Digital Forensics: Investigation and Recovery of Lost Data
VerifiedAdded on  2023/06/12
|21
|2379
|235
AI Summary
This report discusses the investigation and recovery of lost data through digital forensics tools like Pro Discover, Winhex, and Image Steganography. It includes a digital forensic report for EMTS organization, which lost suspicious data from its hard drive and USB. The report covers the scope of the project, used tools, analysis of the tools, evidence and findings, and conclusion.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
DIGITAL FORENSICS
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Abstract
The organization EMTS investigates the digital forensic tool for preparing digital
forensic report. The aim of this project includes preparing digital forensic report, due to loss of
suspicious data from the organization’s hard drive and USB. So, it required to recover by
analyzing the digital forensics tool. The EMTS organization chief decided to makes the digital
forensic report and it is taken care by Bob Aspen, who works as Exotic Mountain Tour Services’
contract employee. So, the Bob aspen investigates and creates organization’s digital forensic
report. The digital forensic tool will be investigated.
2
The organization EMTS investigates the digital forensic tool for preparing digital
forensic report. The aim of this project includes preparing digital forensic report, due to loss of
suspicious data from the organization’s hard drive and USB. So, it required to recover by
analyzing the digital forensics tool. The EMTS organization chief decided to makes the digital
forensic report and it is taken care by Bob Aspen, who works as Exotic Mountain Tour Services’
contract employee. So, the Bob aspen investigates and creates organization’s digital forensic
report. The digital forensic tool will be investigated.
2
Table of Contents
1. Introduction.........................................................................................................................................4
1.1 Background..................................................................................................................................4
1.2 Scope of the project.....................................................................................................................4
1.3 Used Tools...................................................................................................................................4
2. Analysis of the tools............................................................................................................................5
3. Evidence and Findings.........................................................................................................................7
3.1 Use Winhex tool Recover the deleted image in the usb...............................................................7
3.2 Use Pro Discover tool to recover the files..................................................................................13
3.3 Use Image Stenography tool to recover the hidden text in Image..............................................16
4. Conclusion.........................................................................................................................................20
References.................................................................................................................................................21
3
1. Introduction.........................................................................................................................................4
1.1 Background..................................................................................................................................4
1.2 Scope of the project.....................................................................................................................4
1.3 Used Tools...................................................................................................................................4
2. Analysis of the tools............................................................................................................................5
3. Evidence and Findings.........................................................................................................................7
3.1 Use Winhex tool Recover the deleted image in the usb...............................................................7
3.2 Use Pro Discover tool to recover the files..................................................................................13
3.3 Use Image Stenography tool to recover the hidden text in Image..............................................16
4. Conclusion.........................................................................................................................................20
References.................................................................................................................................................21
3
1. Introduction
1.1 Background
The Exotic Maintain Tour Services organization is to investigate the digital forensics and
this investigation is used for preparing organizational digital forensic report. It also investigates
intellectual property that was by Bob Aspen, who actually works as EMTS organization’s
contract employee. Generally, this organization has the very expansive and completed analysis of
marketing process on the customer services. It also creates plan for product deal of effective and
efficient advertisement, with a superior bicycle which has its tour service. It ensures to promote
the material under the disclosure of superior bicycles. But it suspicious data was lost and it
requires data recovery. So, it investigates the digital forensic tool (Cohen, 2012). Thus, EMTS’s
chief decided to recover the data and it was handled by the web server executive named, Bob
Aspen. Because, this organization contains web based main activity in the organizational system
and it differentiates the suspicious connections. Hence, there was deletion of suspicious data and
the organization requires recovery.
1.2 Project Scope
The project scope includes creating digital forensic report for the organization named
EMTS, as it lost some suspicious data from its hard drive and USB. So, there is a serious need
for investigating the digital forensic tool. So, it needs to recover by analysis the digital forensics
tool. The EMTS organization chief decided to makes the digital forensic report and it was
handled by Bob Aspen, who worked as EMTS’s contract employee. This report will ensure to
complete the recovery of the deleted/ lost files (Filler & Fridrich, 2010). In the given case
scenarios, pro discover tool will be utilized for recovering the deleted files, present in the USB,
then the image steganography tool is utilized for recovering the hidden text, from the image, and
Winhex tool is utilized for recovering the deleted image, which was present in the USB. Before
finding the evidence for EMTS, the forensics tools must be analyzed.
1.3 Used Tools
EMTS utilizes the following the digital forensic tool for recovering the suspicious data:
ï‚· Pro Discover Tool
ï‚· Winhex Tool
4
1.1 Background
The Exotic Maintain Tour Services organization is to investigate the digital forensics and
this investigation is used for preparing organizational digital forensic report. It also investigates
intellectual property that was by Bob Aspen, who actually works as EMTS organization’s
contract employee. Generally, this organization has the very expansive and completed analysis of
marketing process on the customer services. It also creates plan for product deal of effective and
efficient advertisement, with a superior bicycle which has its tour service. It ensures to promote
the material under the disclosure of superior bicycles. But it suspicious data was lost and it
requires data recovery. So, it investigates the digital forensic tool (Cohen, 2012). Thus, EMTS’s
chief decided to recover the data and it was handled by the web server executive named, Bob
Aspen. Because, this organization contains web based main activity in the organizational system
and it differentiates the suspicious connections. Hence, there was deletion of suspicious data and
the organization requires recovery.
1.2 Project Scope
The project scope includes creating digital forensic report for the organization named
EMTS, as it lost some suspicious data from its hard drive and USB. So, there is a serious need
for investigating the digital forensic tool. So, it needs to recover by analysis the digital forensics
tool. The EMTS organization chief decided to makes the digital forensic report and it was
handled by Bob Aspen, who worked as EMTS’s contract employee. This report will ensure to
complete the recovery of the deleted/ lost files (Filler & Fridrich, 2010). In the given case
scenarios, pro discover tool will be utilized for recovering the deleted files, present in the USB,
then the image steganography tool is utilized for recovering the hidden text, from the image, and
Winhex tool is utilized for recovering the deleted image, which was present in the USB. Before
finding the evidence for EMTS, the forensics tools must be analyzed.
1.3 Used Tools
EMTS utilizes the following the digital forensic tool for recovering the suspicious data:
ï‚· Pro Discover Tool
ï‚· Winhex Tool
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
ï‚· Image Steganography Tool
2. Analysis of the tools
Pro Discover Tool
This tool is utilized for providing next generation solution for cyber-crime and it backed by
industry leader (Gregorieff & Clevers, 2010). It has the cutting edge features to provide the
standards of industry to have proactive computer forensics. Because, it is most powerful
computer security tool and that used to enables the computer professionals to locate the all the
data on the computer. It is used to protect the evidence and creates the quality evidentially
reports to utilize in the legal proceedings. It utilizes lease destructive methodology and industry
best practices to provide the valuable Meta data. It can easily recover the deleted file, access the
windows alternate data streams, and examine the slack space. Generally, this tool handles and
manages the security concerns of the organization and it is designed for NIST disk imaging tool.
It insures high-quality and supports VM ware for running the images that were captured. Then, it
bit streams the copy of hard drive for maintaining the original evidence safe for an organization.
The pro discover tool has the various features such as,
ï‚· Automated report generation
ï‚· Ensure high quality
ï‚· Event log file
ï‚· Examine the Linux file systems
ï‚· Examine the sun Solaris UFS file
ï‚· Extracts the EXIF information
ï‚· Integrated and GUI interface function is used to assure the ease of use and quick start.
ï‚· Integrated thumbnail graphics
ï‚· Integrated viewer to examine the files
ï‚· Searching entire disk
ï‚· Internet history
ï‚· Proving data integrity
ï‚· Perl scripts usage
ï‚· Usage of user provide along with national Drug intelligence
Winhex Tool
5
2. Analysis of the tools
Pro Discover Tool
This tool is utilized for providing next generation solution for cyber-crime and it backed by
industry leader (Gregorieff & Clevers, 2010). It has the cutting edge features to provide the
standards of industry to have proactive computer forensics. Because, it is most powerful
computer security tool and that used to enables the computer professionals to locate the all the
data on the computer. It is used to protect the evidence and creates the quality evidentially
reports to utilize in the legal proceedings. It utilizes lease destructive methodology and industry
best practices to provide the valuable Meta data. It can easily recover the deleted file, access the
windows alternate data streams, and examine the slack space. Generally, this tool handles and
manages the security concerns of the organization and it is designed for NIST disk imaging tool.
It insures high-quality and supports VM ware for running the images that were captured. Then, it
bit streams the copy of hard drive for maintaining the original evidence safe for an organization.
The pro discover tool has the various features such as,
ï‚· Automated report generation
ï‚· Ensure high quality
ï‚· Event log file
ï‚· Examine the Linux file systems
ï‚· Examine the sun Solaris UFS file
ï‚· Extracts the EXIF information
ï‚· Integrated and GUI interface function is used to assure the ease of use and quick start.
ï‚· Integrated thumbnail graphics
ï‚· Integrated viewer to examine the files
ï‚· Searching entire disk
ï‚· Internet history
ï‚· Proving data integrity
ï‚· Perl scripts usage
ï‚· Usage of user provide along with national Drug intelligence
Winhex Tool
5
Winhex forensic tool is utilized for providing effective data recovery. Moreover, it is a
powerful application that can use as advanced hex editor. It is used for data analysis, data wiping
tool, editing, recover and forensic tool to protect the evidence and gathering the evidence. It will
possibly help with the mechanized capacity which makes great utilization for the record headers’
presence (Hussein Khalafalla, 2017). Winhex tool has various features such as,
ï‚· Conversion between the Intel hex, ASCII, binary etc.
ï‚· Compare and analyze the files.
ï‚· Disk cloning
ï‚· Editing data structures using templates
ï‚· Encode records
ï‚· Divide and unify the Even and odd words into bytes.
ï‚· Examine and look at records.
ï‚· Extensive program help.
ï‚· Gather the free and slack space on Hard Drive.
ï‚· Import all the clip board formats
ï‚· It has scripting and programming interfaces
ï‚· It contains the disk editor for the CD-ROM, floppy disks, smart media, hard disks,
floppy disks etc.
ï‚· It splitting and concatenating and files
ï‚· It use the various data recovery techniques
ï‚· Join and split records.
ï‚· Make hashes and checksums.
ï‚· Recapture information.
ï‚· Support file of any size.
ï‚· Search for text based on keywords.
ï‚· Wipe drives.
Image Steganography Tool
It is a tool which is utilized for recovering the hidden text, in the Image from the USB,
hard drive etc. (K & M, 2015). It is also hides the secret information in the form of an audio file
with the help of a tool called steganography. It is used for modifying the pixels images to hidden
the texts and add the noise to audio sample to hidden the information. The steganography tool is
6
powerful application that can use as advanced hex editor. It is used for data analysis, data wiping
tool, editing, recover and forensic tool to protect the evidence and gathering the evidence. It will
possibly help with the mechanized capacity which makes great utilization for the record headers’
presence (Hussein Khalafalla, 2017). Winhex tool has various features such as,
ï‚· Conversion between the Intel hex, ASCII, binary etc.
ï‚· Compare and analyze the files.
ï‚· Disk cloning
ï‚· Editing data structures using templates
ï‚· Encode records
ï‚· Divide and unify the Even and odd words into bytes.
ï‚· Examine and look at records.
ï‚· Extensive program help.
ï‚· Gather the free and slack space on Hard Drive.
ï‚· Import all the clip board formats
ï‚· It has scripting and programming interfaces
ï‚· It contains the disk editor for the CD-ROM, floppy disks, smart media, hard disks,
floppy disks etc.
ï‚· It splitting and concatenating and files
ï‚· It use the various data recovery techniques
ï‚· Join and split records.
ï‚· Make hashes and checksums.
ï‚· Recapture information.
ï‚· Support file of any size.
ï‚· Search for text based on keywords.
ï‚· Wipe drives.
Image Steganography Tool
It is a tool which is utilized for recovering the hidden text, in the Image from the USB,
hard drive etc. (K & M, 2015). It is also hides the secret information in the form of an audio file
with the help of a tool called steganography. It is used for modifying the pixels images to hidden
the texts and add the noise to audio sample to hidden the information. The steganography tool is
6
have various software’s. Here, image steganography tool will be used because it is utilized for
the hidden text, which is present in the images. It is used to provide the best way to protect the
EMTS organization privacy and it market is hard to determine the private communicate to takes
the place. It recovers the hidden text by using the steghide program and it performs the
steganography. It is used to reduce the chance of data leakage. It generally has the various ways
to achieving the steganography in digital communication (Pforte, 2016).
3. Evidence and Findings
3.1 Use Winhex tool Recover the deleted image in the usb
For recovering the deleted image of the USB, the Winhex forensic tool is used. Digital
forensic tool has various forensic tools for recovering all the deleted images. However, Winhex
tool is most effective and efficient to provide the deleted image within seconds. It is very popular
tool to recover the corrupted images. EMTS deleted its most significant information from the
USB. Thus, it requires to be recovered with the digital forensics tool. Here, the corrupted images
will be recovered (Advances in Digital Forensics 9, 2016). The below screens is corrupted and it
shown below.
Here, the screenshot is shows the corrupted images.
7
the hidden text, which is present in the images. It is used to provide the best way to protect the
EMTS organization privacy and it market is hard to determine the private communicate to takes
the place. It recovers the hidden text by using the steghide program and it performs the
steganography. It is used to reduce the chance of data leakage. It generally has the various ways
to achieving the steganography in digital communication (Pforte, 2016).
3. Evidence and Findings
3.1 Use Winhex tool Recover the deleted image in the usb
For recovering the deleted image of the USB, the Winhex forensic tool is used. Digital
forensic tool has various forensic tools for recovering all the deleted images. However, Winhex
tool is most effective and efficient to provide the deleted image within seconds. It is very popular
tool to recover the corrupted images. EMTS deleted its most significant information from the
USB. Thus, it requires to be recovered with the digital forensics tool. Here, the corrupted images
will be recovered (Advances in Digital Forensics 9, 2016). The below screens is corrupted and it
shown below.
Here, the screenshot is shows the corrupted images.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
To recover the corrupted image by open the Winhex recovery tool. It is shown below.
After, open the USB. It is shown below (Gogolin, 2013).
8
After, open the USB. It is shown below (Gogolin, 2013).
8
Successfully USB file is opened, then open the deleted images saved folder and it is used
to display the all deleted files. Here, it displays the deleted corrupt image.
9
to display the all deleted files. Here, it displays the deleted corrupt image.
9
After, initialise the USB file to free up the disk to save the recovered images by clock the
tool to select the initialize the disk. It is shown below.
Once disk initialize is finished, then right click the recovered file to recovery the deleted
corrupted images. After, select the recovery and copy. It is shown below.
10
tool to select the initialize the disk. It is shown below.
Once disk initialize is finished, then right click the recovered file to recovery the deleted
corrupted images. After, select the recovery and copy. It is shown below.
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
To save a recovered file by choose the output path and it is shown below.
11
11
Finally, it shows the corrupted file.
12
12
3.2 Use Pro Discover tool to recover the files
The pro discover tool is used to recover the all the deleted files from USB. It is most
powerful tool to recovering the deleted and lost files from USB, hard drive and more. The pro
discover process is shown below. To recover the deleted file from USB by follows the below
steps.
Open the Pro discover tool and creates the new project. It is shown below.
13
The pro discover tool is used to recover the all the deleted files from USB. It is most
powerful tool to recovering the deleted and lost files from USB, hard drive and more. The pro
discover process is shown below. To recover the deleted file from USB by follows the below
steps.
Open the Pro discover tool and creates the new project. It is shown below.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After, add the images to locate the delete image locations. It is shown below.
14
14
Successfully located the deleted folder on the pro discover tool and it automatically loads
the deleted file on the context view. It is shown below.
To recover the deleted file by right click on the files and choose the copy file. It is shown below.
15
the deleted file on the context view. It is shown below.
To recover the deleted file by right click on the files and choose the copy file. It is shown below.
15
Finally, save the recovered file. It is shown below (Pollitt & Shenoi, 2010).
3.3 Use Image Stenography tool to recover the hidden text in Image
Use the image steganography tool to recover the hidden text in image from USB. The
image steganography tool is most effective tool to recover the secret text in the image. It is used
to provide the efficient data recovery for an EMTS organization. The EMTS organization is
needs to recovered the hidden text in the below images. So, it needs to use the image
steganography tool. This process is shown below.
The below images will be deleted. So, it needs to recover (Ray & Shenoi, 2011).
16
3.3 Use Image Stenography tool to recover the hidden text in Image
Use the image steganography tool to recover the hidden text in image from USB. The
image steganography tool is most effective tool to recover the secret text in the image. It is used
to provide the efficient data recovery for an EMTS organization. The EMTS organization is
needs to recovered the hidden text in the below images. So, it needs to use the image
steganography tool. This process is shown below.
The below images will be deleted. So, it needs to recover (Ray & Shenoi, 2011).
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
So, first open the image steganography tool. It is shown below.
17
17
Then load the image to recover the hidden text by click the images and select the steganalysis. It
is shown below.
18
is shown below.
