Computer Forensics: Strategies and Resources for Investigation
VerifiedAdded on 2023/06/03
|47
|5976
|157
AI Summary
This article discusses the strategies and resources used in computer forensics investigations, including the forensic tools FTK Imager, Autopsy, and OSForensics. It describes how these tools are used to collect digital evidence related to offences, and provides step-by-step instructions for installing them.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Computer Forensics
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
1. Introduction...................................................................................................................................2
2. Overview of tasks...........................................................................................................................2
3. Strategies and Resources...............................................................................................................2
4. Progress........................................................................................................................................17
4.1 Representation of Content related to offence........................................................................17
4.2 Evidence Identification............................................................................................................35
4.3 Intent of the digital content.....................................................................................................36
4.4 File Quantity............................................................................................................................37
4.5 Software installed related to investigation.............................................................................38
5. Conclusion....................................................................................................................................38
6. References....................................................................................................................................39
APPENDIX A......................................................................................................................................43
APPENDIX B.......................................................................................................................................45
Page 1 of 47
1. Introduction...................................................................................................................................2
2. Overview of tasks...........................................................................................................................2
3. Strategies and Resources...............................................................................................................2
4. Progress........................................................................................................................................17
4.1 Representation of Content related to offence........................................................................17
4.2 Evidence Identification............................................................................................................35
4.3 Intent of the digital content.....................................................................................................36
4.4 File Quantity............................................................................................................................37
4.5 Software installed related to investigation.............................................................................38
5. Conclusion....................................................................................................................................38
6. References....................................................................................................................................39
APPENDIX A......................................................................................................................................43
APPENDIX B.......................................................................................................................................45
Page 1 of 47
1. Introduction
In the Western Australia, a computer is seized from a work place. Because, the according
to the information the clown content is accessed by the computer. Accessing, owing and
distributing the clown content in Western Australia is illegal. The seized computer is forensically
investigated. The forensic image of hard drive is obtained. The forensic image is known as
digital evidence. The digital evidence related to the offence is collected. Now, the forensic
investigation will be done on the obtained forensic image. This will be done by using forensic
tools. The tools used for forensic investigation are OSForensics, Autopsy and FTK Imager. The
ownership identification, intention of the offence and the number of files present in the forensic
image will be found.
2. Overview of tasks
The forensic tools are downloaded and installed to analyze the forensic image from the
computer in which the offence is take place. First task is collecting the forensic image of the
offence computer. After that analyze the forensic image using appropriate tools. By using these
tools the clown content is found which is illegal in Western Australia.
3. Strategies and Resources
The resources used for the investigation are FTK Imager, OSForensics tool and Autopsy.
The Clark who is a suspect, the investigator and a junior investigator. And a system in which the
forensic investigation will done. The tools used for investigating the given forensic image are
explained below in detail ("Dendroecology: A Key Forensic Age-Dating Tool", 2005).
FTK imager
FTK imager is a forensic tool and a software library package which is used for Access the
data from the image ("AccessData", 2018). FTK stores the images in the SMART file format and
it is used in the different technologies. It is used to find the different PC crime scene and
investigation programming made by Access Data. The toolbox likewise incorporates an
independent plate imaging program called FTK Imager. The FTK imager is a software
Page 2 of 47
In the Western Australia, a computer is seized from a work place. Because, the according
to the information the clown content is accessed by the computer. Accessing, owing and
distributing the clown content in Western Australia is illegal. The seized computer is forensically
investigated. The forensic image of hard drive is obtained. The forensic image is known as
digital evidence. The digital evidence related to the offence is collected. Now, the forensic
investigation will be done on the obtained forensic image. This will be done by using forensic
tools. The tools used for forensic investigation are OSForensics, Autopsy and FTK Imager. The
ownership identification, intention of the offence and the number of files present in the forensic
image will be found.
2. Overview of tasks
The forensic tools are downloaded and installed to analyze the forensic image from the
computer in which the offence is take place. First task is collecting the forensic image of the
offence computer. After that analyze the forensic image using appropriate tools. By using these
tools the clown content is found which is illegal in Western Australia.
3. Strategies and Resources
The resources used for the investigation are FTK Imager, OSForensics tool and Autopsy.
The Clark who is a suspect, the investigator and a junior investigator. And a system in which the
forensic investigation will done. The tools used for investigating the given forensic image are
explained below in detail ("Dendroecology: A Key Forensic Age-Dating Tool", 2005).
FTK imager
FTK imager is a forensic tool and a software library package which is used for Access the
data from the image ("AccessData", 2018). FTK stores the images in the SMART file format and
it is used in the different technologies. It is used to find the different PC crime scene and
investigation programming made by Access Data. The toolbox likewise incorporates an
independent plate imaging program called FTK Imager. The FTK imager is a software
Page 2 of 47
acquisition tool. It is used to preview the evidence quickly ("Chapter 8 - FTK Imager
Walkthrough - Incident Response and Computer Forensics, 3rd Edition", 2018). The computer
forensics will be examined through the forensic toolkit manager. This forensic tool mainly used
to get the evidence and keep it as secure. Also make the analysis about the evidence. IT makes
the computer evidence as original. For that it had two ways, one is creating the image off suspect
drive by the usage of hardware devices or software resources. It had many specifications
regarding with the forensic investigation. They are described below ("Evidence Acquisition
Using Accessdata FTK Imager", 2018). First one is email analysis. According to the email
analysis the forensic tool provides interface for the email analysis. Also this tool is used to make
the email parsing, header analysis regarding to the IP address. Next one is the file encryption. It
is considered as the essential feature of forensic toolkit imager ("Forensic Toolkit FTK Imager
Free Download - ALL PC World", 2018). It is used to crack the password. By the use of FTK
imager we can retrieve the passwords over hundred applications ("FTK Imager - ForensicsWiki",
2018). Third one is data carving. By use the of forensic toolkit imager the robust data would be
obtained. Also the investigators have the option to find the files based on the size and data types
of the file. Fourth one is data visualization. This is considered as emerging one regarding to the
forensic investigation. For the analysis of text data the investigators using the data visualization.
It also helpful for the users in the way of making timeline construction, cluster graphs and also
the geo location ("Ftk Imager - Free downloads and reviews - CNET Download.com", 2018).
The web viewer also considered as the important one and it is used to accelerate the case
assessments in real time. The multicast routing would be done by using the web viewer. Another
feature is represented as Cerberus. It is used as the powerful automated malware detection. Here
the machine intelligence concepts are used to sniffing the malware regarding the computers.
OCR is next feature and it known as optical character recognition. It is used to make the images
into readable text. Also it enables the multi-language support.
Installation of Forensic toolkit imager
The steps are listed below regarding to the installation of forensic toolkit imager. The
screenshots are added for the installation steps. It staring with the initial step of installation and
ending with the completion.
