Digital Forensics Investigation Report
Added on 2023-06-04
26 Pages7159 Words323 Views
|
|
|
Table of Contents
1 Summary............................................................................................................................1
2 Issue - 1 Presentation of content relating to offence......................................................2
3 Issue 2 – Identification......................................................................................................3
4 Issue 3 – Intent..................................................................................................................5
5 Issue 4 – Quantity of Files................................................................................................7
6 Issue 5 – Installed Software............................................................................................17
References...............................................................................................................................23
Appendix A.............................................................................................................................24
Appendix B.............................................................................................................................25
1 Summary
Fundamental focus of this project is explore the progressed advanced crime scene
investigation pictures by using realistic tool. Basically, domain of Western Australia does not
offer access to automated substance related to comedians since it is unlawful access,
1
1 Summary............................................................................................................................1
2 Issue - 1 Presentation of content relating to offence......................................................2
3 Issue 2 – Identification......................................................................................................3
4 Issue 3 – Intent..................................................................................................................5
5 Issue 4 – Quantity of Files................................................................................................7
6 Issue 5 – Installed Software............................................................................................17
References...............................................................................................................................23
Appendix A.............................................................................................................................24
Appendix B.............................................................................................................................25
1 Summary
Fundamental focus of this project is explore the progressed advanced crime scene
investigation pictures by using realistic tool. Basically, domain of Western Australia does not
offer access to automated substance related to comedians since it is unlawful access,
1
guarantee and circle the propelled substance related to jokesters. The comedians' electronic
substance are gotten to by malware. Thusly, this examination is necessities to explore the
propelled substance related to the comedians. Generally, the charge was make the law
approval where by a spectator purports to get to the jokesters related data inside a work put.
In any case, some humourist’s substance are gotten to without the work put. Unfortunately,
junior propelled operator got the advanced crime scene investigation image of the PC that is
jokesters substance played out a genuine anchoring. Thusly, this situation the lesser
progressed computerized legal sciences inspector wiped the primary hard drive from the PC.
Since, the predictable anchoring is done by forensically strong way. Thusly, the lesser master
easily chose the lawful picture. The suspect, Clark demies the getting to the humourist
content and besides Clark does not attest that the PC has a place with him. The Clark says, he
doesn't for the most part take the PC home or jolt it. Thusly, senior inspector needs to review
the lawful image of the lap which was seized with right warrants. Furthermore, moreover
Clark express the PC was tainted with malware that achieved different potential substance
appearing on the PC. This examination is done by using the autopsy computerized crime
scene investigation device. The examination will be done and discussed in detail.
2 Issue - 1 Presentation of content relating to offence
Here, customer needs to give the presentation of substance relating to the offense. The
gave relevant examination communicated that the charge was make the law prerequisite
where by an eyewitness claims to get to the humorists related data inside a work put.
Nevertheless, a few jokesters substance are gotten to without the work put. Deplorably, junior
propelled operator procured the criminology image of the PC that is jokesters substance
played out an authentic anchoring. Along these lines, this condition the lesser electronic
criminology inspector wiped the principal hard drive from the PC. Since, the reasonable
getting is done by forensically stable way. Thusly, the lesser analyst easily chose the
criminological picture. Thusly, senior inspector needs to break down the quantifiable image
of the lap which was seized with right warrants. This examination is done by using the
autopsy legal sciences device.
To start the investigation by download and install the autopsy tool. Once autopsy tool is
successfully downloaded and installed. After, open the autopsy tool and click the new case
which is demostrated as below.
2
substance are gotten to by malware. Thusly, this examination is necessities to explore the
propelled substance related to the comedians. Generally, the charge was make the law
approval where by a spectator purports to get to the jokesters related data inside a work put.
In any case, some humourist’s substance are gotten to without the work put. Unfortunately,
junior propelled operator got the advanced crime scene investigation image of the PC that is
jokesters substance played out a genuine anchoring. Thusly, this situation the lesser
progressed computerized legal sciences inspector wiped the primary hard drive from the PC.
Since, the predictable anchoring is done by forensically strong way. Thusly, the lesser master
easily chose the lawful picture. The suspect, Clark demies the getting to the humourist
content and besides Clark does not attest that the PC has a place with him. The Clark says, he
doesn't for the most part take the PC home or jolt it. Thusly, senior inspector needs to review
the lawful image of the lap which was seized with right warrants. Furthermore, moreover
Clark express the PC was tainted with malware that achieved different potential substance
appearing on the PC. This examination is done by using the autopsy computerized crime
scene investigation device. The examination will be done and discussed in detail.
2 Issue - 1 Presentation of content relating to offence
Here, customer needs to give the presentation of substance relating to the offense. The
gave relevant examination communicated that the charge was make the law prerequisite
where by an eyewitness claims to get to the humorists related data inside a work put.
