Computer Forensics: Tools and Techniques for Digital Investigation
Added on 2023-06-03
68 Pages6481 Words239 Views
Computer Forensics
Executive Summary
The clown content is accessed by a computer in the workplace. It is seized and
investigated. The investigators looking for clown content in the forensic image. For this
investigation, the forensic tools are used. By using those forensic tools, the clown content is
searched in the given forensic image. For this, the clown content is owned and accessed by that
particular computer is verified. And the crime has been committed is proved. The analysis is
such identification, intent and quantity of files. The forensic tools such as forensic toolkit imager,
autopsy and operating system forensics. The installing procedures are clearly regarding to the
forensic tools. And the file analysis is made by using the tools. The justification is provided for
each analysis. And then the results are provided through the screenshots for each analysis. The
presentation of content related offence is provided. The events are analyzed. And the timeline is
created for the events. The running sheets also developed regarding the forensic tools and the
investigation.
Page 1 of 68
The clown content is accessed by a computer in the workplace. It is seized and
investigated. The investigators looking for clown content in the forensic image. For this
investigation, the forensic tools are used. By using those forensic tools, the clown content is
searched in the given forensic image. For this, the clown content is owned and accessed by that
particular computer is verified. And the crime has been committed is proved. The analysis is
such identification, intent and quantity of files. The forensic tools such as forensic toolkit imager,
autopsy and operating system forensics. The installing procedures are clearly regarding to the
forensic tools. And the file analysis is made by using the tools. The justification is provided for
each analysis. And then the results are provided through the screenshots for each analysis. The
presentation of content related offence is provided. The events are analyzed. And the timeline is
created for the events. The running sheets also developed regarding the forensic tools and the
investigation.
Page 1 of 68
Table of Contents
1. Introduction.......................................................................................................................................3
2. Resources and Strategies...................................................................................................................3
3. Progress............................................................................................................................................29
3.1 Presentation of content relating to offence.................................................................................29
3.2 Identification................................................................................................................................51
3.3 Intent............................................................................................................................................51
3.4 Quantity of Files...........................................................................................................................52
3.5 Installed Software........................................................................................................................52
4. Conclusion........................................................................................................................................53
5. References........................................................................................................................................54
Appendix A – Running Sheet..................................................................................................................58
Appendix B – Timeline of Events...........................................................................................................62
Page 2 of 68
1. Introduction.......................................................................................................................................3
2. Resources and Strategies...................................................................................................................3
3. Progress............................................................................................................................................29
3.1 Presentation of content relating to offence.................................................................................29
3.2 Identification................................................................................................................................51
3.3 Intent............................................................................................................................................51
3.4 Quantity of Files...........................................................................................................................52
3.5 Installed Software........................................................................................................................52
4. Conclusion........................................................................................................................................53
5. References........................................................................................................................................54
Appendix A – Running Sheet..................................................................................................................58
Appendix B – Timeline of Events...........................................................................................................62
Page 2 of 68
1. Introduction
The computer forensics is also known as digital forensics. In this computer age, so many
crimes happening based on computers. The computer forensics is used to find the deleted files,
passwords, illegal contents in the computer. The forensic image may be a copy of the hard disk,
CD or DVD etc.The given forensic image will be investigated using appropriate tools. The
analaysis of the firensic image will be done (Al-Hadadi & AlShidhani, 2013). The forensic tools
used for the investigation will be installed and it will be explained in detail. The investigation
will be done and justification for all action done in the investigation will be given (Bodden, n.d.).
2. Resources and Strategies
The resources required for the investigation are Autopsy, OSForensic and FTK Imager.
And also the suspects and a system is needed (Boddington, 2016). The tools used are explained
below.
FTK Imager
In computer forensics, many investigation tools are used. The FTK imager is one of the
tools used in computer forensics (Brinson, Robinson & Rogers, 2006). The full form of FTK
imager is Forensic ToolKit. The FTK imager is used for analyzing the mails and looking for
specific characters. The components of FTK viewer are password recovery toolkit, license
manager, forensic toolkit, FTK Imager, and register viewer (Verolme & Mieremet, 2017).
The license manager component is used to remove or add the licenses from the dongle
and also used to purchase the additional licenses. The license manager renews the subscription
and downloads the product updates (Caloyannides & Caloyannides, 2004). To access license
manager component in FTK, go to Start All programs Access Data license manager
license manager.