Step 1- Welcome page
Page 3 of 47
Walkthrough - Incident Response and Computer Forensics, 3rd Edition", 2018). The computer
forensics will be examined through the forensic toolkit manager. This forensic tool mainly used
to get the evidence and keep it as secure. Also make the analysis about the evidence. IT makes
the computer evidence as original. For that it had two ways, one is creating the image off suspect
drive by the usage of hardware devices or software resources. It had many specifications
regarding with the forensic investigation. They are described below ("Evidence Acquisition
Using Accessdata FTK Imager", 2018). First one is email analysis. According to the email
analysis the forensic tool provides interface for the email analysis. Also this tool is used to make
the email parsing, header analysis regarding to the IP address. Next one is the file encryption. It
is considered as the essential feature of forensic toolkit imager ("Forensic Toolkit FTK Imager
Free Download - ALL PC World", 2018). It is used to crack the password. By the use of FTK
imager we can retrieve the passwords over hundred applications ("FTK Imager - ForensicsWiki",
2018). Third one is data carving. By use the of forensic toolkit imager the robust data would be
obtained. Also the investigators have the option to find the files based on the size and data types
of the file. Fourth one is data visualization. This is considered as emerging one regarding to the
forensic investigation. For the analysis of text data the investigators using the data visualization.
It also helpful for the users in the way of making timeline construction, cluster graphs and also
the geo location ("Ftk Imager - Free downloads and reviews - CNET Download.com", 2018).
The web viewer also considered as the important one and it is used to accelerate the case
assessments in real time. The multicast routing would be done by using the web viewer. Another
feature is represented as Cerberus. It is used as the powerful automated malware detection. Here
the machine intelligence concepts are used to sniffing the malware regarding the computers.
OCR is next feature and it known as optical character recognition. It is used to make the images
into readable text. Also it enables the multi-language support.
Installation of Forensic toolkit imager
The steps are listed below regarding to the installation of forensic toolkit imager. The
screenshots are added for the installation steps. It staring with the initial step of installation and
ending with the completion.
Step 1- Welcome page
Page 3 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The initial page for the installation is displayed in the above. The install shield wizard is
appeared. The warning section is provided.
Step 2- License agreement
The license agreement is shown in the above screenshot. The license is accepted. It is
provided for the purpose of security.
Page 4 of 47
appeared. The warning section is provided.
Step 2- License agreement
The license agreement is shown in the above screenshot. The license is accepted. It is
provided for the purpose of security.
Page 4 of 47
Step 3- Destination folder
The storage path of the access data FK imager is appeared. The path is displayed.
Step 4- Starting of the installation
The ready stage is displayed for the installation. Here the install button should be clicked.
Step 5 – Installing access data FTK imager
Page 5 of 47
The storage path of the access data FK imager is appeared. The path is displayed.
Step 4- Starting of the installation
The ready stage is displayed for the installation. Here the install button should be clicked.
Step 5 – Installing access data FTK imager
Page 5 of 47
The process of installing is appeared. The status is displayed for the installation.
Step 6 – Completion of wizard
The completion process is appeared. It will ready to launch the access data FTK imager.
Step 7- Home page of FTK imager
Page 6 of 47
Step 6 – Completion of wizard
The completion process is appeared. It will ready to launch the access data FTK imager.
Step 7- Home page of FTK imager
Page 6 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The home page of the forensic toolkit imager is appeared in the screenshot. It shown the
generic options regarding the tool (Bowser-Rollins, 2018).
Step 8- Source selection
The source selection is displayed in the screenshot. The evidence types are shown.
Autopsy
Page 7 of 47
generic options regarding the tool (Bowser-Rollins, 2018).
Step 8- Source selection
The source selection is displayed in the screenshot. The evidence types are shown.
Autopsy
Page 7 of 47
Autopsy is a computerized device and it is mainly used for doing the forensics things and
it is tool works in forensics platform and the GUI ("Autopsy - Basis Technology", 2018). It is
mainly used in the fields like law requirement activities, defense services, and other corporate
analysts who wants to secure their contents ("Autopsy - Digital Forensics Platform - Hacking
Vision", 2018). This tool is also used for exploring the contents like checking and investigating
the computers to find what kind of activities occurred on a Personal Computers. Using this we
can also does the features like recovering images in our camera's memory card. This tool is also
used for other backup purposes ("Autopsy – Training | Autopsy", 2018). The software is to a
great extent kept up by Basis Technology Corp. with the help of developers from the network.
The organization offers bolster administrations and preparing for utilizing the product. The GUI
of this tool shows the outcomes from the fundamental volume creation and using this tool it
simpler for specialists to retrieve the relevant areas of information ("Autopsy | Open Source
Digital Forensics", 2018). It is the forensic tool or software that makes it less difficult to send a
significant number of the free generation programs and modules which are used in the Sleuth Kit
("Autopsy of a Dill Pickle-Introductory Lab for Anatomy or Forensics!", 2018). This tool also
gives various capacities that guide on the off chance that administration. Specifically,
examinations began inside this tools are composed by cases, which can contains different hosts
("Autopsy", 2018). Each and every hosts are arranged to have its opportunity zone for setting the
time with the goal that the occasions demonstrated are the equivalent as the first client would
have seen. Each host can contain at least one record framework pictures to investigate. The
designed autopsy tool has some specific principles. First one is extensible ("International
Environmental Forensics Conference Qingdao, China, May 27–30, 2008", 2007). The new
functionality should be added by developing the plugins. Also the tool should be provide the
standard mechanism regarding the features. It offer many function to the development of case
management. Investigators mostly use this case management. The functions are listed below.
The event sequencer is a kind of function used in the case management. The time based
events could be added ("Autopsy", 2018). The autopsy tool is used to sort the events. So through
this function the investigators can easily determine the events. Next function is the notes. These
notes could be saved based on the investigators. These functions are used to the investigators for
creating the notes about the files and structures. These notes are stored in the format such as
ASCII value. The image integrity is considered as the third function ("Autopsy: Lesson 1:
Page 8 of 47
it is tool works in forensics platform and the GUI ("Autopsy - Basis Technology", 2018). It is
mainly used in the fields like law requirement activities, defense services, and other corporate
analysts who wants to secure their contents ("Autopsy - Digital Forensics Platform - Hacking
Vision", 2018). This tool is also used for exploring the contents like checking and investigating
the computers to find what kind of activities occurred on a Personal Computers. Using this we
can also does the features like recovering images in our camera's memory card. This tool is also
used for other backup purposes ("Autopsy – Training | Autopsy", 2018). The software is to a
great extent kept up by Basis Technology Corp. with the help of developers from the network.
The organization offers bolster administrations and preparing for utilizing the product. The GUI
of this tool shows the outcomes from the fundamental volume creation and using this tool it
simpler for specialists to retrieve the relevant areas of information ("Autopsy | Open Source
Digital Forensics", 2018). It is the forensic tool or software that makes it less difficult to send a
significant number of the free generation programs and modules which are used in the Sleuth Kit
("Autopsy of a Dill Pickle-Introductory Lab for Anatomy or Forensics!", 2018). This tool also
gives various capacities that guide on the off chance that administration. Specifically,
examinations began inside this tools are composed by cases, which can contains different hosts
("Autopsy", 2018). Each and every hosts are arranged to have its opportunity zone for setting the
time with the goal that the occasions demonstrated are the equivalent as the first client would
have seen. Each host can contain at least one record framework pictures to investigate. The
designed autopsy tool has some specific principles. First one is extensible ("International
Environmental Forensics Conference Qingdao, China, May 27–30, 2008", 2007). The new
functionality should be added by developing the plugins. Also the tool should be provide the
standard mechanism regarding the features. It offer many function to the development of case
management. Investigators mostly use this case management. The functions are listed below.