Nevertheless, a few jokesters substance are gotten to without the work put. Deplorably, junior
propelled operator procured the criminology image of the PC that is jokesters substance
played out an authentic anchoring. Along these lines, this condition the lesser electronic
criminology inspector wiped the principal hard drive from the PC. Since, the reasonable
getting is done by forensically stable way. Thusly, the lesser analyst easily chose the
criminological picture. Thusly, senior inspector needs to break down the quantifiable image
of the lap which was seized with right warrants. This examination is done by using the
autopsy legal sciences device.
To start the investigation by download and install the autopsy tool. Once autopsy tool is
successfully downloaded and installed. After, open the autopsy tool and click the new case
which is demostrated as below.
2
In new case wizard, user requires to type the computer forensics investigation on case name
and browse the directory to save the newly created case file. It is illustrated as below ("Basics
of Computer Forensics", 2016).
Then enter the case number as digital forensics case 01. After add the data source to newly
created case file. It is demonstrated as below (Budowle, 2011).
Once, data sources are added into the created case after user needs to identify the evidence
for digital forensics investigation.
3 Issue 2 – Identification
In this task, investigator needs to identify the all the information from the forensic image
file. The investigator identify case file information by click the disk image file which is
shown below.
The given case file has 47281 files. It is shown below (Carlton & Worthley, 2010).
Name Modified
Time
Change Time Access Time Created Time Size Flags
3
and browse the directory to save the newly created case file. It is illustrated as below ("Basics
of Computer Forensics", 2016).
Then enter the case number as digital forensics case 01. After add the data source to newly
created case file. It is demonstrated as below (Budowle, 2011).
Once, data sources are added into the created case after user needs to identify the evidence
for digital forensics investigation.
3 Issue 2 – Identification
In this task, investigator needs to identify the all the information from the forensic image
file. The investigator identify case file information by click the disk image file which is
shown below.
The given case file has 47281 files. It is shown below (Carlton & Worthley, 2010).
Name Modified
Time
Change Time Access Time Created Time Size Flags
3
$OrphanFiles 0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0 Allocated
$Extend 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
656 Allocated
$GetCurrent 2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
144 Allocated
$Recycle.Bin 2018-01-09
04:19:21 IST
2018-01-09
04:19:21 IST
2018-01-09
04:19:21 IST
2017-03-19
02:33:28 IST
424 Allocated
$Unalloc 0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0 Allocated
$WINDOWS.~BT 2018-07-02
06:12:52 IST
2018-07-02
06:12:52 IST
2018-07-02
06:12:52 IST
2018-07-02
06:12:16 IST
352 Allocated
[current folder] 2018-07-02
06:12:16 IST
2018-07-02
06:12:16 IST
2018-07-02
06:12:16 IST
2017-03-18
17:10:20 IST
56 Allocated
Documents and
Settings
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
48 Allocated
PerfLogs 2017-03-19
02:33:28 IST
2017-05-09
23:11:25 IST
2017-03-19
02:33:28 IST
2017-03-19
02:33:28 IST
48 Allocated
Program Files 2018-06-07
06:23:47 IST
2018-06-07
06:23:47 IST
2018-06-07
06:23:47 IST
2017-03-19
02:33:28 IST
168 Allocated
Program Files
(x86)
2018-07-03
06:43:48 IST
2018-07-03
06:43:48 IST
2018-07-03
06:43:48 IST
2017-03-19
02:33:28 IST
56 Allocated
ProgramData 2018-01-09
04:54:30 IST
2018-01-09
04:54:30 IST
2018-01-09
04:54:30 IST
2017-03-19
02:33:29 IST
56 Allocated
Recovery 2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
48 Allocated
System Volume
Information
2017-05-09
05:33:19 IST
2017-05-09
05:33:19 IST
2017-05-09
05:33:19 IST
2017-05-09
05:13:21 IST
56 Allocated
Users 2017-05-09
05:56:45 IST
2017-05-09
05:56:45 IST
2017-05-09
05:56:45 IST
2017-03-18
17:10:20 IST
56 Allocated
Windows 2018-07-02
05:57:00 IST
2018-07-03
06:43:20 IST
2018-07-02
05:57:00 IST
2017-03-18
17:10:20 IST
56 Allocated
Windows10Upgra
de
2018-07-09
08:49:37 IST
2018-07-09
08:49:37 IST
2018-07-09
08:49:37 IST
2018-05-02
09:46:54 IST
176 Allocated
$AttrDef 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2560 Allocated
$AttrDef-slack 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
1536 Allocated
$BadClus 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
0 Allocated
$BadClus:$Bad 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131071
95904
Allocated
$BadClus:$Bad-
slack
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131071
95904
Allocated
$Bitmap 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
606720 Allocated
