Cyber Forensic and Information Technology Assignment
28 Pages2755 Words50 Views
Added on 2020-04-21
Cyber Forensic and Information Technology Assignment
Added on 2020-04-21
ShareRelated Documents
Cyber Forensic and Information Technology
CYBER FORENSIC AND INFORMATION TECHNOLOGY
CYBER FORENSIC AND INFORMATION TECHNOLOGY
Abstract
This forensic report is about the data related to the seized and suspicious files of the illegal drug
activity in the functioning workstation that belongs to m57.biz. As an investigator, I found the
evidence related to this illegal activity. The evidence and the timeline that is found are compared
in the FTK Imager. The difference between the two set of images are analyzed and the original
image is found. This report assessed all the given questions and the answers are given
accordingly.
This forensic report is about the data related to the seized and suspicious files of the illegal drug
activity in the functioning workstation that belongs to m57.biz. As an investigator, I found the
evidence related to this illegal activity. The evidence and the timeline that is found are compared
in the FTK Imager. The difference between the two set of images are analyzed and the original
image is found. This report assessed all the given questions and the answers are given
accordingly.
Table of Contents
Introduction..........................................................................................................3
Description of Forensic tools...............................................................................3
Description of FTK...............................................................................................3
Description of OSForensics.................................................................................6
Description of ProDiscover..................................................................................7
Screenshots............................................................................................................8
Questions.............................................................................................................19
Conclusion...........................................................................................................25
References...........................................................................................................25
Introduction..........................................................................................................3
Description of Forensic tools...............................................................................3
Description of FTK...............................................................................................3
Description of OSForensics.................................................................................6
Description of ProDiscover..................................................................................7
Screenshots............................................................................................................8
Questions.............................................................................................................19
Conclusion...........................................................................................................25
References...........................................................................................................25
Introduction
The M57.biz is the new patent search company. The patent search company provides the
research information to their clients. Normally the process of patent search company is to check
the novelty of the patent. Now the m57.biz is handled by new buyer that is Aaron Greene. One
illegal action is happen in that m57 before bought that company by Aaron Greene. This illegal
action is found by Aaron Greene. But he don’t have the prober evidence and correct crime
person. They find out some suspicious documents and videos relevant to the drugs activity that is
Methamphetamine. The Methamphetamine is a strong CNS (Central Nervous System) stimulant.
It is normally used as a recreational drug. Due to that reason he informed to the investigator. The
investigator use the digital forensic tools to find out the crime. The digital forensic tools such as
FTK imager, PRO Discover, Encase and OS Forensics are used to find out the crime done at the
M57.biz.The hard drive files of M57.biz is provided to the investigator. The DD file format is
used to for investigating the Case. The Case is investigated using the given DD file format. The
E01 file is needed for creating the time line format. Many forensics software are invented to find
the cybercrime in the information technology. Mostly the FTK imager is used for investigating
case, because it provide the Support for all kinds of files.
Description of Forensic tools
Description of FTK
FTK Imager is one of the free tool. It is downloaded from the Access Data website. The main
purpose of using FTK is to conduct the acquisition of Digital Media. It provides the pre-analysis
of a data, Collection of a volatile data that is RAM and the Information search. The FTK stands
for Forensic Tool Kit. FTK is used for the distributed treating. It is the single forensics result for
the entirely control multi-core and multi-thread computers. Because the other forensics
software’s are discarded the ability of recent hardware results. The FTK used the Full hardware
sources to found the evidence needed to the crime (Taylor, Endicott-Popovsky & Frincke, 2007).
Forensics Tool kit Imager is a data showing and image tool kit that lets you rapidly assess an
electronic evidence to regulate if further investigation with a FTK like Access Data, Forensic
Toolkit (FTK) is necessary. The FTK Imager also create a correct copies of computer statistics
without making changes to the source evidence. To create a forensic images of hard drives, zip
The M57.biz is the new patent search company. The patent search company provides the
research information to their clients. Normally the process of patent search company is to check
the novelty of the patent. Now the m57.biz is handled by new buyer that is Aaron Greene. One
illegal action is happen in that m57 before bought that company by Aaron Greene. This illegal
action is found by Aaron Greene. But he don’t have the prober evidence and correct crime
person. They find out some suspicious documents and videos relevant to the drugs activity that is
Methamphetamine. The Methamphetamine is a strong CNS (Central Nervous System) stimulant.
It is normally used as a recreational drug. Due to that reason he informed to the investigator. The
investigator use the digital forensic tools to find out the crime. The digital forensic tools such as
FTK imager, PRO Discover, Encase and OS Forensics are used to find out the crime done at the
M57.biz.The hard drive files of M57.biz is provided to the investigator. The DD file format is
used to for investigating the Case. The Case is investigated using the given DD file format. The
E01 file is needed for creating the time line format. Many forensics software are invented to find
the cybercrime in the information technology. Mostly the FTK imager is used for investigating
case, because it provide the Support for all kinds of files.
Description of Forensic tools
Description of FTK
FTK Imager is one of the free tool. It is downloaded from the Access Data website. The main
purpose of using FTK is to conduct the acquisition of Digital Media. It provides the pre-analysis
of a data, Collection of a volatile data that is RAM and the Information search. The FTK stands
for Forensic Tool Kit. FTK is used for the distributed treating. It is the single forensics result for
the entirely control multi-core and multi-thread computers. Because the other forensics
software’s are discarded the ability of recent hardware results. The FTK used the Full hardware
sources to found the evidence needed to the crime (Taylor, Endicott-Popovsky & Frincke, 2007).
Forensics Tool kit Imager is a data showing and image tool kit that lets you rapidly assess an
electronic evidence to regulate if further investigation with a FTK like Access Data, Forensic
Toolkit (FTK) is necessary. The FTK Imager also create a correct copies of computer statistics
without making changes to the source evidence. To create a forensic images of hard drives, zip
disks, floppy diskettes, Compact Disks, and DVDs, an entire folders, or separate files from the
different places in the media (Hausken, 2015).
To view the contents of forensic images saved on the local drive or a network drive
To mount an image with option of read-only view that controls windows explorer to see the data
of the image correctly as the user view it on the corresponding drive. The Export files and the
folders from a forensic images.
The Creation of hashes of files with help of either of the 2 hash functions obtainable in Forensics
Tool Kit Imager: MD5 and SHA-1.
Ways to mount the raw image in FTK at windows.
To investigate the crime happen at patent searchers, the hard disk and drive images of the
corresponding system are needed. The forensic image should be in sound and full copy of the
hard drive. The hardware images are stored in the format such as AFF or RAW or E01 file. In
FTK, the raw hard disk image is mounted.
1. Initially select file in the FTK imager and then select Image Mounting.
2. Select the hard drive image file from the destination in the system.
3. Choose the mount type, drive letter, and mount method.
4. Press mount option to mount the image file.
There are three ways to mount the file images in windows that are FTK imager, OSF Mount and
Mount image PRO.
FTK support file format
The FTK imager provides the support all kind of images. Most often it provides the support for
Imager Read formats, Imager generated formats supported and File systems Supported.
The File Systems Supported FTK Imager provides support for the DVD, CD, and FAT, exFAT,
VXFS, EXT, NTFS and HFS, HFS+ and HFSX file systems.
different places in the media (Hausken, 2015).
To view the contents of forensic images saved on the local drive or a network drive
To mount an image with option of read-only view that controls windows explorer to see the data
of the image correctly as the user view it on the corresponding drive. The Export files and the
folders from a forensic images.
The Creation of hashes of files with help of either of the 2 hash functions obtainable in Forensics
Tool Kit Imager: MD5 and SHA-1.
Ways to mount the raw image in FTK at windows.
To investigate the crime happen at patent searchers, the hard disk and drive images of the
corresponding system are needed. The forensic image should be in sound and full copy of the
hard drive. The hardware images are stored in the format such as AFF or RAW or E01 file. In
FTK, the raw hard disk image is mounted.
1. Initially select file in the FTK imager and then select Image Mounting.
2. Select the hard drive image file from the destination in the system.
3. Choose the mount type, drive letter, and mount method.
4. Press mount option to mount the image file.
There are three ways to mount the file images in windows that are FTK imager, OSF Mount and
Mount image PRO.
FTK support file format
The FTK imager provides the support all kind of images. Most often it provides the support for
Imager Read formats, Imager generated formats supported and File systems Supported.
The File Systems Supported FTK Imager provides support for the DVD, CD, and FAT, exFAT,
VXFS, EXT, NTFS and HFS, HFS+ and HFSX file systems.
The evidence files are created by the FTK imager should be in the format of AD1, AF, E01, S01,
L01, AFF, RAW/DD.
The FTK imager provides the support for reading these files shown in screenshot
Description of File Format used in FTK Imager
AD file Format
The AD stands for after Dark. It is used for running the screensaver program. It is also used for
storing the animations. This animation is displayed when the screen is in inactive for certain
time. The after Dark includes the Bad dog and Flying Toasters. To open the AD file in system,
appropriate software is needed. Many reasons are there to block the operation of AD file. The
frequent problems are incorrect links for the AD file during the register entry. The installation of
required software to open the Ad file is not completed properly.
DD file format
The DD stands for Disk Doubler. It used the LZ78 compression algorithm for the compression
process. It could be opened in the FTK imager. The DD is one format used in the FTK imager.
L01, AFF, RAW/DD.
The FTK imager provides the support for reading these files shown in screenshot
Description of File Format used in FTK Imager
AD file Format
The AD stands for after Dark. It is used for running the screensaver program. It is also used for
storing the animations. This animation is displayed when the screen is in inactive for certain
time. The after Dark includes the Bad dog and Flying Toasters. To open the AD file in system,
appropriate software is needed. Many reasons are there to block the operation of AD file. The
frequent problems are incorrect links for the AD file during the register entry. The installation of
required software to open the Ad file is not completed properly.
DD file format
The DD stands for Disk Doubler. It used the LZ78 compression algorithm for the compression
process. It could be opened in the FTK imager. The DD is one format used in the FTK imager.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Report on Case in Cyber Forensicslg...
|33
|5596
|52
Digital Forensic Report for M57.biz Organization Caselg...
|26
|2973
|408
Principles of Digital Forensics PDFlg...
|22
|1932
|375
Demonstration of Autopsylg...
|22
|1475
|22
Digital Forensics - Assignmentslg...
|39
|3425
|103
Digital forensics | Question and Answerlg...
|18
|1393
|19