The event sequencer is a kind of function used in the case management. The time based
events could be added ("Autopsy", 2018). The autopsy tool is used to sort the events. So through
this function the investigators can easily determine the events. Next function is the notes. These
notes could be saved based on the investigators. These functions are used to the investigators for
creating the notes about the files and structures. These notes are stored in the format such as
ASCII value. The image integrity is considered as the third function ("Autopsy: Lesson 1:
Page 8 of 47
Analyzing Deleted JPEGs", 2018). Here the forensic investigation is used to ensuring the data is
modified during the analysis. The autopsy tool develop the MD5 value for all files ("Hacking &
Digital Forensics & Autopsy - Stay Anonymous", 2018). This tool is used to validate the
integrity of the file. Then the fourth function is the reports. It can create the ASCII reports for the
files and other file system structures. These reports are used for the developers to create the
datasheets (Galvao, 2006).
Installation of Autopsy
The steps are listed below regarding to the installation of Autopsy ("Autopsy:
Download", 2018). The screenshots are added for the installation steps. It staring with the initial
step of installation and ending with the completion.
Page 9 of 47
modified during the analysis. The autopsy tool develop the MD5 value for all files ("Hacking &
Digital Forensics & Autopsy - Stay Anonymous", 2018). This tool is used to validate the
integrity of the file. Then the fourth function is the reports. It can create the ASCII reports for the
files and other file system structures. These reports are used for the developers to create the
datasheets (Galvao, 2006).
Installation of Autopsy
The steps are listed below regarding to the installation of Autopsy ("Autopsy:
Download", 2018). The screenshots are added for the installation steps. It staring with the initial
step of installation and ending with the completion.
Page 9 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Page 10 of 47
Page 11 of 47
OS Forensics
OS forensics is the sole property owned by PassMark Software Pty Ltd. They are the
leading organization in the digital forensic analyzing software development ("The Evolution of
Environmental Forensics in the United States", 2001). Their contribution to the digital forensics
is highly noticeable ("The International Society of Environmental Forensics Announces the
Following Workshops for 2002", 2002). OS forensic is one of the most important digital
forensics analyzing tool. Many software developer use this OS Forensics software tool as a
benchmark for test their capability. It shows that the OS forensics software tool is one of the
most powerful digital forensic tool kit. Many government agencies as well as Major government
agencies are their customers. Mostly this tool used for analyzing the various digital forensic
evidences. This software tool is available in two varieties (begam, 2018). One is free editions and
another one is Pro version. Here the Pro version has higher capability than free version. Because
free version has some of limitations. Even though the free versions also the most powerful digital
forensic evidence analyzer. Their pro version is available for 1000 bucks. But it is not that much
costly ("Forensics, Anti-forensics and Counter Anti-forensics for JPEG Compressed Images",
2016). This price is reasonable. Because the competitor products are three to four times costlier
than this software tool. But feature wise this software is not lower than any competitor products.
This software tool has the high price to performance ratio. That’s the reason why most of the
private companies prefer this software tool over other tools.
This software mainly works based on the below given three process first one is Discover,
second one is Identify and the last one is Manage ("Firefox OS Forensics: Guidelines and
Challenges", 2016). This three step process helps to provide the extraordinary digital forensic
evidence analyzing experience to the forensic investigators. These three steps are considered as
the most prominent features of the any analyzing tool. Because the analyzing tool must provide
the feature for analyze the evidences with higher fast (Armknecht & Dewald, 2015). Then the
tool must identify the possible threats present in the analyzed evidence. After that the tool also
helps to develop the proper formal report about the analysis and findings of the analysis. OS
Forensics tool can capable of doing all the three activities as mentioned below. In the below
given section the various features given by the OS forensics tool is explained.
High speed file analyzing engines.
Page 12 of 47
OS forensics is the sole property owned by PassMark Software Pty Ltd. They are the
leading organization in the digital forensic analyzing software development ("The Evolution of
Environmental Forensics in the United States", 2001). Their contribution to the digital forensics
is highly noticeable ("The International Society of Environmental Forensics Announces the
Following Workshops for 2002", 2002). OS forensic is one of the most important digital
forensics analyzing tool. Many software developer use this OS Forensics software tool as a
benchmark for test their capability. It shows that the OS forensics software tool is one of the
most powerful digital forensic tool kit. Many government agencies as well as Major government
agencies are their customers. Mostly this tool used for analyzing the various digital forensic
evidences. This software tool is available in two varieties (begam, 2018). One is free editions and
another one is Pro version. Here the Pro version has higher capability than free version. Because
free version has some of limitations. Even though the free versions also the most powerful digital
forensic evidence analyzer. Their pro version is available for 1000 bucks. But it is not that much
costly ("Forensics, Anti-forensics and Counter Anti-forensics for JPEG Compressed Images",
2016). This price is reasonable. Because the competitor products are three to four times costlier
than this software tool. But feature wise this software is not lower than any competitor products.
This software tool has the high price to performance ratio. That’s the reason why most of the
private companies prefer this software tool over other tools.
This software mainly works based on the below given three process first one is Discover,
second one is Identify and the last one is Manage ("Firefox OS Forensics: Guidelines and
Challenges", 2016). This three step process helps to provide the extraordinary digital forensic
evidence analyzing experience to the forensic investigators. These three steps are considered as
the most prominent features of the any analyzing tool. Because the analyzing tool must provide
the feature for analyze the evidences with higher fast (Armknecht & Dewald, 2015). Then the
tool must identify the possible threats present in the analyzed evidence. After that the tool also
helps to develop the proper formal report about the analysis and findings of the analysis. OS
Forensics tool can capable of doing all the three activities as mentioned below. In the below
given section the various features given by the OS forensics tool is explained.
High speed file analyzing engines.
Page 12 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
It can able to search the files within the various files.
Also can able to find the emails through this software tool.
Facilitates the recovering option for the deleted files.
Collects various system details from the digital forensic evidence effectively.
It also provides the features to extract the various login credentials like user name and
password for the evidences.
This tool has the capability to develop the formal report regarding to the analysis and
findings.
Also create the drive image file for analyzing the evidence without disturbing the source.
It is powerful enough to rebuild the RAID arrays.
Also the company provides the excellent after purchase support. It is the most important
feature for any goods and services. Their executives are available on all business days to
help and support the users of the software tool.
Also the installation procedure for installing this software tool is explained as pictures in the
below context. It brings the better understanding than written format (Brinson, Robinson &
Rogers, 2006).
Installation of OSForensic
The steps are listed below regarding to the installation of OSForensic. The screenshots
are added for the installation steps (Carlton & Worthley, 2010). It staring with the initial step of
installation and ending with the completion.
