Digital Forensic: Features, Challenges, and Objectives
VerifiedAdded on 2023/06/03
|28
|6355
|120
AI Summary
This article discusses the features, challenges, and objectives of digital forensic. It covers the identification, quality of files, and regulation of digital forensic. The article also highlights the principal and challenges of digital forensic.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: Clowning About Again
Clowning About Again
Name
Institution
Clowning About Again
Name
Institution
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Clowning About Again
Summary
Computer Forensic generally refers to the process of gathering, investigating and the
provision of an account about some many more information regarding to the computerization
through a manner in which it is lawfully permitted. It tends to be made good use or rather say
utilized in the invention and all other counteractive deeds and the results of the wrongdoing and
along any other discussion where evidence is considered carefully. Criminological experts
looking at PC bad behaviors require a course of action of gave instruments and also the usage of
very certain frameworks. Dependent upon the kind of PC contraption and the kind of cutting-
edge proof, authorities may pick some instrument.
A regular misinformed judgment in the use of PC legitimate instruments is the conviction
these gadgets are simply used to disentangle computerized bad behavior. While advanced bad
behavior is quickly accomplishing levels extraordinary just 10 years earlier, PC lawful sciences
isn't limited to this kind of bad behavior. To be sure, only a little degree of cases enlightened by
PC criminological bosses is related to computerized bad behavior, Taniguchi, T. A., & Gill, C.
(2018).
Summary
Computer Forensic generally refers to the process of gathering, investigating and the
provision of an account about some many more information regarding to the computerization
through a manner in which it is lawfully permitted. It tends to be made good use or rather say
utilized in the invention and all other counteractive deeds and the results of the wrongdoing and
along any other discussion where evidence is considered carefully. Criminological experts
looking at PC bad behaviors require a course of action of gave instruments and also the usage of
very certain frameworks. Dependent upon the kind of PC contraption and the kind of cutting-
edge proof, authorities may pick some instrument.
A regular misinformed judgment in the use of PC legitimate instruments is the conviction
these gadgets are simply used to disentangle computerized bad behavior. While advanced bad
behavior is quickly accomplishing levels extraordinary just 10 years earlier, PC lawful sciences
isn't limited to this kind of bad behavior. To be sure, only a little degree of cases enlightened by
PC criminological bosses is related to computerized bad behavior, Taniguchi, T. A., & Gill, C.
(2018).
Clowning About Again
Table of Contents
Summary..........................................................................................................................................2
1.0 Clowning About Again..............................................................................................................5
1.1 Features of the digital forensic..............................................................................................6
1.2 Digital forensic principal.......................................................................................................6
1.3 Challenges to digital forensic................................................................................................7
1.4 Objectives..............................................................................................................................8
1.5 Regulation..............................................................................................................................8
2.0 Identification..............................................................................................................................8
3.0 Quality of files.........................................................................................................................10
3.1 Encapsulated PostScript.......................................................................................................11
3.2 Portable Document Format..................................................................................................11
3.3 Tag Image File Format........................................................................................................11
4.0 Installed software.....................................................................................................................12
4.1 FTK Imager.........................................................................................................................12
4.1.1 The use of FTK Imager in the acquisition of the volatile memory..............................12
4.1.2 The use of FTK Imager for acquiring non-volatile memory........................................14
4.1.3 Physical Drives Collection...........................................................................................15
4.2 Erased Data Recovery..........................................................................................................20
4.3 Laptop Internet Browser Forensics......................................................................................21
Table of Contents
Summary..........................................................................................................................................2
1.0 Clowning About Again..............................................................................................................5
1.1 Features of the digital forensic..............................................................................................6
1.2 Digital forensic principal.......................................................................................................6
1.3 Challenges to digital forensic................................................................................................7
1.4 Objectives..............................................................................................................................8
1.5 Regulation..............................................................................................................................8
2.0 Identification..............................................................................................................................8
3.0 Quality of files.........................................................................................................................10
3.1 Encapsulated PostScript.......................................................................................................11
3.2 Portable Document Format..................................................................................................11
3.3 Tag Image File Format........................................................................................................11
4.0 Installed software.....................................................................................................................12
4.1 FTK Imager.........................................................................................................................12
4.1.1 The use of FTK Imager in the acquisition of the volatile memory..............................12
4.1.2 The use of FTK Imager for acquiring non-volatile memory........................................14
4.1.3 Physical Drives Collection...........................................................................................15
4.2 Erased Data Recovery..........................................................................................................20
4.3 Laptop Internet Browser Forensics......................................................................................21
Clowning About Again
4.4 Email Forensics...................................................................................................................21
4.5 Hard Disk Data....................................................................................................................21
4.6 RAM Data............................................................................................................................22
4.7 Windows Registry Data.......................................................................................................22
4.8 USB drive............................................................................................................................22
Appendix A: Running sheet...........................................................................................................23
Appendix B: Timeline of Events...................................................................................................25
References......................................................................................................................................26
4.4 Email Forensics...................................................................................................................21
4.5 Hard Disk Data....................................................................................................................21
4.6 RAM Data............................................................................................................................22
4.7 Windows Registry Data.......................................................................................................22
4.8 USB drive............................................................................................................................22
Appendix A: Running sheet...........................................................................................................23
Appendix B: Timeline of Events...................................................................................................25
References......................................................................................................................................26
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: Clowning About Again
1.0 Clowning About Again
Computerized gadgets, for example, PDAs, tablets, gaming consoles, PC and personal
computers have turned out to be vital piece of the advanced society. With the multiplication of
these gadgets in our regular daily existences, there is the propensity to utilize data got from them
for criminal exercises. Wrongdoings, for example, misrepresentation, tranquilize trafficking,
crime, hacking, imitation, and psychological oppression frequently include PCs. To battle PC
wrongdoings, advanced legal sciences (DF) started in law implementation, PC security, and
national barrier. Law authorization offices, budgetary foundations, and speculation firms are
joining computerized legal sciences into their framework, Littlefield, Kebande, V. R., & Ray, I.
(2016, August). Advanced legal sciences are utilized to help examine cybercrime or recognize
coordinate proof of a PC helped wrongdoing. The idea of advanced criminology goes back to
late 1990s and mid 2000s when it was considered as PC legal sciences. The lawful calling, law
implementation, arrangement creators, the business network, instruction, and government all
have a personal stake in computerized criminological.
Computerized criminology is frequently utilized in both criminal law and private
examination. It has been customarily connected with criminal law. It requires thorough gauges to
face questioning in court. Information on device can be looked for if the gadget has been
lawfully captured such as under the police as well as criminal evidence Act 1984. Policy
enforcement as well as security officers may, with a warrant, block the details of the
communication for the more serious assessments. They may also gain data about
communications from communications service providers, Kouwen (2018). These authorities are
now governed by the Control of Investigatory Authority Act 2000 as well as other legislation.
Police agencies can also gain information through equipment interference like bugging. Police
personnel may either attempt this by use of physical instruments or software that permits remote
access to the gadget (Serious Crime Act 2015), that allows particular exemptions from the
personal computer misuse Act 1990. Currently, legislators are considering Investigatory
Authority Bill.