The password recovery toolkit is used to crack the password. The component of a registry
viewer is used for providing access to protected areas of the registry. The protected areas of
registry contain forensic data (Carbone, 2014). These cannot be accessed by the Windows
Page 3 of 68
The computer forensics is also known as digital forensics. In this computer age, so many
crimes happening based on computers. The computer forensics is used to find the deleted files,
passwords, illegal contents in the computer. The forensic image may be a copy of the hard disk,
CD or DVD etc.The given forensic image will be investigated using appropriate tools. The
analaysis of the firensic image will be done (Al-Hadadi & AlShidhani, 2013). The forensic tools
used for the investigation will be installed and it will be explained in detail. The investigation
will be done and justification for all action done in the investigation will be given (Bodden, n.d.).
2. Resources and Strategies
The resources required for the investigation are Autopsy, OSForensic and FTK Imager.
And also the suspects and a system is needed (Boddington, 2016). The tools used are explained
below.
FTK Imager
In computer forensics, many investigation tools are used. The FTK imager is one of the
tools used in computer forensics (Brinson, Robinson & Rogers, 2006). The full form of FTK
imager is Forensic ToolKit. The FTK imager is used for analyzing the mails and looking for
specific characters. The components of FTK viewer are password recovery toolkit, license
manager, forensic toolkit, FTK Imager, and register viewer (Verolme & Mieremet, 2017).
The license manager component is used to remove or add the licenses from the dongle
and also used to purchase the additional licenses. The license manager renews the subscription
and downloads the product updates (Caloyannides & Caloyannides, 2004). To access license
manager component in FTK, go to Start All programs Access Data license manager
license manager.
The password recovery toolkit is used to crack the password. The component of a registry
viewer is used for providing access to protected areas of the registry. The protected areas of
registry contain forensic data (Carbone, 2014). These cannot be accessed by the Windows
Page 3 of 68
Regedit. The registry viewer may contain browser history, recently accessed file lists, installed
programs list, usernames, and passwords (Carlton & Matsumoto, 2011).
FTK imager is used for making a copy of hard drive, thumb drive, CD etc. Then the FTK
imager scans the hard drive or thumb drive or CD and looks for different kinds of data or
information like locating deleted files or emails, crack encryption etc. (Carlton & Worthley,
2010)
Installation of FTK Imager
The installation of FTK imager is explained below in detail.
Step 1: After downloading AccessData FTK imager, install it on the system. Right click on the
AccessData FTK imager and select Run as Administrative (Casey, 2015). After that, the below
wizard is appeared. It is a Welcome to the InstallShield Wizard for AccessData FTK imager. In
that click ‘Next’ (Cohen, 2011)
Step 2: Then, select ‘I accept the terms in thr license agreement’ and Click ‘Next’
Page 4 of 68
programs list, usernames, and passwords (Carlton & Matsumoto, 2011).
FTK imager is used for making a copy of hard drive, thumb drive, CD etc. Then the FTK
imager scans the hard drive or thumb drive or CD and looks for different kinds of data or
information like locating deleted files or emails, crack encryption etc. (Carlton & Worthley,
2010)
Installation of FTK Imager
The installation of FTK imager is explained below in detail.
Step 1: After downloading AccessData FTK imager, install it on the system. Right click on the
AccessData FTK imager and select Run as Administrative (Casey, 2015). After that, the below
wizard is appeared. It is a Welcome to the InstallShield Wizard for AccessData FTK imager. In
that click ‘Next’ (Cohen, 2011)
Step 2: Then, select ‘I accept the terms in thr license agreement’ and Click ‘Next’
Page 4 of 68
Step 3: Then, select the destination folder for AccessData FTK Imager by clicking the change
option. After changing thr destination folder click ‘Next’. (Cohen, 2012)
Step 4: Click ‘Install’ to begin the installation of AccessData FTK Imager. (Computer
forensics, 2010)
Page 5 of 68
option. After changing thr destination folder click ‘Next’. (Cohen, 2012)
Step 4: Click ‘Install’ to begin the installation of AccessData FTK Imager. (Computer
forensics, 2010)
Page 5 of 68
Step 5: The installtion is started. It is shown in the below figure.
Step 6: The below-given screenshot shows that the installtion process of FTK Imager is going
on.
Page 6 of 68
Step 6: The below-given screenshot shows that the installtion process of FTK Imager is going
on.
Page 6 of 68
Step 7:The AccessData FTK imager is successfully installed. After the installtion, click ‘Finish’
Page 7 of 68
Page 7 of 68
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Computer Forensics: Investigation of Clown Content using Autopsy and FTK Imagerlg...
|46
|9531
|242
Computer Forensics Investigation on Clown Content Offence in Western Australialg...
|47
|6608
|329
Computer Forensics: Strategies and Resources for Investigationlg...
|47
|5976
|157
Computer Forensics Analysis of Clown Content on a Hard Drivelg...
|46
|6164
|456
Digital Forensics - Assignmentslg...
|39
|3425
|103
Demonstration of Autopsylg...
|22
|1475
|22