Page 13 of 47
Also can able to find the emails through this software tool.
Facilitates the recovering option for the deleted files.
Collects various system details from the digital forensic evidence effectively.
It also provides the features to extract the various login credentials like user name and
password for the evidences.
This tool has the capability to develop the formal report regarding to the analysis and
findings.
Also create the drive image file for analyzing the evidence without disturbing the source.
It is powerful enough to rebuild the RAID arrays.
Also the company provides the excellent after purchase support. It is the most important
feature for any goods and services. Their executives are available on all business days to
help and support the users of the software tool.
Also the installation procedure for installing this software tool is explained as pictures in the
below context. It brings the better understanding than written format (Brinson, Robinson &
Rogers, 2006).
Installation of OSForensic
The steps are listed below regarding to the installation of OSForensic. The screenshots
are added for the installation steps (Carlton & Worthley, 2010). It staring with the initial step of
installation and ending with the completion.
Page 13 of 47
Page 14 of 47
Page 15 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Page 16 of 47
Page 17 of 47
4. Progress
4.1 Representation of Content related to offence
Investigation using Autopsy tool
The above image shows the investigation using the autopsy tool (Carlton, 2008). After analyzing
the Clark’s database the image file has been identified and name of the image file is 182.dd and
the above picture shows the representation of the image extraction.
Page 18 of 47
4.1 Representation of Content related to offence
Investigation using Autopsy tool
The above image shows the investigation using the autopsy tool (Carlton, 2008). After analyzing
the Clark’s database the image file has been identified and name of the image file is 182.dd and
the above picture shows the representation of the image extraction.
Page 18 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After the analysis with the image file using the autopsy tool the total files were identified in the
hard drive (Casey, 2012). There are different kinds of file types were identified in the hard drive.
The above picture signifies the representation of the clown image and other files which are all
present in the image file.
Page 19 of 47
hard drive (Casey, 2012). There are different kinds of file types were identified in the hard drive.
The above picture signifies the representation of the clown image and other files which are all
present in the image file.
Page 19 of 47
There are different file types were identified from the Clarks hard drive and there are 13 files are
there in the desktop and the picture shows the representation of the data and a clown image
present in the desktop (Casey, 2013). And this image has some evidence like modified time,
change time, accessed time and created time (Casey, 2015). Using these different times the
autopsy tool clearly shows the Clark involvement in the crime.
Page 20 of 47
there in the desktop and the picture shows the representation of the data and a clown image
present in the desktop (Casey, 2013). And this image has some evidence like modified time,
change time, accessed time and created time (Casey, 2015). Using these different times the
autopsy tool clearly shows the Clark involvement in the crime.
Page 20 of 47
This picture shows the different timings for the particular index image (Chandel, 2018). All the
timings are similar hence all the things are happened in a same time and it is clearly shows
evidence of the crime.
Page 21 of 47
timings are similar hence all the things are happened in a same time and it is clearly shows
evidence of the crime.
Page 21 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This is another image in the same desktop folder and it is also a clown image and the date and
time of the image is 2018-07-02 & 06:52. All the timings like the modified time, change time,
access time and created time are same (Cho, Kim, Park & Gil, 2015). The name of the current
image file is K7827739 and the above represents all these details.
Page 22 of 47
time of the image is 2018-07-02 & 06:52. All the timings like the modified time, change time,
access time and created time are same (Cho, Kim, Park & Gil, 2015). The name of the current
image file is K7827739 and the above represents all these details.
Page 22 of 47
The above picture shows the video file in downloads folder. The name of the image file is
clowns dancing and the downloaded date and time are 18th of June 2018 at 08:15 AM. This
evidence clearly shows the Clark downloaded the clown related videos for doing the crime (Duc,
2018). There are totally 13 files are there in downloads folder and clown dancing video file is
one of the file in downloads and duration of the file is 51 seconds.
Page 23 of 47
clowns dancing and the downloaded date and time are 18th of June 2018 at 08:15 AM. This
evidence clearly shows the Clark downloaded the clown related videos for doing the crime (Duc,
2018). There are totally 13 files are there in downloads folder and clown dancing video file is
one of the file in downloads and duration of the file is 51 seconds.
Page 23 of 47
There are 17 items are there in the folder called pictures and using the autopsy tool we have
opened an image file and this file is also a clown image (Ebert, 2012). But the modified date of
this image file is 19th of June.
Page 24 of 47
opened an image file and this file is also a clown image (Ebert, 2012). But the modified date of
this image file is 19th of June.
Page 24 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The above picture represents the image file which is in the pictures folder and the modified time
and date of the picture are 18th June 2018 at 05.50. The name of the image file is scarydown.jpg
and there are some other files are also present in the pictures folder (Frysinger, 2002).
Page 25 of 47
and date of the picture are 18th June 2018 at 05.50. The name of the image file is scarydown.jpg
and there are some other files are also present in the pictures folder (Frysinger, 2002).
Page 25 of 47
Using this evidence we can able to find out all the web downloads in the system (Frysinger,
Gaines & Reddy, 2002). It clearly represents the web downloads done by the Clark and all the
web download source files are sqlite files and totally there are 16 files are present in the web
downloads and the above picture clearly shows the URL representation and the path notation for
all the 16 files in the web downloads folder(Haddad, 2004).
Page 26 of 47
Gaines & Reddy, 2002). It clearly represents the web downloads done by the Clark and all the
web download source files are sqlite files and totally there are 16 files are present in the web
downloads and the above picture clearly shows the URL representation and the path notation for
all the 16 files in the web downloads folder(Haddad, 2004).
Page 26 of 47
This shows the representation of the Clark’s web history and there are 117 web histories are
there in the Clark’s system and all the web histories are related to clown image and this incident
clearly shows that crime (Joyce, Powers & Adelstein, 2008). Clark personal drive has all these
histories and hence without his this won’t happen. This picture above shows all the web
histories.
Page 27 of 47
there in the Clark’s system and all the web histories are related to clown image and this incident
clearly shows that crime (Joyce, Powers & Adelstein, 2008). Clark personal drive has all these
histories and hence without his this won’t happen. This picture above shows all the web
histories.
Page 27 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This incident shows the extension mismatch details and all the mismatching contents are belongs
to the bytes, png and dat format extensions. But the files does not supports the extension
mentioned (Kessler, 2008). For example the png format extension files are not opening with the
help of image viewing software’s and this is the one of the evidence against Clark.
Page 28 of 47
to the bytes, png and dat format extensions. But the files does not supports the extension
mentioned (Kessler, 2008). For example the png format extension files are not opening with the
help of image viewing software’s and this is the one of the evidence against Clark.
Page 28 of 47
The operating system information has two kind of source files namely system and software. Both
the system and software has same data source file. The name of the data source file is 182.dd. the
name of the Clark desktop is ‘DESKTOP-MMAUQOG’ and this system has more temp and junk
files and the suspect may already tried to delete all these information previously.