$Bitmap-slack 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
3584 Allocated
$Boot 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
8192 Allocated
$LogFile 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
200540
16
Allocated
$MFT 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
198967
296
Allocated
$MFTMirr 2017-05-09 2017-05-09 2017-05-09 2017-05-09 4096 Allocated
4
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0 Allocated
$Extend 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
656 Allocated
$GetCurrent 2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
2018-05-02
09:47:16 IST
144 Allocated
$Recycle.Bin 2018-01-09
04:19:21 IST
2018-01-09
04:19:21 IST
2018-01-09
04:19:21 IST
2017-03-19
02:33:28 IST
424 Allocated
$Unalloc 0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0000-00-00
00:00:00
0 Allocated
$WINDOWS.~BT 2018-07-02
06:12:52 IST
2018-07-02
06:12:52 IST
2018-07-02
06:12:52 IST
2018-07-02
06:12:16 IST
352 Allocated
[current folder] 2018-07-02
06:12:16 IST
2018-07-02
06:12:16 IST
2018-07-02
06:12:16 IST
2017-03-18
17:10:20 IST
56 Allocated
Documents and
Settings
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
2017-05-09
05:23:03 IST
48 Allocated
PerfLogs 2017-03-19
02:33:28 IST
2017-05-09
23:11:25 IST
2017-03-19
02:33:28 IST
2017-03-19
02:33:28 IST
48 Allocated
Program Files 2018-06-07
06:23:47 IST
2018-06-07
06:23:47 IST
2018-06-07
06:23:47 IST
2017-03-19
02:33:28 IST
168 Allocated
Program Files
(x86)
2018-07-03
06:43:48 IST
2018-07-03
06:43:48 IST
2018-07-03
06:43:48 IST
2017-03-19
02:33:28 IST
56 Allocated
ProgramData 2018-01-09
04:54:30 IST
2018-01-09
04:54:30 IST
2018-01-09
04:54:30 IST
2017-03-19
02:33:29 IST
56 Allocated
Recovery 2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
2017-05-09
05:23:27 IST
48 Allocated
System Volume
Information
2017-05-09
05:33:19 IST
2017-05-09
05:33:19 IST
2017-05-09
05:33:19 IST
2017-05-09
05:13:21 IST
56 Allocated
Users 2017-05-09
05:56:45 IST
2017-05-09
05:56:45 IST
2017-05-09
05:56:45 IST
2017-03-18
17:10:20 IST
56 Allocated
Windows 2018-07-02
05:57:00 IST
2018-07-03
06:43:20 IST
2018-07-02
05:57:00 IST
2017-03-18
17:10:20 IST
56 Allocated
Windows10Upgra
de
2018-07-09
08:49:37 IST
2018-07-09
08:49:37 IST
2018-07-09
08:49:37 IST
2018-05-02
09:46:54 IST
176 Allocated
$AttrDef 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2560 Allocated
$AttrDef-slack 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
1536 Allocated
$BadClus 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
0 Allocated
$BadClus:$Bad 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131071
95904
Allocated
$BadClus:$Bad-
slack
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131071
95904
Allocated
$Bitmap 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
606720 Allocated
$Bitmap-slack 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
3584 Allocated
$Boot 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
8192 Allocated
$LogFile 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
200540
16
Allocated
$MFT 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
198967
296
Allocated
$MFTMirr 2017-05-09 2017-05-09 2017-05-09 2017-05-09 4096 Allocated
4
22:57:18 IST 22:57:18 IST 22:57:18 IST 22:57:18 IST
$Secure:$SDS 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
190447
6
Allocated
$Secure:$SDS-
slack
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
164 Allocated
$UpCase 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131072 Allocated
$UpCase:$Info 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
32 Allocated
$Volume 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
0 Allocated
hiberfil.sys 2018-07-11
05:46:47 IST
2018-07-11
05:46:47 IST
2017-05-09
05:22:23 IST
2017-05-09
05:22:23 IST
804278
272
Allocated
pagefile.sys 2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2017-05-09
05:13:24 IST
377245
696
Allocated
swapfile.sys 2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2017-05-09
05:13:25 IST
2017-05-09
05:13:25 IST
268435
456
Allocated
The given case file has following extract content such as devices attached, web book
marks, web cookies, operating system information, installed programs, encryption suspected,
web search, web history, EXIF meta data, recent documents and operating system
information. The web search consists of 36 files. The device attached consists of 11 files. The
operating system information consists of 2 files. The EXIF metadata consists of 5 files. The
installed programs consists of 42 files. The web history consists of 117 files. The recent
documents consists of 41 files. The web downloads consists of 16 files. The encryption
suspected consists of 3 files. The web cookies consists of 221 files. The web downloads
consists of 16 files. The operating system user account consists of 4 files. The web book is
consists of 9 files ("Digital Forensics - Elsevier", n.d.).