18
Once images was successfully load, then enter the symmetric and it display the hidden
text in images. It is shown below.
19
text in images. It is shown below.
19
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4. Conclusion
The digital forensic report for EMTS organization is created successfully. The process took
place with a thorough investigation of the digital forensic tool. The reason for this existence of
this report is EMTS lost its suspicious data and wanted a recovery, from its USB. The
appropriate digital forensics tool were used to do the needful. The recover process is
accomplished. The pro discover tool is utilized for recovering the deleted files which were
present in the USB. The image steganography tool is mainly utilized to recover the hidden text,
which is present in the image. Finally, Winhex tools is utilized for recovering the image which
was deleted from the USB. Digital forensics tool is analysed and discussed in detail.
20
The digital forensic report for EMTS organization is created successfully. The process took
place with a thorough investigation of the digital forensic tool. The reason for this existence of
this report is EMTS lost its suspicious data and wanted a recovery, from its USB. The
appropriate digital forensics tool were used to do the needful. The recover process is
accomplished. The pro discover tool is utilized for recovering the deleted files which were
present in the USB. The image steganography tool is mainly utilized to recover the hidden text,
which is present in the image. Finally, Winhex tools is utilized for recovering the image which
was deleted from the USB. Digital forensics tool is analysed and discussed in detail.
20
References
Cohen, F. (2012). The Science of Digital Forensics: Recovery of Data from Overwritten Areas of
Magnetic Media. Journal Of Digital Forensics, Security And Law. doi:
10.15394/jdfsl.2012.1131
Filler, T., & Fridrich, J. (2010). Gibbs Construction in Steganography. IEEE Transactions On
Information Forensics And Security, 5(4), 705-720. doi: 10.1109/tifs.2010.2077629
Gregorieff, A., & Clevers, H. (2010). In Situ Hybridization to Identify Gut Stem Cells. Current
Protocols In Stem Cell Biology, 12(1), 2F.1.1-2F.1.11. doi:
10.1002/9780470151808.sc02f01s12
Hussein Khalafalla, A. (2017).
https://juniperpublishers.com/jojun/JOJUN.MS.ID.555575.php. JOJ Urology &
Nephrology, 2(5). doi: 10.19080/jojun.2017.01.555600
K, S., & M, S. (2015). Langerhans Cell - The Destination of Migration. International Journal Of
Forensic Science & Pathology, 152-155. doi: 10.19070/2332-287x-1500037
Pforte, L. (2016). Extensions of simple modules for SL3(2f) and SU3(2f). Communications In
Algebra, 45(10), 4210-4221. doi: 10.1080/00927872.2016.1261149
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Pollitt, M., & Shenoi, S. (2010). Advances in digital forensics. New York: Springer/International
Federation for Information Processing.
Ray, I., & Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Springer-Verlag New York Inc. (2016). Advances in Digital Forensics 9.
21
Cohen, F. (2012). The Science of Digital Forensics: Recovery of Data from Overwritten Areas of
Magnetic Media. Journal Of Digital Forensics, Security And Law. doi:
10.15394/jdfsl.2012.1131
Filler, T., & Fridrich, J. (2010). Gibbs Construction in Steganography. IEEE Transactions On
Information Forensics And Security, 5(4), 705-720. doi: 10.1109/tifs.2010.2077629
Gregorieff, A., & Clevers, H. (2010). In Situ Hybridization to Identify Gut Stem Cells. Current
Protocols In Stem Cell Biology, 12(1), 2F.1.1-2F.1.11. doi:
10.1002/9780470151808.sc02f01s12
Hussein Khalafalla, A. (2017).
https://juniperpublishers.com/jojun/JOJUN.MS.ID.555575.php. JOJ Urology &
Nephrology, 2(5). doi: 10.19080/jojun.2017.01.555600
K, S., & M, S. (2015). Langerhans Cell - The Destination of Migration. International Journal Of
Forensic Science & Pathology, 152-155. doi: 10.19070/2332-287x-1500037
Pforte, L. (2016). Extensions of simple modules for SL3(2f) and SU3(2f). Communications In
Algebra, 45(10), 4210-4221. doi: 10.1080/00927872.2016.1261149
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Pollitt, M., & Shenoi, S. (2010). Advances in digital forensics. New York: Springer/International
Federation for Information Processing.
Ray, I., & Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Springer-Verlag New York Inc. (2016). Advances in Digital Forensics 9.
21
1 out of 21
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.