All these crimes are done through a username called computer and using these all the
information such as username and other details are retrieved with the help of autopsy software
(Larson, 2014). Along with the incidents the other details are saved like the user id, path, source
file path, and artifact id etc. similarly Clark’s system is also having the username called
computer and this incident surely tells the suspect is Clark.
Page 29 of 47
the system and software has same data source file. The name of the data source file is 182.dd. the
name of the Clark desktop is ‘DESKTOP-MMAUQOG’ and this system has more temp and junk
files and the suspect may already tried to delete all these information previously.
All these crimes are done through a username called computer and using these all the
information such as username and other details are retrieved with the help of autopsy software
(Larson, 2014). Along with the incidents the other details are saved like the user id, path, source
file path, and artifact id etc. similarly Clark’s system is also having the username called
computer and this incident surely tells the suspect is Clark.
Page 29 of 47
There are 9 bookmarks are there in the given result and among that 8 files are sqlite formats and
remaining one file is belongs to URL file. In that the suspect regularly watches a website and
bookmarked it for future use (Machemer & Wang, 2007). That website is related with the
psychology oriented analysis. And all information about the bookmark were identified using this
autopsy tool.
Page 30 of 47
remaining one file is belongs to URL file. In that the suspect regularly watches a website and
bookmarked it for future use (Machemer & Wang, 2007). That website is related with the
psychology oriented analysis. And all information about the bookmark were identified using this
autopsy tool.
Page 30 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Using the analysis in the web downloads there are different files were identified and that Clark’s
system also has the image file called scary clown.jpg and this incident is enough to prove that he
is the suspect for all the incidents. The other web downloads are also related with clowns.
Page 31 of 47
system also has the image file called scary clown.jpg and this incident is enough to prove that he
is the suspect for all the incidents. The other web downloads are also related with clowns.
Page 31 of 47
The web downloads are retrieved from the hard drive. These files are downloaded by the
suspect Clark. Because the computer user is handled by the Clark. Also the web downloads
contains the files such as the clown images, videos and pdf file. The clown contents are wanted
by the victim Clark (Morrison & Petrisor, 2004). Because these downloads are made by the
Clark. The downloaded time and the file modified time are similar.
Page 32 of 47
suspect Clark. Because the computer user is handled by the Clark. Also the web downloads
contains the files such as the clown images, videos and pdf file. The clown contents are wanted
by the victim Clark (Morrison & Petrisor, 2004). Because these downloads are made by the
Clark. The downloaded time and the file modified time are similar.
Page 32 of 47
The web histories are discovered from the identification of hard drive files. Here the
referred URL links are used to prove the clown content is accessed by the Clark. It is mentioned
by the time variation. Here the URL links are accesses at 18th June. Also the downloaded clown
files are stored and modified the same day. Also the searches are made by the Firefox software.
The Clark installed the Firefox software (Morrison, 2001). These details are retrieved from the
history of installed software’s. Also it is stored in the user computer. That is owned by the Clark.
Page 33 of 47
referred URL links are used to prove the clown content is accessed by the Clark. It is mentioned
by the time variation. Here the URL links are accesses at 18th June. Also the downloaded clown
files are stored and modified the same day. Also the searches are made by the Firefox software.
The Clark installed the Firefox software (Morrison, 2001). These details are retrieved from the
history of installed software’s. Also it is stored in the user computer. That is owned by the Clark.
Page 33 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The web searches are retrieved from the hard drive. The searches area belonging to the
party clowns and clown dancing videos. These files are stored in the computer user. Here the
Firefox software is used to search the content about clowns. These searches are created at 19th
June. Downloads are made by the same day. So the suspect could be known as a Clark.
Page 34 of 47
party clowns and clown dancing videos. These files are stored in the computer user. Here the
Firefox software is used to search the content about clowns. These searches are created at 19th
June. Downloads are made by the same day. So the suspect could be known as a Clark.
Page 34 of 47
The mail details are found from the given hard drive. The suspect sends the mail about
clown contents to jerry Simpson. From this statement we can ensure the suspect is the Clark.
Because it is sent by the suspect id.
4.2 Evidence Identification
The screenshots are added to find the owner of the file regarding the clowns. We have
checked the owner permission of the computer user. By this verification we can make the
identification about the suspect (Morrison, 2002). So these analysis are enough to make the
decision about suspect. The suspect is the Clark.
Page 35 of 47
clown contents to jerry Simpson. From this statement we can ensure the suspect is the Clark.
Because it is sent by the suspect id.
4.2 Evidence Identification
The screenshots are added to find the owner of the file regarding the clowns. We have
checked the owner permission of the computer user. By this verification we can make the
identification about the suspect (Morrison, 2002). So these analysis are enough to make the
decision about suspect. The suspect is the Clark.
Page 35 of 47
4.3 Intent of the digital content
The intent of the crime is confirmed. The Clark spreading clowning to all the systems in
the work place. Jerry who works with the Clark is wrote the mail “stop clowning about and start
working like a superman ;)”. From this, the criminal is the Clark is confirmed. He is purposely
doing the act of distributing the clown images and contents.
Page 36 of 47
The intent of the crime is confirmed. The Clark spreading clowning to all the systems in
the work place. Jerry who works with the Clark is wrote the mail “stop clowning about and start
working like a superman ;)”. From this, the criminal is the Clark is confirmed. He is purposely
doing the act of distributing the clown images and contents.
Page 36 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4.4 File Quantity
More clown pictures and a video is found in the forensic image. There are also pdf, web
downloads, web history, web search results and emails available. The programs are also
installed on the system. And also the recent documents are found in the system.
Page 37 of 47
More clown pictures and a video is found in the forensic image. There are also pdf, web
downloads, web history, web search results and emails available. The programs are also
installed on the system. And also the recent documents are found in the system.
Page 37 of 47
4.5 Software installed related to investigation
The Firefox, True crypt and MPlayer2 are the installed software which are related to the
investigation of the forensic image. Clark used Firefox to download Clown video, pictures,
document from the clown related websites in the internet.
5. Conclusion
The forensic investigation is done with the help of forensic tool. The contents related to
the offence is found including clown images, video, document, web downloads, web search, web
bookmark and email. The ownership of the offense content is found and confirmed and then the
intention of the crime is verified. The number of files stored in the forensic image of hard drive
Page 38 of 47
The Firefox, True crypt and MPlayer2 are the installed software which are related to the
investigation of the forensic image. Clark used Firefox to download Clown video, pictures,
document from the clown related websites in the internet.
5. Conclusion
The forensic investigation is done with the help of forensic tool. The contents related to
the offence is found including clown images, video, document, web downloads, web search, web
bookmark and email. The ownership of the offense content is found and confirmed and then the
intention of the crime is verified. The number of files stored in the forensic image of hard drive
Page 38 of 47
are analyzed and the programs and software installed on the device which is related to offence is
found.