Currently, parliament is considering the Investigatory Powers Bill and the governments
wants to the Bill to reinforce powers present to security agencies, law enforcement bodies as well
as intelligence to attain communications as well as information on the communications,
1.0 Clowning About Again
Computerized gadgets, for example, PDAs, tablets, gaming consoles, PC and personal
computers have turned out to be vital piece of the advanced society. With the multiplication of
these gadgets in our regular daily existences, there is the propensity to utilize data got from them
for criminal exercises. Wrongdoings, for example, misrepresentation, tranquilize trafficking,
crime, hacking, imitation, and psychological oppression frequently include PCs. To battle PC
wrongdoings, advanced legal sciences (DF) started in law implementation, PC security, and
national barrier. Law authorization offices, budgetary foundations, and speculation firms are
joining computerized legal sciences into their framework, Littlefield, Kebande, V. R., & Ray, I.
(2016, August). Advanced legal sciences are utilized to help examine cybercrime or recognize
coordinate proof of a PC helped wrongdoing. The idea of advanced criminology goes back to
late 1990s and mid 2000s when it was considered as PC legal sciences. The lawful calling, law
implementation, arrangement creators, the business network, instruction, and government all
have a personal stake in computerized criminological.
Computerized criminology is frequently utilized in both criminal law and private
examination. It has been customarily connected with criminal law. It requires thorough gauges to
face questioning in court. Information on device can be looked for if the gadget has been
lawfully captured such as under the police as well as criminal evidence Act 1984. Policy
enforcement as well as security officers may, with a warrant, block the details of the
communication for the more serious assessments. They may also gain data about
communications from communications service providers, Kouwen (2018). These authorities are
now governed by the Control of Investigatory Authority Act 2000 as well as other legislation.
Police agencies can also gain information through equipment interference like bugging. Police
personnel may either attempt this by use of physical instruments or software that permits remote
access to the gadget (Serious Crime Act 2015), that allows particular exemptions from the
personal computer misuse Act 1990. Currently, legislators are considering Investigatory
Authority Bill.
Currently, parliament is considering the Investigatory Powers Bill and the governments
wants to the Bill to reinforce powers present to security agencies, law enforcement bodies as well
as intelligence to attain communications as well as information on the communications,
Clowning About Again
Lentine ,Kouwen (2018). Its objective is to offer a more open basis for securing the warrants
needed for interception as well as instrument interference, and to advance safeguards by
proposing judicial overlook. Although, there has been opposition to the Bill. A draft form of the
Bill has been tested by some parliamentary committees. Evidence is subject to the threat process
Rules 2015, and there are appropriate exercise guidelines for policy enforcement professionals
concerning with digital
evidence. These include the policies that information should not be modified by a
investigation as well as that records should not be maintained of the procedures applied to
information, Agarwal, R., & Kothari, S. (2015). The Forensic Science Regulator (FSR) is liable
for maintaining the quality of the digital forensic activities within the United Kingdom Criminal
Justice System, therefore she now lacks statutory authority to guarantee compliance. The
Forensic Service Regulator states the risk of errors taking place in digital forensic is important,
Quick,Lillis, (2016).
1.1 Features of the digital forensic
Computerized legal sciences are normally connected with the location and anticipation of
cybercrime. It is identified with advanced security in that both are centered around computerized
episodes. While computerized security centers around protection measures, advanced
criminology centers around responsive measures. Advanced legal sciences can be part up into
five branches. Cell phone legal sciences is a recently creating part of advanced crime scene
investigation identifying with recuperation of computerized proof from a cell phone. The
computerized medium has turned into the key region for email hacking, Hashim, Halim, Ismail,
Noor, Fuzi, Mohammed., & Gining (2017).
1.2 Digital forensic principal.
Computerized Forensic is inferred as an equivalent word for PC legal sciences, yet its
definition has extended to incorporate the crime scene investigation of every single advanced
innovation. An advanced measurable examination can be extensively separated into three phases:
protection of proof, investigation and introduction. Computerized proof exists in open PC
frameworks, correspondence frameworks, and inserted PC frameworks. Computerized proof can
be copied precisely and it is hard to devastate. It very well may be found in hard drive, streak
drive, telephones, cell phones, switches, tablets, and instruments, for example, GPS. To be
Lentine ,Kouwen (2018). Its objective is to offer a more open basis for securing the warrants
needed for interception as well as instrument interference, and to advance safeguards by
proposing judicial overlook. Although, there has been opposition to the Bill. A draft form of the
Bill has been tested by some parliamentary committees. Evidence is subject to the threat process
Rules 2015, and there are appropriate exercise guidelines for policy enforcement professionals
concerning with digital
evidence. These include the policies that information should not be modified by a
investigation as well as that records should not be maintained of the procedures applied to
information, Agarwal, R., & Kothari, S. (2015). The Forensic Science Regulator (FSR) is liable
for maintaining the quality of the digital forensic activities within the United Kingdom Criminal
Justice System, therefore she now lacks statutory authority to guarantee compliance. The
Forensic Service Regulator states the risk of errors taking place in digital forensic is important,
Quick,Lillis, (2016).
1.1 Features of the digital forensic
Computerized legal sciences are normally connected with the location and anticipation of
cybercrime. It is identified with advanced security in that both are centered around computerized
episodes. While computerized security centers around protection measures, advanced
criminology centers around responsive measures. Advanced legal sciences can be part up into
five branches. Cell phone legal sciences is a recently creating part of advanced crime scene
investigation identifying with recuperation of computerized proof from a cell phone. The
computerized medium has turned into the key region for email hacking, Hashim, Halim, Ismail,
Noor, Fuzi, Mohammed., & Gining (2017).
1.2 Digital forensic principal.
Computerized Forensic is inferred as an equivalent word for PC legal sciences, yet its
definition has extended to incorporate the crime scene investigation of every single advanced
innovation. An advanced measurable examination can be extensively separated into three phases:
protection of proof, investigation and introduction. Computerized proof exists in open PC
frameworks, correspondence frameworks, and inserted PC frameworks. Computerized proof can
be copied precisely and it is hard to devastate. It very well may be found in hard drive, streak
drive, telephones, cell phones, switches, tablets, and instruments, for example, GPS. To be
Clowning About Again
allowable in a courtroom, proof must be both applicable and dependable. To date, there have
been couple of lawful difficulties to advanced proof. Measurable examination distinguishes the
riddle pieces that understand the PC wrongdoing. It requires utilizing productive instruments.
Various programming apparatuses that are presently accessible for prepared measurable agents
to utilize. Investigators direct examinations utilizing different systems following the standards of
criminological science. The introduction of proof includes setting up an answer to show the
discoveries to all partners including the judge, jury, charged, legal advisors, and examiners. The
report must be set up so that it is appropriate to be displayed in a courtroom.
1.3 Challenges to digital forensic
The exponential development and headways in the field of figuring and system
advancements have made existing computerized criminology apparatuses and strategies
insufficient.
i. The multifaceted nature issue, emerging from information being procured
at the most minimal (i.e. parallel) organize with expanding volume and heterogeneity,
which calls for advanced information decrease strategies before examination.
ii. The assorted variety issue, coming about normally from consistently
expanding volumes of information, yet likewise from an absence of standard systems to
inspect and investigate the expanding numbers furthermore, kinds of sources, which
bring a plurality if working frameworks, file designs, and so on. The absence of
institutionalization of advanced evidence capacity and the organizing of associated
metadata likewise superfluously adds to the many-sided quality of sharing advanced
proof among national and universal law enforcement organizations.
iii. The consistency and connection issue resulting from the way that current
devices are intended to find parts of proof, however not to generally aid examinations.
iv. The volume issue, coming to fruition due to in wrinkled limit limits and
the quantity of devices that store information, and a need of su cient automation forffi
examination.
v. The unified time lining issue, where various sources present di erent timeff
zone references, timestamp interpretations, clock skew/glide issues, and the etymological
structure perspectives engaged with making a unified timetable.
allowable in a courtroom, proof must be both applicable and dependable. To date, there have
been couple of lawful difficulties to advanced proof. Measurable examination distinguishes the
riddle pieces that understand the PC wrongdoing. It requires utilizing productive instruments.
Various programming apparatuses that are presently accessible for prepared measurable agents
to utilize. Investigators direct examinations utilizing different systems following the standards of
criminological science. The introduction of proof includes setting up an answer to show the
discoveries to all partners including the judge, jury, charged, legal advisors, and examiners. The
report must be set up so that it is appropriate to be displayed in a courtroom.
1.3 Challenges to digital forensic
The exponential development and headways in the field of figuring and system
advancements have made existing computerized criminology apparatuses and strategies
insufficient.
i. The multifaceted nature issue, emerging from information being procured
at the most minimal (i.e. parallel) organize with expanding volume and heterogeneity,
which calls for advanced information decrease strategies before examination.
ii. The assorted variety issue, coming about normally from consistently
expanding volumes of information, yet likewise from an absence of standard systems to
inspect and investigate the expanding numbers furthermore, kinds of sources, which
bring a plurality if working frameworks, file designs, and so on. The absence of
institutionalization of advanced evidence capacity and the organizing of associated
metadata likewise superfluously adds to the many-sided quality of sharing advanced
proof among national and universal law enforcement organizations.
iii. The consistency and connection issue resulting from the way that current
devices are intended to find parts of proof, however not to generally aid examinations.
iv. The volume issue, coming to fruition due to in wrinkled limit limits and
the quantity of devices that store information, and a need of su cient automation forffi
examination.
v. The unified time lining issue, where various sources present di erent timeff
zone references, timestamp interpretations, clock skew/glide issues, and the etymological
structure perspectives engaged with making a unified timetable.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Clowning About Again
1.4 Objectives
The main objective of this research report is to retrieve back all the information within
the damaged computer. Having selected the FTK Imager as the main tool of work, then recovery
process will just be accomplished. Some of the intruders may wish to capture the whole
computer and carry out their own dangerous activities, which in most cases is to tamper with the
normal functioning of the computer. In this scenario we are provided in such a way that the
personnel are using the clones, in which the law does not allow in the acquisition of some of the
information from the office computer. This practice in most cases in very much prohibited.,
Norouzi (2014).
1.5 Regulation
Early 2018, the Government budgeted for more allocation of resources in the
police force financing for modern policing reform. The institution of Policing, National Crime
Agency as well as National Police Chief’s Council have perceived a need to create digital
investigation as well as intelligence abilities. Currently, the House of Commons Science as well
as Technology Committee recorded a shortage of United Kingdom financing for forensic science
study, and revived recommendation that Authority creates a strategy for forensics. The Home
Office is also starting to gather statistics from the peacemaker forces in England as well as Wales
on their deployment of digital forensics, van Duyne, Thethi, N., & Keane, A. (2014, February).
Chief Scientific of the Government adviser’s 2018 yearly report tested forensic science, counting
digital forensic, as well as its various applications, Agrawal, N., & Islam, S. (2016, February).
2.0 Identification
Computerized Forensic Evidence gathering procedure offers the flow of evidence
gathering, and constitutes of four stages which include:
Identification
Collection,
Observation and
Preservation
Analysis and
organization
Verification
1.4 Objectives
The main objective of this research report is to retrieve back all the information within
the damaged computer. Having selected the FTK Imager as the main tool of work, then recovery
process will just be accomplished. Some of the intruders may wish to capture the whole
computer and carry out their own dangerous activities, which in most cases is to tamper with the
normal functioning of the computer. In this scenario we are provided in such a way that the
personnel are using the clones, in which the law does not allow in the acquisition of some of the
information from the office computer. This practice in most cases in very much prohibited.,
Norouzi (2014).
1.5 Regulation
Early 2018, the Government budgeted for more allocation of resources in the
police force financing for modern policing reform. The institution of Policing, National Crime
Agency as well as National Police Chief’s Council have perceived a need to create digital
investigation as well as intelligence abilities. Currently, the House of Commons Science as well
as Technology Committee recorded a shortage of United Kingdom financing for forensic science
study, and revived recommendation that Authority creates a strategy for forensics. The Home
Office is also starting to gather statistics from the peacemaker forces in England as well as Wales
on their deployment of digital forensics, van Duyne, Thethi, N., & Keane, A. (2014, February).
Chief Scientific of the Government adviser’s 2018 yearly report tested forensic science, counting
digital forensic, as well as its various applications, Agrawal, N., & Islam, S. (2016, February).
2.0 Identification
Computerized Forensic Evidence gathering procedure offers the flow of evidence
gathering, and constitutes of four stages which include:
Identification
Collection,
Observation and
Preservation
Analysis and
organization
Verification
Clowning About Again
Figure 1.0 Digital Forensic Procedure Model for Gathering Digital Evidence, Soltani, S.,
& Seno, S. A. H. (2017, October).
i) Identification – every computerized data or artifacts which can be referred to as
evidence.
Forensic assessors first required to establish the Digital instrument like Computer, mobile
Phone, Laptop, Storage Drive, iPod as well as camera.
ii) Gather, note and keep the evidence: next step contains gathering of seized digital
evidence, observation of the assessments and then keep in the given form.
iii) Analyze, establish and arrange the evidence: this stage constitutes of analysis of the
gathered Evidences in respect of significance of offence and lastly arrange the evidence
in different classification such as windows Registry, Browser files and System log.
iv) Build up the evidence or repeat an incident to approve the same outcome each time.
Approval of gathered evidence is a significance factor of computerized forensic
Figure 1.0 Digital Forensic Procedure Model for Gathering Digital Evidence, Soltani, S.,
& Seno, S. A. H. (2017, October).
i) Identification – every computerized data or artifacts which can be referred to as
evidence.
Forensic assessors first required to establish the Digital instrument like Computer, mobile
Phone, Laptop, Storage Drive, iPod as well as camera.
ii) Gather, note and keep the evidence: next step contains gathering of seized digital
evidence, observation of the assessments and then keep in the given form.
iii) Analyze, establish and arrange the evidence: this stage constitutes of analysis of the
gathered Evidences in respect of significance of offence and lastly arrange the evidence
in different classification such as windows Registry, Browser files and System log.
iv) Build up the evidence or repeat an incident to approve the same outcome each time.
Approval of gathered evidence is a significance factor of computerized forensic
Clowning About Again
3.0 Quality of files
The files acquired from the digital technology tends to be very much clear if the required
procedure is well followed. When imaging is finished, any great apparatus ought to produce a
computerized unique mark of the gained media, also called a hash, Rashid, Rahim, R., & Dewi,
A. R. (2017, December). A hash age process includes inspecting the majority of the 0's and 1's
that exist over the divisions analyzed. Modifying a solitary 0 to a 1 will cause the subsequent
hash an incentive to appear as something else. Both the first and duplicate of the proof are
dissected to create a source and target hash. Accepting they both matches, we can be sure of the
genuineness of the duplicated hard drive or other media. The type of information of concern here
in this case is the multimedia type in which the images are taken for consideration. This image is
considered the tool for the evidence of the recently carried out clowning process. Through this
process, to ensure that he image being obtained meets the minimal requirements of any file, then
the following are the methods and tools for quality file production:
Checksum- this is one of the most common tools in which the file under
investigation is approved to ascertain if truly the file was changed or altered at the time of
occurrence of the incidence. Involves the deployment of the SHA! Hashes together with
the md5.
Authentic amped-to deal with the images appropriately, this tool is
employed such that the authentication process of an image is checked to confirm the
establishment of facts and proofs on whether a given image is a copy of the original
image, the original itself, a valid copy that is produced through the use of some other
devices or to some extent the resultant of some other program mostly used for
modification of the photos and some other images.
File Checksum Integrity Verifier utility- another tool in which an image
can be checked via the use of this computer command prompt utility in which the file is
converted to a file hash mode where only the values are to be analyzed. This facility is
used for the approval of this type of file format. The resulting outcome of this process is
the xml file in which the display on the monitor can be later on saved to a specified
database such that they are stored for future verification of the same data file.
The following section explains the possible types of images that could be utilized:
3.0 Quality of files
The files acquired from the digital technology tends to be very much clear if the required
procedure is well followed. When imaging is finished, any great apparatus ought to produce a
computerized unique mark of the gained media, also called a hash, Rashid, Rahim, R., & Dewi,
A. R. (2017, December). A hash age process includes inspecting the majority of the 0's and 1's
that exist over the divisions analyzed. Modifying a solitary 0 to a 1 will cause the subsequent
hash an incentive to appear as something else. Both the first and duplicate of the proof are
dissected to create a source and target hash. Accepting they both matches, we can be sure of the
genuineness of the duplicated hard drive or other media. The type of information of concern here
in this case is the multimedia type in which the images are taken for consideration. This image is
considered the tool for the evidence of the recently carried out clowning process. Through this
process, to ensure that he image being obtained meets the minimal requirements of any file, then
the following are the methods and tools for quality file production:
Checksum- this is one of the most common tools in which the file under
investigation is approved to ascertain if truly the file was changed or altered at the time of
occurrence of the incidence. Involves the deployment of the SHA! Hashes together with
the md5.
Authentic amped-to deal with the images appropriately, this tool is
employed such that the authentication process of an image is checked to confirm the
establishment of facts and proofs on whether a given image is a copy of the original
image, the original itself, a valid copy that is produced through the use of some other
devices or to some extent the resultant of some other program mostly used for
modification of the photos and some other images.
File Checksum Integrity Verifier utility- another tool in which an image
can be checked via the use of this computer command prompt utility in which the file is
converted to a file hash mode where only the values are to be analyzed. This facility is
used for the approval of this type of file format. The resulting outcome of this process is
the xml file in which the display on the monitor can be later on saved to a specified
database such that they are stored for future verification of the same data file.
The following section explains the possible types of images that could be utilized:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Clowning About Again
3.1 Encapsulated PostScript
EPS can be utilized for pictures created by vector-drawing applications, for example,
Adobe Illustrator or CorelDraw. Be that as it may, EPS has a tendency to be a cumbersome
record design, contrasted and PDF which is a more current and smaller useful likeness EPS, so
accommodation of figures in PDF arrange is empowered. EPS pictures ought to be trimmed
utilizing indistinguishable programming from was utilized to make it (allude to the producer's
documentation). On the off chance that there are issues editing the EPS picture at that point, if all
else fails, consider rasterizing it (changing over from vector to bitmap design) utilizing
Photoshop, trimming the bitmap (again utilizing Photoshop) and presenting the subsequent
bitmap picture in TIFF or JPEG organize. Be that as it may, rasterization will ordinarily build
record estimate and lessen quality, contrasted and a vector picture.
3.2 Portable Document Format
This is the modern image format which is very excellent and is capable of
containing both the elements of the bitmap and the vectors. The trick that comes in the forensics
imagery of the photos is the selection of the right settings.
3.3 Tag Image File Format
This is the type of image that is suitable for photographic scanned images. The format
mostly supports the lossless compression in the which it works with the color flats such as the
screenshots. This type provides a room for the compression process.
3.1 Encapsulated PostScript
EPS can be utilized for pictures created by vector-drawing applications, for example,
Adobe Illustrator or CorelDraw. Be that as it may, EPS has a tendency to be a cumbersome
record design, contrasted and PDF which is a more current and smaller useful likeness EPS, so
accommodation of figures in PDF arrange is empowered. EPS pictures ought to be trimmed
utilizing indistinguishable programming from was utilized to make it (allude to the producer's
documentation). On the off chance that there are issues editing the EPS picture at that point, if all
else fails, consider rasterizing it (changing over from vector to bitmap design) utilizing
Photoshop, trimming the bitmap (again utilizing Photoshop) and presenting the subsequent
bitmap picture in TIFF or JPEG organize. Be that as it may, rasterization will ordinarily build
record estimate and lessen quality, contrasted and a vector picture.
3.2 Portable Document Format
This is the modern image format which is very excellent and is capable of
containing both the elements of the bitmap and the vectors. The trick that comes in the forensics
imagery of the photos is the selection of the right settings.
3.3 Tag Image File Format
This is the type of image that is suitable for photographic scanned images. The format
mostly supports the lossless compression in the which it works with the color flats such as the
screenshots. This type provides a room for the compression process.
Clowning About Again
4.0 Installed software
4.1 FTK Imager
Scientific Toolkit or FTK is a Personal Computer legal sciences programming
item made by Access Data. This is Windows based business item. For criminological
examinations, a similar improvement group has made a new absolutely free form of the business
item having very less and reduced implementations. This Forensic Toolkit Imager device is
equipped for both obtaining together with breaking down PC measurable proof. The primary
sections in which the Forensic toolkit can be made a source of the proof are classified into two
namely:
The acquisition of the volatile memory.
The acquisition of the non-volatile memory, that is the Hard Disk.
There are two conceivable ways this instrument can be utilized in legal sciences picture
acquisitions:
Utilizing Forensic Toolkit Imager compact form in a USB pen drive or Hard Disk Drive
and the process of opening it straightforwardly from the proof computer in mind. This alternative
is most as often as possible utilized in live information procurement where the proof
PC/workstation is exchanged on.
Introducing Forensic Toolkit Imager on the agent's PC, Barnes, A., Farr, P., James, J., &
Mason, P. (2016).
For a situation like this, the source disk ought to be sets up into the specialist's
workstation by means of compose blocker. The compose blocker counteracts information being
altered in the proof source plate while giving read-only access to the specialist's PC. This keeps
up the respectability of the source plate.
4.1.1 The use of FTK Imager in the acquisition of the volatile memory
The FTK Imager instrument encourages agents used for gathering the entire volatile
memory (RAM) belonging to any given Personal Computer. The accompanying advances
provides a clear demonstration to you of all the proper methodologies to carry out the whole
process of the clowning.
4.0 Installed software
4.1 FTK Imager
Scientific Toolkit or FTK is a Personal Computer legal sciences programming
item made by Access Data. This is Windows based business item. For criminological
examinations, a similar improvement group has made a new absolutely free form of the business
item having very less and reduced implementations. This Forensic Toolkit Imager device is
equipped for both obtaining together with breaking down PC measurable proof. The primary
sections in which the Forensic toolkit can be made a source of the proof are classified into two
namely:
The acquisition of the volatile memory.
The acquisition of the non-volatile memory, that is the Hard Disk.
There are two conceivable ways this instrument can be utilized in legal sciences picture
acquisitions:
Utilizing Forensic Toolkit Imager compact form in a USB pen drive or Hard Disk Drive
and the process of opening it straightforwardly from the proof computer in mind. This alternative
is most as often as possible utilized in live information procurement where the proof
PC/workstation is exchanged on.
Introducing Forensic Toolkit Imager on the agent's PC, Barnes, A., Farr, P., James, J., &
Mason, P. (2016).
For a situation like this, the source disk ought to be sets up into the specialist's
workstation by means of compose blocker. The compose blocker counteracts information being
altered in the proof source plate while giving read-only access to the specialist's PC. This keeps
up the respectability of the source plate.
4.1.1 The use of FTK Imager in the acquisition of the volatile memory
The FTK Imager instrument encourages agents used for gathering the entire volatile
memory (RAM) belonging to any given Personal Computer. The accompanying advances
provides a clear demonstration to you of all the proper methodologies to carry out the whole
process of the clowning.
Clowning About Again
From the menu, open the Forensic toolkit Imager and explore to the icon showing the
symbol of the volatile memory, the catche memory.
At this point, you can now navigate directly to the destination location from which all
you want to save will be captured and the volatile memory once located, then you will only
create the file name and proceed.
This instrument gives choices to incorporate pagefile and the AD1 documents during the
process of procuring the memory which for this case is the volatile.
The Pagefile: This is factor that is utilized in the working frameworks of the windows as
unpredictable memory because of restriction of physical Random-Access Memory (RAM). Its
normal format of storage is the (pagefile.sys) It is situated within the local disk “C” parcel
prepared to use as unpredictable memory when the current RAM limit is surpassed. Along these
From the menu, open the Forensic toolkit Imager and explore to the icon showing the
symbol of the volatile memory, the catche memory.
At this point, you can now navigate directly to the destination location from which all
you want to save will be captured and the volatile memory once located, then you will only
create the file name and proceed.
This instrument gives choices to incorporate pagefile and the AD1 documents during the
process of procuring the memory which for this case is the volatile.
The Pagefile: This is factor that is utilized in the working frameworks of the windows as
unpredictable memory because of restriction of physical Random-Access Memory (RAM). Its
normal format of storage is the (pagefile.sys) It is situated within the local disk “C” parcel
prepared to use as unpredictable memory when the current RAM limit is surpassed. Along these
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Clowning About Again
lines, this record can have a lot of profitable information while thinking about the unpredictable
memory. Along these lines, it is prescribed to catch and gather this document in the securing.
AD1 record: This is yet another Forensic toolkit Imager picture document. There is a big
task to the examiner when it comes to this type since he or she is required to make a choice to
make another ADI document that could be later on utilized by the same procedure of image
recovery. The memory under study is tapped (the catch memory) and through this process, the
catch will begin securing the unpredictable memory.
Immediately the process of obtaining the information has been finished, the goal
organizer will be in a position to view the information within the gained memory with the
document expansion showing the extension “.mem”.
4.1.2 The use of FTK Imager for acquiring non-volatile memory
As beforehand expressed, this equivalent apparatus can be utilized to gather a plate
picture too.
With the FTK Imager opened, the user is required to explore and move to the “Make
Disk Image”.
lines, this record can have a lot of profitable information while thinking about the unpredictable
memory. Along these lines, it is prescribed to catch and gather this document in the securing.
AD1 record: This is yet another Forensic toolkit Imager picture document. There is a big
task to the examiner when it comes to this type since he or she is required to make a choice to
make another ADI document that could be later on utilized by the same procedure of image
recovery. The memory under study is tapped (the catch memory) and through this process, the
catch will begin securing the unpredictable memory.
Immediately the process of obtaining the information has been finished, the goal
organizer will be in a position to view the information within the gained memory with the
document expansion showing the extension “.mem”.
4.1.2 The use of FTK Imager for acquiring non-volatile memory
As beforehand expressed, this equivalent apparatus can be utilized to gather a plate
picture too.
With the FTK Imager opened, the user is required to explore and move to the “Make
Disk Image”.
Clowning About Again
From here, the source in which the client needs to acquire is now selected.
FTK Imager is equipped for getting physical drives (physical hard drives), sensible drives
(segments), picture documents, substance of an envelope shown folder and or to some cases the
CDs/DVDs. Examiners can associate outer Hard Disk Drives within the accumulation PC by
means of compose the known blocker and utilize the "coherent drive" choice to choose the
mounted segment of the Hard Disk Drive.
4.1.3 Physical Drives Collection
From the new window, you are required to select the option showing the physical drive.
Once this is done, continue to selecting the drive that you need to acquire then click the finish
button. The below diagram shows the procedure.
From here, the source in which the client needs to acquire is now selected.
FTK Imager is equipped for getting physical drives (physical hard drives), sensible drives
(segments), picture documents, substance of an envelope shown folder and or to some cases the
CDs/DVDs. Examiners can associate outer Hard Disk Drives within the accumulation PC by
means of compose the known blocker and utilize the "coherent drive" choice to choose the
mounted segment of the Hard Disk Drive.
4.1.3 Physical Drives Collection
From the new window, you are required to select the option showing the physical drive.
Once this is done, continue to selecting the drive that you need to acquire then click the finish
button. The below diagram shows the procedure.
Clowning About Again
Proceed to adding the destination by clicking the “Add” button, this provides a platform
in which the user chooses his or her own preferred destination.
Proceed to adding the destination by clicking the “Add” button, this provides a platform
in which the user chooses his or her own preferred destination.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Clowning About Again
On this window, there arises the task of choosing the format of the image. The following
four types are provided for this selection.
Raw (dd): This is the picture organize most normally utilized by current investigation
devices. These crude records organized pictures don't contain headers, metadata, or enchantment
esteems. The crude configuration commonly incorporates cushioning for any other given
memory that runs that were deliberately skipped (i.e., gadget inner memory) or which couldn't be
perused by the apparatus in use for the whole process, that keeps up spatial honesty (relative
balances among information).
SMART: This document organize is intended for Linux record frameworks. The
configuration in question keeps the plate pictures as unadulterated bitstreams with discretionary
pressure. The document comprises of a standard 13-byte header pursued by a progression of
segments. Each segment incorporates it compose string, a 64-bit counterbalance to the following
On this window, there arises the task of choosing the format of the image. The following
four types are provided for this selection.
Raw (dd): This is the picture organize most normally utilized by current investigation
devices. These crude records organized pictures don't contain headers, metadata, or enchantment
esteems. The crude configuration commonly incorporates cushioning for any other given
memory that runs that were deliberately skipped (i.e., gadget inner memory) or which couldn't be
perused by the apparatus in use for the whole process, that keeps up spatial honesty (relative
balances among information).
SMART: This document organize is intended for Linux record frameworks. The
configuration in question keeps the plate pictures as unadulterated bitstreams with discretionary
pressure. The document comprises of a standard 13-byte header pursued by a progression of
segments. Each segment incorporates it compose string, a 64-bit counterbalance to the following
Clowning About Again
area, its 64-bit size, cushioning, and a CRC, notwithstanding real information or remarks, if
pertinent.
E01: This association is a prohibitive game plan made by Guidance Software's EnCase.
This design packs the photo record. A photo having this type of association begins with the
information regarding the case at the header and the footer positions, this information must
always contain the hash of MD5 that represents the whole process of the stream. The time in
which the information is being collected, the name of the expert is also another factor to be
considered, along with this details are the notes considered to be special in a way and to some
minor cases the optional mystery state is also considered though not that much required.
AFF: Advance Forensic Format (AFF) was created by Basis Technology and the Simson
Garfinkel. Its most recent execution is AFF4. The objective is to make a plate picture design in
which the client is not bolted in any way into an exclusive configuration that may keep them
from having the capacity to legitimately dissect it.
Presently enter the case subtle elements.
Include a picture goal (where the picture record will be spared), picture document name
and part measure.
area, its 64-bit size, cushioning, and a CRC, notwithstanding real information or remarks, if
pertinent.
E01: This association is a prohibitive game plan made by Guidance Software's EnCase.
This design packs the photo record. A photo having this type of association begins with the
information regarding the case at the header and the footer positions, this information must
always contain the hash of MD5 that represents the whole process of the stream. The time in
which the information is being collected, the name of the expert is also another factor to be
considered, along with this details are the notes considered to be special in a way and to some
minor cases the optional mystery state is also considered though not that much required.
AFF: Advance Forensic Format (AFF) was created by Basis Technology and the Simson
Garfinkel. Its most recent execution is AFF4. The objective is to make a plate picture design in
which the client is not bolted in any way into an exclusive configuration that may keep them
from having the capacity to legitimately dissect it.
Presently enter the case subtle elements.
Include a picture goal (where the picture record will be spared), picture document name
and part measure.
Clowning About Again
Image Fragment Size (MB):
This alternative will isolate the picture document into different pictures and spare them in
a similar goal. On the off chance that you require just a single document as opposed to making
various divided pictures, you should set the picture part size to "0". Select the "confirm pictures
after they are made" alternative. This will check the hash esteems once the picture has made.
With the end goal to guarantee uprightness, it is prescribed to utilize this alternative. Be that as it
may, this will expand the time taken to secure your proof, particularly in case you're managing a
huge plate picture estimate.
Image Fragment Size (MB):
This alternative will isolate the picture document into different pictures and spare them in
a similar goal. On the off chance that you require just a single document as opposed to making
various divided pictures, you should set the picture part size to "0". Select the "confirm pictures
after they are made" alternative. This will check the hash esteems once the picture has made.
With the end goal to guarantee uprightness, it is prescribed to utilize this alternative. Be that as it
may, this will expand the time taken to secure your proof, particularly in case you're managing a
huge plate picture estimate.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Clowning About Again
Now for you to acquire the image click the start button.
Upon completion of the acquisition process, a text file is created containing all the
information that has been acquired within the process.
4.2 Erased Data Recovery
There are many methods to recover erased data from the laptop. One of the essential
ways to recover the deleted information is Dos system command (Dykstra and Sherman 2012).
There are different tools present to recover erased data which include the following.
1. Hiren boot – bootable compact disk with utilities associated with the disk
administration, partitioning, formatting, recovery of the erased data and removal of rootkits.
2. PC INSPECTOR file Recovery – it can detect data categories even the header is
lacking recover from deletions and full volume loss.
3. Free undelete – it recovers by undeleting files that have been erased even they were not
recycled.
4. WinHex – this is an equipment used for computer forensics as well as information
recovery program.
Now for you to acquire the image click the start button.
Upon completion of the acquisition process, a text file is created containing all the
information that has been acquired within the process.
4.2 Erased Data Recovery
There are many methods to recover erased data from the laptop. One of the essential
ways to recover the deleted information is Dos system command (Dykstra and Sherman 2012).
There are different tools present to recover erased data which include the following.
1. Hiren boot – bootable compact disk with utilities associated with the disk
administration, partitioning, formatting, recovery of the erased data and removal of rootkits.
2. PC INSPECTOR file Recovery – it can detect data categories even the header is
lacking recover from deletions and full volume loss.
3. Free undelete – it recovers by undeleting files that have been erased even they were not
recycled.
4. WinHex – this is an equipment used for computer forensics as well as information
recovery program.
Clowning About Again
5. Wise Data Recovery – recovery information from the hard drives as well as removable
media like USB drive as well as USB hard disk, Gao, P., Wang, M., Ghiocel et al (2016).
6. UndeleteMyFiles Pro – a group of equipment for data recovery, including media
recover, file rescue, deleted data search, mail rescue as well as emergency disk image, Gao et al
(2016).
7. Digital Forensic Framework – this device is deployed for digital chain custody and
recovery of hidden erased files, rapid search for files metadata.
4.3 Laptop Internet Browser Forensics
To get the internet browser information I deployed WEFA browser forensic analyzer
equipment, this instrument aids in getting the history of browser, download list, cookies data,
search data, local data opened as well as uploaded, getting back of temporary internet details as
well as timeline of activities (Martini and Choo 2012). The following operations were carried out
to get the internet browser details.
1. Browser History – I used Web Browser Forensic Analyzer device to gather evidence
that offered us the different data like many websites visited, fetched files from the internet, active
time on the network, local files accessed from the computer system.
4.4 Email Forensics
I suspected the firm laptop from which the data were sent by suspected worker with aid
of Gmail mail to the personal computer mail address. Forensic of email entails the acquisition of
the evidences from both parties, Chhabra, G. S., & Bajwa, D. S. (2015). Assessing mail headers
in order to collect data on the email as well as tracking the suspect to origin of the email locality.
The major other data includes the time as well as date of the text was sent, Armknecht, F., &
Dewald, A. (2015).
4.5 Hard Disk Data
HDD is the major source of different forms information that can referred as an evidence.
As expected data having categorized information as well as business privacy were erased by the
suspect (Shaw and Browne 2013). I successfully recovered various files with the aid of different
devices like Hiren Boot.
5. Wise Data Recovery – recovery information from the hard drives as well as removable
media like USB drive as well as USB hard disk, Gao, P., Wang, M., Ghiocel et al (2016).
6. UndeleteMyFiles Pro – a group of equipment for data recovery, including media
recover, file rescue, deleted data search, mail rescue as well as emergency disk image, Gao et al
(2016).
7. Digital Forensic Framework – this device is deployed for digital chain custody and
recovery of hidden erased files, rapid search for files metadata.
4.3 Laptop Internet Browser Forensics
To get the internet browser information I deployed WEFA browser forensic analyzer
equipment, this instrument aids in getting the history of browser, download list, cookies data,
search data, local data opened as well as uploaded, getting back of temporary internet details as
well as timeline of activities (Martini and Choo 2012). The following operations were carried out
to get the internet browser details.
1. Browser History – I used Web Browser Forensic Analyzer device to gather evidence
that offered us the different data like many websites visited, fetched files from the internet, active
time on the network, local files accessed from the computer system.
4.4 Email Forensics
I suspected the firm laptop from which the data were sent by suspected worker with aid
of Gmail mail to the personal computer mail address. Forensic of email entails the acquisition of
the evidences from both parties, Chhabra, G. S., & Bajwa, D. S. (2015). Assessing mail headers
in order to collect data on the email as well as tracking the suspect to origin of the email locality.
The major other data includes the time as well as date of the text was sent, Armknecht, F., &
Dewald, A. (2015).
4.5 Hard Disk Data
HDD is the major source of different forms information that can referred as an evidence.
As expected data having categorized information as well as business privacy were erased by the
suspect (Shaw and Browne 2013). I successfully recovered various files with the aid of different
devices like Hiren Boot.
Clowning About Again
Deleted data – recovered with aid of devices, I found that the group of files was erased by
the suspect after attaching it to personal email.
Event viewer backup – this act like the black box of the device, data gotten from the
event viewer aided in determining the link user operations on the system as well as her activities
in stealing the information.
4.6 RAM Data
As the laptop was shutdown RAM information was not recovered. 3.6.1 windows registry
is ranking database that reserves low-level settings for operating system such as Microsoft
Windows and for program that opt to deploy the Registry. The Kernel, services, device drivers,
user interface as well as security accounts manager (SAM) call use it.
4.7 Windows Registry Data
It is a progressive database that jelly low level designs for the Windows working
framework and in addition for projects that pick to utilize the Registry. Windows Registry
Backups from direction line – the specialized method for support up the windows vault involves
conveying order incite. To make utilization of Console Recovery hardware open order incite by
entering cmd.exe by run discourse in your windows begin menu, you will open vault chain of
command. To see the reinforcement, move to where to where you have proposed to protect it in
your PC.
4.8 USB drive
Each time a machine is connected with the Universal Serial Bus drivers are questioned
and data of the gadget is kept into the Registry. The key in the vault keeps substance of the thing
and in addition gadget ID estimations of each USB gadget that was ever connected to the
framework. The web traveler is the internet browser in the working frameworks, for example,
windows and utilizations Registry for the most part for capacity of data.
Deleted data – recovered with aid of devices, I found that the group of files was erased by
the suspect after attaching it to personal email.
Event viewer backup – this act like the black box of the device, data gotten from the
event viewer aided in determining the link user operations on the system as well as her activities
in stealing the information.
4.6 RAM Data
As the laptop was shutdown RAM information was not recovered. 3.6.1 windows registry
is ranking database that reserves low-level settings for operating system such as Microsoft
Windows and for program that opt to deploy the Registry. The Kernel, services, device drivers,
user interface as well as security accounts manager (SAM) call use it.
4.7 Windows Registry Data
It is a progressive database that jelly low level designs for the Windows working
framework and in addition for projects that pick to utilize the Registry. Windows Registry
Backups from direction line – the specialized method for support up the windows vault involves
conveying order incite. To make utilization of Console Recovery hardware open order incite by
entering cmd.exe by run discourse in your windows begin menu, you will open vault chain of
command. To see the reinforcement, move to where to where you have proposed to protect it in
your PC.
4.8 USB drive
Each time a machine is connected with the Universal Serial Bus drivers are questioned
and data of the gadget is kept into the Registry. The key in the vault keeps substance of the thing
and in addition gadget ID estimations of each USB gadget that was ever connected to the
framework. The web traveler is the internet browser in the working frameworks, for example,
windows and utilizations Registry for the most part for capacity of data.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Running head: Clowning About Again
Appendix A: Running sheet
Date of the Function 17/10/2018
Start Time 8:00 AM
Finish Time 4:30 PM
Physical Address Tech
Phone Number Phone here
VIP’s
Username User Position The Organization User Phone Number
Special Mentions
Username User Position The Organization User Phone Number
Key contacts
Username User Position The Organization User Phone Number
Running Sheet
Appendix A: Running sheet
Date of the Function 17/10/2018
Start Time 8:00 AM
Finish Time 4:30 PM
Physical Address Tech
Phone Number Phone here
VIP’s
Username User Position The Organization User Phone Number
Special Mentions
Username User Position The Organization User Phone Number
Key contacts
Username User Position The Organization User Phone Number
Running Sheet
Clowning About Again
Username User Position The Organization User Phone Number
Running sheet
Time (a specific time
should be provided)
Action The Organization User Phone Number
Username User Position The Organization User Phone Number
Running sheet
Time (a specific time
should be provided)
Action The Organization User Phone Number
Clowning About Again
Appendix B: Timeline of Events
Week 1 Week 2 Week 3 Week 4
Assembly Analysis Assembly Assembly
Appendix B: Timeline of Events
Week 1 Week 2 Week 3 Week 4
Assembly Analysis Assembly Assembly
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Clowning About Again
References
Armknecht, F., & Dewald, A. (2015). Privacy-preserving email forensics. Digital
Investigation, 14, S127-S136.
Agrawal, N., & Islam, S. (2016, February). Image restoration using self-embedding and
inpainting techniques. In Signal Processing and Integrated Networks (SPIN), 2016 3rd
International Conference on (pp. 743-748). IEEE.
Agarwal, R., & Kothari, S. (2015). Review of digital forensic investigation frameworks.
In Information Science and Applications (pp. 561-571). Springer, Berlin, Heidelberg.
Barnes, A., Farr, P., James, J., & Mason, P. (2016). CAST Key Reference Hard Disk.
Chhabra, G. S., & Bajwa, D. S. (2015). Review of E-mail System, Security Protocols and Email
Forensics. International Journal of Computer Science and Communication Networks, 5(3
s 201.211).
Flory, C. M. (2015). Digital forensics and community supervision: Making a case for field based
digital forensics training.
Gao, P., Wang, M., Ghiocel, S. G., Chow, J. H., Fardanesh, B., & Stefopoulos, G. (2016).
Missing data recovery by exploiting low-dimensionality in power system synchrophasor
measurements. IEEE Transactions on Power Systems, 31(2), 1006-1013.
Hashim, M. A., Halim, I. H. A., Ismail, M. H., Noor, N. M., Fuzi, M. F. M., Mohammed, A. H.,
& Gining, R. A. J. (2017). Digital Forensic Investigation of Trojan Attacks in Network
using Wireshark, FTK Imager and Volatility. Computing Research & Innovation
(CRINN) Vol 2, October 2017, 205.
Kebande, V. R., & Ray, I. (2016, August). A generic digital forensic investigation framework for
internet of things (iot). In Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th
International Conference on (pp. 356-362). IEEE.
Kouwen, A., Scanlon, M., Choo, K. K. R., & Le-Khac, N. A. (2018). Digital forensic
investigation of two-way radio communication equipment and services. Digital
Investigation, 26, S77-S86.
References
Armknecht, F., & Dewald, A. (2015). Privacy-preserving email forensics. Digital
Investigation, 14, S127-S136.
Agrawal, N., & Islam, S. (2016, February). Image restoration using self-embedding and
inpainting techniques. In Signal Processing and Integrated Networks (SPIN), 2016 3rd
International Conference on (pp. 743-748). IEEE.
Agarwal, R., & Kothari, S. (2015). Review of digital forensic investigation frameworks.
In Information Science and Applications (pp. 561-571). Springer, Berlin, Heidelberg.
Barnes, A., Farr, P., James, J., & Mason, P. (2016). CAST Key Reference Hard Disk.
