation part. The clown contents are found in the way of pictures, videos and pdf contents.
The discovered images are added in the presentation section. The justification is provided for
each findings. From the clown images and contents the suspect could be identified. The Clark is
decided as a suspect from the analysis. Next the identification is made regarding the ownership
of the files. In that the owner of the clown contents has been identified. The intention of this
analysis is explained. And the quantity of the files are described. Totally ten or more clown
images are found. One clown dancing video is found. The installed software’s are found from the
analysis. The running sheet and the timeline are provided regarding the event analysis.
Page 3 of 46
Table of Contents
Introduction...............................................................................................................................................3
Overview of Forensic tools........................................................................................................................3
Presentation of Clown content................................................................................................................19
Identification............................................................................................................................................32
Intention...................................................................................................................................................33
Quantity of files.......................................................................................................................................34
Installed Software’s.................................................................................................................................34
Conclusion................................................................................................................................................35
References................................................................................................................................................36
Appendix A – Running sheet..................................................................................................................39
Appendix B-Timeline of events...............................................................................................................42
Table of Contents
Introduction...............................................................................................................................................3
Overview of Forensic tools........................................................................................................................3
Presentation of Clown content................................................................................................................19
Identification............................................................................................................................................32
Intention...................................................................................................................................................33
Quantity of files.......................................................................................................................................34
Installed Software’s.................................................................................................................................34
Conclusion................................................................................................................................................35
References................................................................................................................................................36
Appendix A – Running sheet..................................................................................................................39
Appendix B-Timeline of events...............................................................................................................42
Page 4 of 46
Introduction
The case study will be analyzed. And the requirements will be identified. The description
will be provided regarding to the forensic tools. The suitable tool will be decided for the disk
analysis. The autopsy tool is mentioned. Another tools are FTK imager and operating system
forensics. The installing steps will be described for the forensic tools. The description is provided
regarding tools definition and features. Totally five issues will be explained here. The first issue
is the presentation part. In this the clown related contents will be identified and analyzed. And
the screenshots will be added for the clown contents ("Digital Evidence and Forensics | National
Institute of Justice", 2018). In the second issue the identification will be done regarding the file
ownership. Next the third issue will be done. The intention of the analysis will be explained. The
installed software’s will be analyzed ("What is Digital Forensics? - Definition from Techopedia",
2018). The justification will be provided regarding the clown findings. The finding results will
be added through the screenshots. The running sheet and the event timeline are provided with the
table (Geradts & Bijhold, 2002).
Overview of Forensic tools
FTK imager
FTK imager is a forensic tool which is created by Access Data and using this feature the
different forensics operations were done. FTK imager will create a copy or an evidence in the
tool without making any changes in the original data. The different forensics operation include
the scanning, locating, discovering etc. This FTK imager can also able to recover the deleted
images and using the deleted image this tool will also identifies the hidden contents in the
deleted images (Liu, Ling, Zou, Yan & Lu, 2010). This FTK imager will also supports the disk
imaging feature and using this feature the analysis will be done very easily. It identifies the
hidden contents by uploading a dummy image in the hard drive and reconstructed the image in
the drive again. During this technique all the other hidden information will be identified (Norell
et al., 2014). There are different features are there in the FTK imager (Luo, Huang & Qiu, 2010).
They are:
Introduction
The case study will be analyzed. And the requirements will be identified. The description
will be provided regarding to the forensic tools. The suitable tool will be decided for the disk
analysis. The autopsy tool is mentioned. Another tools are FTK imager and operating system
forensics. The installing steps will be described for the forensic tools. The description is provided
regarding tools definition and features. Totally five issues will be explained here. The first issue
is the presentation part. In this the clown related contents will be identified and analyzed. And
the screenshots will be added for the clown contents ("Digital Evidence and Forensics | National
Institute of Justice", 2018). In the second issue the identification will be done regarding the file
ownership. Next the third issue will be done. The intention of the analysis will be explained. The
installed software’s will be analyzed ("What is Digital Forensics? - Definition from Techopedia",
2018). The justification will be provided regarding the clown findings. The finding results will
be added through the screenshots. The running sheet and the event timeline are provided with the
table (Geradts & Bijhold, 2002).
Overview of Forensic tools
FTK imager
FTK imager is a forensic tool which is created by Access Data and using this feature the
different forensics operations were done. FTK imager will create a copy or an evidence in the
tool without making any changes in the original data. The different forensics operation include
the scanning, locating, discovering etc. This FTK imager can also able to recover the deleted
images and using the deleted image this tool will also identifies the hidden contents in the
deleted images (Liu, Ling, Zou, Yan & Lu, 2010). This FTK imager will also supports the disk
imaging feature and using this feature the analysis will be done very easily. It identifies the
hidden contents by uploading a dummy image in the hard drive and reconstructed the image in
the drive again. During this technique all the other hidden information will be identified (Norell
et al., 2014). There are different features are there in the FTK imager (Luo, Huang & Qiu, 2010).
They are:
Page 5 of 46
creates the images for forensics operation, folder and file previewing, previewing the own
contents, exports the files, creates hashes in the files, recovers the files and its contents after the
deletion of the file, mounting the images to the drive, generating the hash reports to the files etc.
these are the different features of the FTK imager (Wen & Yu, 2003).
Autopsy
Autopsy is a forensic tool and it is similar to the sleuth kit and using this tool the
forensics operations such as identifications, investigations and recovering procedures can be
done. It is an open source and platform independent tool which consists of different features for
accessing the hidden information (Cooper, 2008). Normally this autopsy tool is used in the fields
like law and order, defense services, and other crime investigating fields etc. Using this tool we
can able to recover the deleted contents in a storage device. For example we can able to restore
the deleted images in our phone memory card. The below listed items are the different features
of the Autopsy tool (2018) (Cain, Brazelton & Dye, 2016).
Easy to use
The graphical user interface of this tool good. Hence the use of this tool is very easy and
handling the different operations are easily achieved (Dalrymple & Smith, n.d.).
Extensible
The different modules are there in the autopsy. Hence the tool is extensible. The different
modules of the autopsy are timeline analysis, hash filtering, keyword search, multimedia support,
data carving etc. (Finn, 2009).
Fast
This is tool is very fast during the investigation and analysis will be done with in the
some short period of time.
Input formats
The autopsy tool will analyze the different sort of files such as disk images, files or
folders in the different locations using the E01 input file formats ("Autopsy: Lesson 1:
Analyzing Deleted JPEGs", 2018).
creates the images for forensics operation, folder and file previewing, previewing the own
contents, exports the files, creates hashes in the files, recovers the files and its contents after the
deletion of the file, mounting the images to the drive, generating the hash reports to the files etc.
these are the different features of the FTK imager (Wen & Yu, 2003).
Autopsy
Autopsy is a forensic tool and it is similar to the sleuth kit and using this tool the
forensics operations such as identifications, investigations and recovering procedures can be
done. It is an open source and platform independent tool which consists of different features for
accessing the hidden information (Cooper, 2008). Normally this autopsy tool is used in the fields
like law and order, defense services, and other crime investigating fields etc. Using this tool we
can able to recover the deleted contents in a storage device. For example we can able to restore
the deleted images in our phone memory card. The below listed items are the different features
of the Autopsy tool (2018) (Cain, Brazelton & Dye, 2016).
Easy to use
The graphical user interface of this tool good. Hence the use of this tool is very easy and
handling the different operations are easily achieved (Dalrymple & Smith, n.d.).
Extensible
The different modules are there in the autopsy. Hence the tool is extensible. The different
modules of the autopsy are timeline analysis, hash filtering, keyword search, multimedia support,
data carving etc. (Finn, 2009).
Fast
This is tool is very fast during the investigation and analysis will be done with in the
some short period of time.
Input formats
The autopsy tool will analyze the different sort of files such as disk images, files or
folders in the different locations using the E01 input file formats ("Autopsy: Lesson 1:
Analyzing Deleted JPEGs", 2018).
Page 6 of 46
Reporting
Reporting is another feature in the autopsy and using this module the different sort of
reports as well as investigations have been identified ("Autopsy | Open Source Digital
Forensics", 2018). The reporting in the autopsy tool will happen in the form of keyword hits,
documents, and histories etc. (2018).
The other features of the Autopsy tool are:
Multi user cases, registry analysis, email analysis, file type sorting, media playback, hash
set filtering, android support, Unicode string extraction, robust file system analysis, Data
carving, Data visualization, Web viewer, Cerberus etc. these are the different features of the
autopsy and using these features the autopsy tool can able to do different forensics operations
that are helpful for the analyzing and identifying the different media contents ("Digital
forensics", 2018).
Email analysis
FTK imager gives the feature called email analysis and using this analysis one can able to
analyze the contents in the email and also used to identify the source IP address (Carbone, 2014).
OCR
These are the different features of the Autopsy tool ("Autopsy", 2018).
OS Forensics
OS forensics is a kind of tool or software technique which is used to investigate and
analyze the digital data or an evidence from the given data. The data may present in the form of
any format. This OS forensics tool uses different forensics techniques to identify and analyze a
different kind of contents present in a certain location (Fichera & Bolt, 2013). This OS forensics
is also used to discover the hidden contents in the storage devices such as hard drives, compact
disks and other USB storage devices (Mahdian & Saic, 2009).
This OS forensics also have other functionalities that are used to achieve the digital
forensics capabilities (FTK shi zhan ying yong, 2015). The different functionalities of the OS
Reporting
Reporting is another feature in the autopsy and using this module the different sort of
reports as well as investigations have been identified ("Autopsy | Open Source Digital
Forensics", 2018). The reporting in the autopsy tool will happen in the form of keyword hits,
documents, and histories etc. (2018).
The other features of the Autopsy tool are:
Multi user cases, registry analysis, email analysis, file type sorting, media playback, hash
set filtering, android support, Unicode string extraction, robust file system analysis, Data
carving, Data visualization, Web viewer, Cerberus etc. these are the different features of the
autopsy and using these features the autopsy tool can able to do different forensics operations
that are helpful for the analyzing and identifying the different media contents ("Digital
forensics", 2018).
Email analysis
FTK imager gives the feature called email analysis and using this analysis one can able to
analyze the contents in the email and also used to identify the source IP address (Carbone, 2014).
OCR
These are the different features of the Autopsy tool ("Autopsy", 2018).
OS Forensics
OS forensics is a kind of tool or software technique which is used to investigate and
analyze the digital data or an evidence from the given data. The data may present in the form of
any format. This OS forensics tool uses different forensics techniques to identify and analyze a
different kind of contents present in a certain location (Fichera & Bolt, 2013). This OS forensics
is also used to discover the hidden contents in the storage devices such as hard drives, compact
disks and other USB storage devices (Mahdian & Saic, 2009).
This OS forensics also have other functionalities that are used to achieve the digital
forensics capabilities (FTK shi zhan ying yong, 2015). The different functionalities of the OS
Page 7 of 46
forensics are email analysis, data imaging, image restoration, data acquisition, extraction of the
data etc. using these different functionalities the OS forensics does the different analyzing
techniques to find the hidden content (Pasquini, 2016).
Apart from the different functionalities of the OS forensics, there are different features
are also there (2018). The different features of the OS forensics are finding the files very quickly,
search the contents within the files, search for emails, recovers the deleted contents, uncovers the
recent activities, collecting the system information, viewing the active memory contents,
extracting the login credentials, detecting the hidden contents in the disk areas. These are the
different features of the OS forensics (Stadlinger & Dewald, 2017).
Finding the files very quickly
OS forensics has a special feature called finding the particular file for forensics operation
in a quick session of time. The searching operation in the OS forensics has very fast and results
for the particular search will happen in a short period of time (Chandel, 2018).
Search for emails
It is a feature in the OS forensics and it has an ability to search the email archives. Using
this search the different hidden contents may be identified or the individual messages can also be
identified (Gardner & Bevel, 2009).
Recovers the deleted contents
Recovers the deleted contents is a feature and using this feature the OS forensics tool will
identify the deleted contents after recovering the data from the recycle bin. Once the file is
restored then the file is recovered to its previous location.
Uncovers the recent activities
OS forensics has a special feature called uncovering the recent activities. Using this
feature the recent activities has been easily recovered or identified during the unexpected closing
periods. The recent activities include opened documents, connected network shares, browsing
history etc.
Collecting the system information
forensics are email analysis, data imaging, image restoration, data acquisition, extraction of the
data etc. using these different functionalities the OS forensics does the different analyzing
techniques to find the hidden content (Pasquini, 2016).
Apart from the different functionalities of the OS forensics, there are different features
are also there (2018). The different features of the OS forensics are finding the files very quickly,
search the contents within the files, search for emails, recovers the deleted contents, uncovers the
recent activities, collecting the system information, viewing the active memory contents,
extracting the login credentials, detecting the hidden contents in the disk areas. These are the
different features of the OS forensics (Stadlinger & Dewald, 2017).
Finding the files very quickly
OS forensics has a special feature called finding the particular file for forensics operation
in a quick session of time. The searching operation in the OS forensics has very fast and results
for the particular search will happen in a short period of time (Chandel, 2018).
Search for emails
It is a feature in the OS forensics and it has an ability to search the email archives. Using
this search the different hidden contents may be identified or the individual messages can also be
identified (Gardner & Bevel, 2009).
Recovers the deleted contents
Recovers the deleted contents is a feature and using this feature the OS forensics tool will
identify the deleted contents after recovering the data from the recycle bin. Once the file is
restored then the file is recovered to its previous location.
Uncovers the recent activities
OS forensics has a special feature called uncovering the recent activities. Using this
feature the recent activities has been easily recovered or identified during the unexpected closing
periods. The recent activities include opened documents, connected network shares, browsing
history etc.
Collecting the system information
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Computer Forensics: Investigation of Clown Content using Autopsy and FTK Imagerlg...
|46
|9531
|242
Computer Forensics Investigation on Clown Content Offence in Western Australialg...
|47
|6608
|329
Computer Forensics: Tools and Techniques for Digital Investigationlg...
|68
|6481
|239
Computer Forensics: Strategies and Resources for Investigationlg...
|47
|5976
|157
MN624 Digital Forensics - Assignmentlg...
|19
|1225
|41
Computer Forensics: Investigation, Resources, and Toolslg...
|57
|7403
|287