6. References
AccessData. (2018). Retrieved from https://www.youtube.com/user/accessdatagroup
Armknecht, F., & Dewald, A. (2015). Privacy-preserving email forensics. Digital
Investigation, 14, S127-S136. doi: 10.1016/j.diin.2015.05.003
Autopsy - Basis Technology. (2018). Retrieved from https://www.basistech.com/autopsy/
Autopsy - Digital Forensics Platform - Hacking Vision. (2018). Retrieved from
https://hackingvision.com/2017/02/18/autopsy-digital-forensics-platform/
Autopsy – Training | Autopsy. (2018). Retrieved from https://www.autopsy.com/training/
Autopsy | Open Source Digital Forensics. (2018). Retrieved from https://www.autopsy.com/
Autopsy of a Dill Pickle-Introductory Lab for Anatomy or Forensics!. (2018). Retrieved from
https://socalnailz.com/2018/08/30/autopsy-of-a-dill-pickle-a-great-introductory-lab-for-
anatomy-or-forensics-edgy-instruction/
Autopsy. (2018). Retrieved from https://sourceforge.net/projects/autopsy/
Autopsy. (2018). Retrieved from https://www.sleuthkit.org/autopsy/
Autopsy: Download. (2018). Retrieved from https://www.sleuthkit.org/autopsy/download.php
Autopsy: Lesson 1: Analyzing Deleted JPEGs. (2018). Retrieved from
https://www.computersecuritystudent.com/FORENSICS/AUTOPSY/lesson1/index.html
begam, r. (2018). Retrieved from http://nest.unm.edu/files/5513/9251/4756/Tutorial_1_-
_FTK_Imager_-_Imaging.pdf
Page 39 of 47
found.
6. References
AccessData. (2018). Retrieved from https://www.youtube.com/user/accessdatagroup
Armknecht, F., & Dewald, A. (2015). Privacy-preserving email forensics. Digital
Investigation, 14, S127-S136. doi: 10.1016/j.diin.2015.05.003
Autopsy - Basis Technology. (2018). Retrieved from https://www.basistech.com/autopsy/
Autopsy - Digital Forensics Platform - Hacking Vision. (2018). Retrieved from
https://hackingvision.com/2017/02/18/autopsy-digital-forensics-platform/
Autopsy – Training | Autopsy. (2018). Retrieved from https://www.autopsy.com/training/
Autopsy | Open Source Digital Forensics. (2018). Retrieved from https://www.autopsy.com/
Autopsy of a Dill Pickle-Introductory Lab for Anatomy or Forensics!. (2018). Retrieved from
https://socalnailz.com/2018/08/30/autopsy-of-a-dill-pickle-a-great-introductory-lab-for-
anatomy-or-forensics-edgy-instruction/
Autopsy. (2018). Retrieved from https://sourceforge.net/projects/autopsy/
Autopsy. (2018). Retrieved from https://www.sleuthkit.org/autopsy/
Autopsy: Download. (2018). Retrieved from https://www.sleuthkit.org/autopsy/download.php
Autopsy: Lesson 1: Analyzing Deleted JPEGs. (2018). Retrieved from
https://www.computersecuritystudent.com/FORENSICS/AUTOPSY/lesson1/index.html
begam, r. (2018). Retrieved from http://nest.unm.edu/files/5513/9251/4756/Tutorial_1_-
_FTK_Imager_-_Imaging.pdf
Page 39 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Bowser-Rollins, A. (2018). Tools of the Trade – FTK Imager. Retrieved from
https://litigationsupportguru.com/tools-of-the-trade-ftk-imager
Brinson, A., Robinson, A., & Rogers, M. (2006). A cyber forensics ontology: Creating a new
approach to studying cyber forensics. Digital Investigation, 3, 37-43. doi:
10.1016/j.diin.2006.06.008
Carlton, G. (2008). An Evaluation of Windows-Based Computer Forensics Application Software
Running on a Macintosh. Journal Of Digital Forensics, Security And Law. doi:
10.15394/jdfsl.2008.1045
Carlton, G., & Worthley, R. (2010). Identifying a Computer Forensics Expert: A Study to
Measure the Characteristics of Forensic Computer Examiners. Journal Of Digital
Forensics, Security And Law. doi: 10.15394/jdfsl.2010.1069
Casey, E. (2012). Cloud computing and digital forensics. Digital Investigation, 9(2), 69-70. doi:
10.1016/j.diin.2012.11.001
Casey, E. (2013). Triage in digital forensics. Digital Investigation, 10(2), 85-86. doi:
10.1016/j.diin.2013.08.001
Casey, E. (2015). Smart home forensics. Digital Investigation, 13, A1-A2. doi:
10.1016/j.diin.2015.05.017
Chandel, R. (2018). Step by Step Tutorial of FTK Imager (Beginners Guide ). Retrieved from
http://www.hackingarticles.in/step-by-step-tutorial-of-ftk-imager-beginners-guide/
Chapter 8 - FTK Imager Walkthrough - Incident Response and Computer Forensics, 3rd Edition.
(2018). Retrieved from https://ir3e.com/chapter-8-ftk-walkthrough/
Cho, S., Kim, D., Park, J., & Gil, K. (2015). Online Water Monitoring Method as a Water
Security Tool: A Feasibility View. Environmental Forensics, 16(3), 231-241. doi:
10.1080/15275922.2015.1059390
Page 40 of 47
https://litigationsupportguru.com/tools-of-the-trade-ftk-imager
Brinson, A., Robinson, A., & Rogers, M. (2006). A cyber forensics ontology: Creating a new
approach to studying cyber forensics. Digital Investigation, 3, 37-43. doi:
10.1016/j.diin.2006.06.008
Carlton, G. (2008). An Evaluation of Windows-Based Computer Forensics Application Software
Running on a Macintosh. Journal Of Digital Forensics, Security And Law. doi:
10.15394/jdfsl.2008.1045
Carlton, G., & Worthley, R. (2010). Identifying a Computer Forensics Expert: A Study to
Measure the Characteristics of Forensic Computer Examiners. Journal Of Digital
Forensics, Security And Law. doi: 10.15394/jdfsl.2010.1069
Casey, E. (2012). Cloud computing and digital forensics. Digital Investigation, 9(2), 69-70. doi:
10.1016/j.diin.2012.11.001
Casey, E. (2013). Triage in digital forensics. Digital Investigation, 10(2), 85-86. doi:
10.1016/j.diin.2013.08.001
Casey, E. (2015). Smart home forensics. Digital Investigation, 13, A1-A2. doi:
10.1016/j.diin.2015.05.017
Chandel, R. (2018). Step by Step Tutorial of FTK Imager (Beginners Guide ). Retrieved from
http://www.hackingarticles.in/step-by-step-tutorial-of-ftk-imager-beginners-guide/
Chapter 8 - FTK Imager Walkthrough - Incident Response and Computer Forensics, 3rd Edition.
(2018). Retrieved from https://ir3e.com/chapter-8-ftk-walkthrough/
Cho, S., Kim, D., Park, J., & Gil, K. (2015). Online Water Monitoring Method as a Water
Security Tool: A Feasibility View. Environmental Forensics, 16(3), 231-241. doi:
10.1080/15275922.2015.1059390
Page 40 of 47
Dendroecology: A Key Forensic Age-Dating Tool. (2005). Environmental Forensics, 6(1), 3-4.
doi: 10.1080/15275920590913813
Duc, H. (2018). HOW TO INVESTIGATE FILES WITH FTK IMAGER - eForensics. Retrieved
from https://eforensicsmag.com/how-to-investigate-files-with-ftk-imager/
Ebert, J. (2012). Book Review: Mastering Windows Network Forensics and Investigation,
2/E. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2012.1136
Evidence Acquisition Using Accessdata FTK Imager. (2018). Retrieved from
https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-
imager/
Firefox OS Forensics: Guidelines and Challenges. (2016). International Journal Of Science And
Research (IJSR), 5(6), 290-293. doi: 10.21275/v5i6.nov164047
Forensic Toolkit FTK Imager Free Download - ALL PC World. (2018). Retrieved from
http://allpcworld.com/forensic-toolkit-ftk-imager-free-download/
Forensic Toolkit. (2018). Retrieved from https://en.wikipedia.org/wiki/Forensic_Toolkit
Forensics, Anti-forensics and Counter Anti-forensics for JPEG Compressed Images.
(2016). International Journal Of Computing, Communication And Instrumentation
Engineering, 3(1). doi: 10.15242/ijccie.e0116039
Frysinger, G. (2002). GC×GC—A New Analytical Tool For Environmental
Forensics. Environmental Forensics, 3(1), 27-34. doi: 10.1006/enfo.2002.0077
Frysinger, G., Gaines, R., & Reddy, C. (2002). GC × GC--A New Analytical Tool For
Environmental Forensics. Environmental Forensics, 3(1), 27-34. doi:
10.1080/15275920216245
FTK Imager - ForensicsWiki. (2018). Retrieved from
https://www.forensicswiki.org/wiki/FTK_Imager
FTK Imager 3.2.0. (2018). Retrieved from http://marketing.accessdata.com/ftkimager3.2.0
Page 41 of 47
doi: 10.1080/15275920590913813
Duc, H. (2018). HOW TO INVESTIGATE FILES WITH FTK IMAGER - eForensics. Retrieved
from https://eforensicsmag.com/how-to-investigate-files-with-ftk-imager/
Ebert, J. (2012). Book Review: Mastering Windows Network Forensics and Investigation,
2/E. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2012.1136
Evidence Acquisition Using Accessdata FTK Imager. (2018). Retrieved from
https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-
imager/
Firefox OS Forensics: Guidelines and Challenges. (2016). International Journal Of Science And
Research (IJSR), 5(6), 290-293. doi: 10.21275/v5i6.nov164047
Forensic Toolkit FTK Imager Free Download - ALL PC World. (2018). Retrieved from
http://allpcworld.com/forensic-toolkit-ftk-imager-free-download/
Forensic Toolkit. (2018). Retrieved from https://en.wikipedia.org/wiki/Forensic_Toolkit
Forensics, Anti-forensics and Counter Anti-forensics for JPEG Compressed Images.
(2016). International Journal Of Computing, Communication And Instrumentation
Engineering, 3(1). doi: 10.15242/ijccie.e0116039
Frysinger, G. (2002). GC×GC—A New Analytical Tool For Environmental
Forensics. Environmental Forensics, 3(1), 27-34. doi: 10.1006/enfo.2002.0077
Frysinger, G., Gaines, R., & Reddy, C. (2002). GC × GC--A New Analytical Tool For
Environmental Forensics. Environmental Forensics, 3(1), 27-34. doi:
10.1080/15275920216245
FTK Imager - ForensicsWiki. (2018). Retrieved from
https://www.forensicswiki.org/wiki/FTK_Imager
FTK Imager 3.2.0. (2018). Retrieved from http://marketing.accessdata.com/ftkimager3.2.0
Page 41 of 47
Galvao, R. (2006). Computer Forensics with the Sleuth Kit and the Autopsy Forensic
Browse. The International Journal Of Forensic Computer Science, 41-44. doi:
10.5769/j200601005
Hacking & Digital Forensics & Autopsy - Stay Anonymous. (2018). Retrieved from
https://www.udemy.com/hacking-digital-forensics-autopsy-stay-annoymous/
Haddad, R. (2004). Invited Editorial: What is Environmental Forensics?. Environmental
Forensics, 5(1), 3-3. doi: 10.1080/15275920490424006
International Environmental Forensics Conference Qingdao, China, May 27–30, 2008.
(2007). Environmental Forensics, 8(4), 405-405. doi: 10.1080/15275920701741766
Joyce, R., Powers, J., & Adelstein, F. (2008). MEGA: A tool for Mac OS X operating system
and application forensics. Digital Investigation, 5, S83-S90. doi: 10.1016/j.diin.2008.05.011
Kessler, G. (2008). Book Review: Mac OS X, iPod, and iPhone Forensic Analysis DVD
Toolkit. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2008.1051
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2014.1165
Machemer, S., & Wang, Z. (2007). Environmental Forensics at Pacifichem 2005. Environmental
Forensics, 8(1-2), 75-76. doi: 10.1080/15275920601180594
Morrison, R. (2001). Environmental Forensics: an International Forum. Environmental
Forensics, 2(4), 261. doi: 10.1006/enfo.2001.0067
Morrison, R. (2002). International Society of Environmental Forensics (ISEF). Environmental
Forensics, 3(2), 89. doi: 10.1006/enfo.2002.0082
Page 42 of 47
Browse. The International Journal Of Forensic Computer Science, 41-44. doi:
10.5769/j200601005
Hacking & Digital Forensics & Autopsy - Stay Anonymous. (2018). Retrieved from
https://www.udemy.com/hacking-digital-forensics-autopsy-stay-annoymous/
Haddad, R. (2004). Invited Editorial: What is Environmental Forensics?. Environmental
Forensics, 5(1), 3-3. doi: 10.1080/15275920490424006
International Environmental Forensics Conference Qingdao, China, May 27–30, 2008.
(2007). Environmental Forensics, 8(4), 405-405. doi: 10.1080/15275920701741766
Joyce, R., Powers, J., & Adelstein, F. (2008). MEGA: A tool for Mac OS X operating system
and application forensics. Digital Investigation, 5, S83-S90. doi: 10.1016/j.diin.2008.05.011
Kessler, G. (2008). Book Review: Mac OS X, iPod, and iPhone Forensic Analysis DVD
Toolkit. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2008.1051
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2014.1165
Machemer, S., & Wang, Z. (2007). Environmental Forensics at Pacifichem 2005. Environmental
Forensics, 8(1-2), 75-76. doi: 10.1080/15275920601180594
Morrison, R. (2001). Environmental Forensics: an International Forum. Environmental
Forensics, 2(4), 261. doi: 10.1006/enfo.2001.0067
Morrison, R. (2002). International Society of Environmental Forensics (ISEF). Environmental
Forensics, 3(2), 89. doi: 10.1006/enfo.2002.0082
Page 42 of 47
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
APPENDIX A
The running sheet of the forensic investigation is provided here.
Date – Time of the
investigation process
Investigation Process Time consumed in minutes
15-10-2018 – 3:35 pm Analyzing files from 182.dd
Obtained Result:
47
15-10-2018 – 4:25 pm Searching of Clown image
Obtained Result:
k13320412.jpg
6
15-10-2018 -4:32 pm Searching of Clown image
Obtained Result:
k14032380.jpg
2
15-10-2018 -4:35 pm Searching of Clown image
Obtained Result:
index.jpg
2
15-10-2018 – 4:38 pm Searching of Clown image
Obtained Result:
k7827739.jpg
2
15-10-2018 – 4:41 pm Searching of video image
Obtained Result:
Clowns Dancing.mp4
15
15-10-2018 – 4:58 pm Searching of Clown image
Obtained Result:
kikkii_clown_party_pose.jpg
9
15-10-2018 – 5:03 pm A Searching of Clown image
Obtained Result:
scaryclown.jpg
3
15-10-2018 – 5:12 pm Searching of web downloads 7
Page 43 of 47
The running sheet of the forensic investigation is provided here.
Date – Time of the
investigation process
Investigation Process Time consumed in minutes
15-10-2018 – 3:35 pm Analyzing files from 182.dd
Obtained Result:
47
15-10-2018 – 4:25 pm Searching of Clown image
Obtained Result:
k13320412.jpg
6
15-10-2018 -4:32 pm Searching of Clown image
Obtained Result:
k14032380.jpg
2
15-10-2018 -4:35 pm Searching of Clown image
Obtained Result:
index.jpg
2
15-10-2018 – 4:38 pm Searching of Clown image
Obtained Result:
k7827739.jpg
2
15-10-2018 – 4:41 pm Searching of video image
Obtained Result:
Clowns Dancing.mp4
15
15-10-2018 – 4:58 pm Searching of Clown image
Obtained Result:
kikkii_clown_party_pose.jpg
9
15-10-2018 – 5:03 pm A Searching of Clown image
Obtained Result:
scaryclown.jpg
3
15-10-2018 – 5:12 pm Searching of web downloads 7
Page 43 of 47
Obtained Result:
The downloads of clowns are
found
15-10-2018 – 5:20 pm Searching of web history
Obtained Result:
History of accessing clown
contents are proved
5
15-10-2018 – 5:26 pm Searching of OS user
accounts
Obtained Result:
The suspected user account
name of ‘computer’ is found.
10
15-10-2018 – 5:31 pm Searching of web bookmark
Obtained Result:
Clown content bookmark is
found
4
15-10-2018 – 5:36 pm Searching of web search
Obtained Result:
The clown related searches
are happened is proved
16
15-10-2018 -5:54 pm Searching of mails
Obtained Result:
The Clark is the Criminal is
confirmed
15
15-10-2018 -6:12 pm Searching of installed
programs
Obtained Result:
Offence related programs are
noticed and they are installed
on the system is verified.
12
Page 44 of 47
The downloads of clowns are
found
15-10-2018 – 5:20 pm Searching of web history
Obtained Result:
History of accessing clown
contents are proved
5
15-10-2018 – 5:26 pm Searching of OS user
accounts
Obtained Result:
The suspected user account
name of ‘computer’ is found.
10
15-10-2018 – 5:31 pm Searching of web bookmark
Obtained Result:
Clown content bookmark is
found
4
15-10-2018 – 5:36 pm Searching of web search
Obtained Result:
The clown related searches
are happened is proved
16
15-10-2018 -5:54 pm Searching of mails
Obtained Result:
The Clark is the Criminal is
confirmed
15
15-10-2018 -6:12 pm Searching of installed
programs
Obtained Result:
Offence related programs are
noticed and they are installed
on the system is verified.
12
Page 44 of 47
APPENDIX B
The timeline of the events is provided here.
Picture/
video/
document
/bookmark
Extension Created Modified Creation and its Reason
Video -
Clown
dancing
.mp4
16th
June,2018 at
8:15:41
16th
June,2018 at
8:15:47
It is downloaded from
s34.onlinevideoconverter.com
for watching and spreading the
video.
Picture -
Scaryclown
.jpg
18th
June,2018 at
5:50:04
18th
June,2018 at
5:50:06
It is downloaded from
www.scarymommy.com for
owning and spreading the
picture.
Web
bookmark
18th
June,2018 at
08:20:36
The bookmark is made on the
website of theconversation.com
for accessing clown content
Picture -
Kikki_clown_
party_pose
.jpg
19th
June,2018 at
5:20:06
19th
June,2018 at
5:20:06
It is downloaded from
www.trickortreatmagic.com.au
for owning and spreading the
picture.
Picture –
index
.jpg
2nd
July,2018 at
6:42:29
2nd
July,2018 at
6:42:29
It is downloaded from the
internet for owning and
spreading the picture.
Picture –
k13320412
.jpg
2nd
July,2018 at
6:45:08
2nd
July,2018 at
6:45:08
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Picture –
k14032380
.jpg
2nd
July,2018 at
6:51:52
2nd
July,2018 at
6:51:52
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Page 45 of 47
The timeline of the events is provided here.
Picture/
video/
document
/bookmark
Extension Created Modified Creation and its Reason
Video -
Clown
dancing
.mp4
16th
June,2018 at
8:15:41
16th
June,2018 at
8:15:47
It is downloaded from
s34.onlinevideoconverter.com
for watching and spreading the
video.
Picture -
Scaryclown
.jpg
18th
June,2018 at
5:50:04
18th
June,2018 at
5:50:06
It is downloaded from
www.scarymommy.com for
owning and spreading the
picture.
Web
bookmark
18th
June,2018 at
08:20:36
The bookmark is made on the
website of theconversation.com
for accessing clown content
Picture -
Kikki_clown_
party_pose
.jpg
19th
June,2018 at
5:20:06
19th
June,2018 at
5:20:06
It is downloaded from
www.trickortreatmagic.com.au
for owning and spreading the
picture.
Picture –
index
.jpg
2nd
July,2018 at
6:42:29
2nd
July,2018 at
6:42:29
It is downloaded from the
internet for owning and
spreading the picture.
Picture –
k13320412
.jpg
2nd
July,2018 at
6:45:08
2nd
July,2018 at
6:45:08
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Picture –
k14032380
.jpg
2nd
July,2018 at
6:51:52
2nd
July,2018 at
6:51:52
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Page 45 of 47
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Picture –
k7827739
.jpg
2nd
July,2018 at
6:52:14
2nd
July,2018 at
6:52:14
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Clown Mail 2nd
July,2018 at
07:50:09
2nd
July,2018 at
05:41:54
It is sent from Clark to Jerry
Simpson.
Page 46 of 47
k7827739
.jpg
2nd
July,2018 at
6:52:14
2nd
July,2018 at
6:52:14
It is downloaded from
fscomps.fotosearch.com for
owning and spreading the
picture.
Clown Mail 2nd
July,2018 at
07:50:09
2nd
July,2018 at
05:41:54
It is sent from Clark to Jerry
Simpson.
Page 46 of 47
1 out of 47
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.