Chhabra, G. S., & Bajwa, D. S. (2015). Review of E-mail System, Security Protocols and Email
Forensics. International Journal of Computer Science and Communication Networks, 5(3
s 201.211).
Flory, C. M. (2015). Digital forensics and community supervision: Making a case for field based
digital forensics training.
Gao, P., Wang, M., Ghiocel, S. G., Chow, J. H., Fardanesh, B., & Stefopoulos, G. (2016).
Missing data recovery by exploiting low-dimensionality in power system synchrophasor
measurements. IEEE Transactions on Power Systems, 31(2), 1006-1013.
Hashim, M. A., Halim, I. H. A., Ismail, M. H., Noor, N. M., Fuzi, M. F. M., Mohammed, A. H.,
& Gining, R. A. J. (2017). Digital Forensic Investigation of Trojan Attacks in Network
using Wireshark, FTK Imager and Volatility. Computing Research & Innovation
(CRINN) Vol 2, October 2017, 205.
Kebande, V. R., & Ray, I. (2016, August). A generic digital forensic investigation framework for
internet of things (iot). In Future Internet of Things and Cloud (FiCloud), 2016 IEEE 4th
International Conference on (pp. 356-362). IEEE.
Kouwen, A., Scanlon, M., Choo, K. K. R., & Le-Khac, N. A. (2018). Digital forensic
investigation of two-way radio communication equipment and services. Digital
Investigation, 26, S77-S86.
Clowning About Again
Lentine, K. L., Schnitzler, M. A., Xiao, H., & Brennan, D. C. (2015). Long-term safety and
efficacy of antithymocyte globulin induction: use of integrated national registry data to
achieve ten-year follow-up of 10-10 Study participants. Trials, 16(1), 365.
Littlefield, D. A., Nallathambi, V. K., & Chanchlani, G. (2016). U.S. Patent No. 9,244,779.
Washington, DC: U.S. Patent and Trademark Office.
Lillis, D., Becker, B., O'Sullivan, T., & Scanlon, M. (2016). Current challenges and future
research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Norouzi, B., Seyedzadeh, S. M., Mirzakuchaki, S., & Mosavi, M. R. (2014). A novel image
encryption based on hash function with only two-round diffusion process. Multimedia
systems, 20(1), 45-64.
Quick, D., & Choo, K. K. R. (2018). Digital Forensic Data and Intelligence. In Big Digital
Forensic Data (pp. 29-47). Springer, Singapore.
Quick, D., & Choo, K. K. R. (2014). Data reduction and data mining framework for digital
forensic evidence: storage, intelligence, review and archive.
Quick, D., Choo, K. K. R., Quick, D., & Choo, K. K. R. (2018). Digital Forensic Data Reduction
by Selective Imaging. Big Digital Forensic Data: Volume 1: Data Reduction Framework
and Selective Imaging, 69-92.
Quick, D. (2015). Digital forensic data and intelligence: Using data reduction to enable
intelligence analysis. Journal of the Australian Institute of Professional Intelligence
Officers, 23(2), 18.
Rahim, R., & Dewi, A. R. (2017, December). Data Collision Prevention with Overflow Hashing
Technique in Closed Hash Searching Process. In Journal of Physics: Conference
Series(Vol. 930, No. 1, p. 012012). IOP Publishing.
Rashid, F., Morford, M. P., Wagner, E. W., Wong, J. D., & Yip, S. (2018). U.S. Patent
Application No. 15/992,342.
Lentine, K. L., Schnitzler, M. A., Xiao, H., & Brennan, D. C. (2015). Long-term safety and
efficacy of antithymocyte globulin induction: use of integrated national registry data to
achieve ten-year follow-up of 10-10 Study participants. Trials, 16(1), 365.
Littlefield, D. A., Nallathambi, V. K., & Chanchlani, G. (2016). U.S. Patent No. 9,244,779.
Washington, DC: U.S. Patent and Trademark Office.
Lillis, D., Becker, B., O'Sullivan, T., & Scanlon, M. (2016). Current challenges and future
research areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Norouzi, B., Seyedzadeh, S. M., Mirzakuchaki, S., & Mosavi, M. R. (2014). A novel image
encryption based on hash function with only two-round diffusion process. Multimedia
systems, 20(1), 45-64.
Quick, D., & Choo, K. K. R. (2018). Digital Forensic Data and Intelligence. In Big Digital
Forensic Data (pp. 29-47). Springer, Singapore.
Quick, D., & Choo, K. K. R. (2014). Data reduction and data mining framework for digital
forensic evidence: storage, intelligence, review and archive.
Quick, D., Choo, K. K. R., Quick, D., & Choo, K. K. R. (2018). Digital Forensic Data Reduction
by Selective Imaging. Big Digital Forensic Data: Volume 1: Data Reduction Framework
and Selective Imaging, 69-92.
Quick, D. (2015). Digital forensic data and intelligence: Using data reduction to enable
intelligence analysis. Journal of the Australian Institute of Professional Intelligence
Officers, 23(2), 18.
Rahim, R., & Dewi, A. R. (2017, December). Data Collision Prevention with Overflow Hashing
Technique in Closed Hash Searching Process. In Journal of Physics: Conference
Series(Vol. 930, No. 1, p. 012012). IOP Publishing.
Rashid, F., Morford, M. P., Wagner, E. W., Wong, J. D., & Yip, S. (2018). U.S. Patent
Application No. 15/992,342.
Clowning About Again
Soltani, S., & Seno, S. A. H. (2017, October). A survey on digital evidence collection and
analysis. In Computer Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital
crime and digital terrorism. Prentice Hall Press.
Stafford, M., Reilly, D., Hetherington, J., & Hester, W. D. (2015). U.S. Patent Application No.
29/473,516.
Taniguchi, T. A., & Gill, C. (2018). The mobilization of computerized crime mapping: a
randomized controlled trial. Journal of Experimental Criminology, 1-13.
Thethi, N., & Keane, A. (2014, February). Digital forensics investigations in the cloud.
In Advance Computing Conference (IACC), 2014 IEEE International (pp. 1475-1480).
IEEE.
van Duyne, P. C., Maljević, A., Antonopoulos, G. A., Harvey, J., & von Lampe, K. (Eds.).
(2015). The relativity of wrongdoing: Corruption, organised crime, fraud and money
laundering in perspective. Wolf Legal Publishers.
Soltani, S., & Seno, S. A. H. (2017, October). A survey on digital evidence collection and
analysis. In Computer Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital
crime and digital terrorism. Prentice Hall Press.
Stafford, M., Reilly, D., Hetherington, J., & Hester, W. D. (2015). U.S. Patent Application No.
29/473,516.
Taniguchi, T. A., & Gill, C. (2018). The mobilization of computerized crime mapping: a
randomized controlled trial. Journal of Experimental Criminology, 1-13.
Thethi, N., & Keane, A. (2014, February). Digital forensics investigations in the cloud.
In Advance Computing Conference (IACC), 2014 IEEE International (pp. 1475-1480).
IEEE.
van Duyne, P. C., Maljević, A., Antonopoulos, G. A., Harvey, J., & von Lampe, K. (Eds.).
(2015). The relativity of wrongdoing: Corruption, organised crime, fraud and money
laundering in perspective. Wolf Legal Publishers.
1 out of 28
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.