4 Issue 3 – Intent
Here, user needs to indent the digital content are purposed accessed, used and finally
deleted that file. The given case file has 47281 files. Each files are accesses, used and finally
deleted that file. The given case file following used, accessed and deleted file which files are
extracted these are devices attached, web book marks, web cookies, operating system
information, installed programs, encryption suspected, web search, web history, EXIF meta
data, recent documents and operating system information. The web search consists of 36
files. The device attached consists of 11 files. The operating system information consists of 2
files. The EXIF metadata consists of 5 files. The installed programs consists of 42 files. The
web history consists of 117 files. The recent documents consists of 41 files. The web
downloads consists of 16 files. The encryption suspected consists of 3 files. The web cookies
consists of 221 files. The web downloads consists of 16 files. The operating system user
account consists of 4 files. The web bookmarks consists of 9 files. The web search is consists
5
$Secure:$SDS 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
190447
6
Allocated
$Secure:$SDS-
slack
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
164 Allocated
$UpCase 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
131072 Allocated
$UpCase:$Info 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
32 Allocated
$Volume 2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
2017-05-09
22:57:18 IST
0 Allocated
hiberfil.sys 2018-07-11
05:46:47 IST
2018-07-11
05:46:47 IST
2017-05-09
05:22:23 IST
2017-05-09
05:22:23 IST
804278
272
Allocated
pagefile.sys 2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2017-05-09
05:13:24 IST
377245
696
Allocated
swapfile.sys 2018-07-02
05:29:35 IST
2018-07-02
05:29:35 IST
2017-05-09
05:13:25 IST
2017-05-09
05:13:25 IST
268435
456
Allocated
The given case file has following extract content such as devices attached, web book
marks, web cookies, operating system information, installed programs, encryption suspected,
web search, web history, EXIF meta data, recent documents and operating system
information. The web search consists of 36 files. The device attached consists of 11 files. The
operating system information consists of 2 files. The EXIF metadata consists of 5 files. The
installed programs consists of 42 files. The web history consists of 117 files. The recent
documents consists of 41 files. The web downloads consists of 16 files. The encryption
suspected consists of 3 files. The web cookies consists of 221 files. The web downloads
consists of 16 files. The operating system user account consists of 4 files. The web book is
consists of 9 files ("Digital Forensics - Elsevier", n.d.).
4 Issue 3 – Intent
Here, user needs to indent the digital content are purposed accessed, used and finally
deleted that file. The given case file has 47281 files. Each files are accesses, used and finally
deleted that file. The given case file following used, accessed and deleted file which files are
extracted these are devices attached, web book marks, web cookies, operating system
information, installed programs, encryption suspected, web search, web history, EXIF meta
data, recent documents and operating system information. The web search consists of 36
files. The device attached consists of 11 files. The operating system information consists of 2
files. The EXIF metadata consists of 5 files. The installed programs consists of 42 files. The
web history consists of 117 files. The recent documents consists of 41 files. The web
downloads consists of 16 files. The encryption suspected consists of 3 files. The web cookies
consists of 221 files. The web downloads consists of 16 files. The operating system user
account consists of 4 files. The web bookmarks consists of 9 files. The web search is consists
5
of 36 files. These files are demonstrated as below.In Device Attached, It consists of 11 files
which files are access, used and finally deleted. It is shown below (Federici, 2013).
In EXIF Meta data, it consists of 5 files which files are access, used and finally deleted. It is
shown below.
In Encrypted Suspected files, it consists of 3 files which files are access, used and finally
deleted. It is shown below.
In installed programed files, it consists of 42 files which files are access, used and finally
deleted. It is shown below.
In operating System Information, it consists of 2 files which files are access, used and finally
deleted. It is shown below.
In operating user account file, it consists of 4 files which files are access, used and finally
deleted. It is shown below (Gogolin, 2013).
In recent document files, it consists of 41 files which files are access, used and finally
deleted. It is shown below.
6
which files are access, used and finally deleted. It is shown below (Federici, 2013).
In EXIF Meta data, it consists of 5 files which files are access, used and finally deleted. It is
shown below.
In Encrypted Suspected files, it consists of 3 files which files are access, used and finally
deleted. It is shown below.
In installed programed files, it consists of 42 files which files are access, used and finally
deleted. It is shown below.
In operating System Information, it consists of 2 files which files are access, used and finally
deleted. It is shown below.
In operating user account file, it consists of 4 files which files are access, used and finally
deleted. It is shown below (Gogolin, 2013).
In recent document files, it consists of 41 files which files are access, used and finally
deleted. It is shown below.
6
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents