Digital Forensics: Recovering Deleted Files from USB using Winhex and Stenography Tool
Added on 2023-06-12
22 Pages2401 Words395 Views
[Year]
Executive Summary
This project aims to prepare a digital forensic report the given scenario. We need to investigate
the probable intellectual property stolen by the Bob Apsen who is working as a contract
employee of the Exotic Mountain Tour Services. The EMTS Company has completed a very
expensive marketing process and analysis on customer service provided by the Superior Bicycle,
LLC Company. The plan of the EMTS Company is to do an efficient advertisement for a joint
product deal of Superior bicycles with their tour services.EMTS is under a nondisclosure
concurrence with Superior Bicycles and must ensure this promoting effort material. An EMTS
chief found a USB drive on the work area Bob Aspen was allocated to. This work is to decide if
the drive contains exclusive EMTS or Superior Bicycles information. The EMTS chief
additionally gives you some intriguing data he accumulated from the Web server executive.
EMTS channels all Web-based email activity going through its system and distinguishes
suspicious connections. At the point when a Web-based email with connections is gotten, the
Web channel is activated. So we recovered the deleted file which has suspicious data that
relevant to the case files from USB. It is done by using Prodiscover basic. Then the deleted
image in USB is recovered and also this file was corrupted while opening this file in Winhex.
The appropriate digital forensics tools were used to accomplish recover process. In our case
study, we are going to use Winhex to recover the deleted image in the USB. The Stenography
tool is used for recovering the hidden text in Image. Then using the Pro discover, we recover the
file from USB. So these recovery techniques need to be analysed before we proceed to findings.
1
This project aims to prepare a digital forensic report the given scenario. We need to investigate
the probable intellectual property stolen by the Bob Apsen who is working as a contract
employee of the Exotic Mountain Tour Services. The EMTS Company has completed a very
expensive marketing process and analysis on customer service provided by the Superior Bicycle,
LLC Company. The plan of the EMTS Company is to do an efficient advertisement for a joint
product deal of Superior bicycles with their tour services.EMTS is under a nondisclosure
concurrence with Superior Bicycles and must ensure this promoting effort material. An EMTS
chief found a USB drive on the work area Bob Aspen was allocated to. This work is to decide if
the drive contains exclusive EMTS or Superior Bicycles information. The EMTS chief
additionally gives you some intriguing data he accumulated from the Web server executive.
EMTS channels all Web-based email activity going through its system and distinguishes
suspicious connections. At the point when a Web-based email with connections is gotten, the
Web channel is activated. So we recovered the deleted file which has suspicious data that
relevant to the case files from USB. It is done by using Prodiscover basic. Then the deleted
image in USB is recovered and also this file was corrupted while opening this file in Winhex.
The appropriate digital forensics tools were used to accomplish recover process. In our case
study, we are going to use Winhex to recover the deleted image in the USB. The Stenography
tool is used for recovering the hidden text in Image. Then using the Pro discover, we recover the
file from USB. So these recovery techniques need to be analysed before we proceed to findings.
1
Table of Contents
Executive Summary...................................................................................................................................1
1. Introduction.......................................................................................................................................3
1.1 Background................................................................................................................................3
1.2 Scope...........................................................................................................................................3
1.3 Forensics tools............................................................................................................................3
2. Analysis Conducted...........................................................................................................................4
2.1 Win hex.......................................................................................................................................4
2.2 Stenography...............................................................................................................................5
2.3 Pro Discover Tool......................................................................................................................6
3. Findings..............................................................................................................................................6
3.1 Recover the deleted image in the usb Using Winhex...............................................................6
3.2 Recover the hidden text in Image using Stenography tool....................................................14
3.3 Recover the file using Pro Discover........................................................................................18
4. Conclusion........................................................................................................................................19
References................................................................................................................................................20
2
Executive Summary...................................................................................................................................1
1. Introduction.......................................................................................................................................3
1.1 Background................................................................................................................................3
1.2 Scope...........................................................................................................................................3
1.3 Forensics tools............................................................................................................................3
2. Analysis Conducted...........................................................................................................................4
2.1 Win hex.......................................................................................................................................4
2.2 Stenography...............................................................................................................................5
2.3 Pro Discover Tool......................................................................................................................6
3. Findings..............................................................................................................................................6
3.1 Recover the deleted image in the usb Using Winhex...............................................................6
3.2 Recover the hidden text in Image using Stenography tool....................................................14
3.3 Recover the file using Pro Discover........................................................................................18
4. Conclusion........................................................................................................................................19
References................................................................................................................................................20
2
1. Introduction
1.1 Background
We will investigate the probable intellectual property which is stolen by the Bob Apsen who
is working as a contract employee of the Exotic Mountain Tour Services. The EMTS Company
has completed a very expensive marketing process and analysis on customer service provided by
the Superior Bicycle, LLC Company. The plan of the EMTS Company is to do an efficient
advertisement for a joint product deal of Superior bicycles with their tour services. EMTS is
under a nondisclosure concurrence with Superior Bicycles and must ensure this promoting effort
material. An EMTS chief found a USB drive on the work area Bob Aspen was allocated to. This
work is to decide if the drive contains exclusive EMTS or Superior Bicycles information. The
EMTS chief additionally gives you some intriguing data he accumulated from the Web server
executive. EMTS channels all Web-based email activity going through its system and
distinguishes suspicious connections. At the point when a Web-based email with connections is
gotten, the Web channel is activated.
1.2 Scope
This project aims to prepare a digital forensic report the given scenario. So we will
recover the deleted file which has suspicious data that relevant to the case files from USB. The
appropriate digital forensics tools were used to accomplish recover process. In our case study, we
are going to use Winhex to recover the deleted image in the USB. The Stenography tool will be
used for recovering the hidden text in Image. Then using the Pro Discover, we will recover the
files from USB. So these recovery techniques need to be analysed before we proceed to findings.
1.3 Forensics tools
The tools used in this case study are given below.
1. Winhex
2. Stenography
3. Pro Discover
3
1.1 Background
We will investigate the probable intellectual property which is stolen by the Bob Apsen who
is working as a contract employee of the Exotic Mountain Tour Services. The EMTS Company
has completed a very expensive marketing process and analysis on customer service provided by
the Superior Bicycle, LLC Company. The plan of the EMTS Company is to do an efficient
advertisement for a joint product deal of Superior bicycles with their tour services. EMTS is
under a nondisclosure concurrence with Superior Bicycles and must ensure this promoting effort
material. An EMTS chief found a USB drive on the work area Bob Aspen was allocated to. This
work is to decide if the drive contains exclusive EMTS or Superior Bicycles information. The
EMTS chief additionally gives you some intriguing data he accumulated from the Web server
executive. EMTS channels all Web-based email activity going through its system and
distinguishes suspicious connections. At the point when a Web-based email with connections is
gotten, the Web channel is activated.
1.2 Scope
This project aims to prepare a digital forensic report the given scenario. So we will
recover the deleted file which has suspicious data that relevant to the case files from USB. The
appropriate digital forensics tools were used to accomplish recover process. In our case study, we
are going to use Winhex to recover the deleted image in the USB. The Stenography tool will be
used for recovering the hidden text in Image. Then using the Pro Discover, we will recover the
files from USB. So these recovery techniques need to be analysed before we proceed to findings.
1.3 Forensics tools
The tools used in this case study are given below.
1. Winhex
2. Stenography
3. Pro Discover
3
2. Analysis Conducted
In our case study, we are going to use Winhex to recover the deleted image in the USB.
The Stenography tool is used for recovering the hidden text in Image. Then using the Remo
recovery, we will recover the pdf file. So these recovery techniques need to be analysed before
we proceed to findings.
2.1 Win hex
WinHex is in its centre an all-inclusive hexadecimal supervisor, especially supportive in
the domain of PC legal sciences, information recuperation, low-level information preparing, and
IT security(AG, 2018). A propelled instrument for ordinary and crisis utilize: investigate and
alter a wide range of documents, recuperate erased records or lost information from hard drives
with degenerate document frameworks or from advanced camera cards. A propelled hex proof-
reader, a device for information examination, altering, and recuperation, an information wiping
device, and a criminology instrument utilized for prove gathering. Clients utilizing WinHex
incorporate the Oak Ridge National Laboratory, Hewlett Packard, National Semiconductor, a
few law requirement organizations, and numerous different organizations with information
recuperation and assurance needs("WinHex: A powerful data recovery and forensics tool",
2018).
WinHex, which is good with Windows 95 through Windows XP, offers the capacity to:
Read and specifically alter hard drives (FAT and NTFS), floppy plates, CD-ROMs,
DVDs, Compact Flash cards, and other media.
Recapture information.
Encode records (128-piece quality).
Wipe drives.
Make hashes and checksums.
Clone and picture drives.
Hunt and supplant.
Examine and look at records.
Join and split records.
Alter segment tables, boot parts, and other information structures utilizing layouts.
Decipher 20 information composes.
Read and specifically alter RAM.
4
In our case study, we are going to use Winhex to recover the deleted image in the USB.
The Stenography tool is used for recovering the hidden text in Image. Then using the Remo
recovery, we will recover the pdf file. So these recovery techniques need to be analysed before
we proceed to findings.
2.1 Win hex
WinHex is in its centre an all-inclusive hexadecimal supervisor, especially supportive in
the domain of PC legal sciences, information recuperation, low-level information preparing, and
IT security(AG, 2018). A propelled instrument for ordinary and crisis utilize: investigate and
alter a wide range of documents, recuperate erased records or lost information from hard drives
with degenerate document frameworks or from advanced camera cards. A propelled hex proof-
reader, a device for information examination, altering, and recuperation, an information wiping
device, and a criminology instrument utilized for prove gathering. Clients utilizing WinHex
incorporate the Oak Ridge National Laboratory, Hewlett Packard, National Semiconductor, a
few law requirement organizations, and numerous different organizations with information
recuperation and assurance needs("WinHex: A powerful data recovery and forensics tool",
2018).
WinHex, which is good with Windows 95 through Windows XP, offers the capacity to:
Read and specifically alter hard drives (FAT and NTFS), floppy plates, CD-ROMs,
DVDs, Compact Flash cards, and other media.
Recapture information.
Encode records (128-piece quality).
Wipe drives.
Make hashes and checksums.
Clone and picture drives.
Hunt and supplant.
Examine and look at records.
Join and split records.
Alter segment tables, boot parts, and other information structures utilizing layouts.
Decipher 20 information composes.
Read and specifically alter RAM.
4
Assemble free and slack space.
2.2 Stenography
Steganography is the craft of concealing a mystery message behind the typical message.
This is utilized to exchange some mystery message to other individual and no between time
individual will have the capacity to comprehend what the genuine message which we needed to
pass on was. This specialty of concealing mystery messages has been utilized for a considerable
length of time, all things considered, correspondences. Since the evolvement of computerized
correspondence, it has additionally been utilized as a part of advanced discussions. In PC, it is
accomplished by supplanting the unused or futile information of a standard PC document with
the bit of our mystery message. This mystery shrouded data can be a plain instant message,
figure content, or picture. One can conceal data in any sort of document. Normally picture, video
and sound records are utilized to conceal plain instant message or picture message. Scarcely any
instruments presently enable one to conceal documents inside a picture or sound record("Best
Tools to Perform Steganography", 2018).
The principle purpose behind utilizing steganography is that are concealing our mystery
message behind a customary document. Nobody will presume the record. Individuals will for the
most part figure it as a conventional record and our mystery message will abandon any doubt.
The document used to shroud a message will work typically and we won't presume just by
looking the record. There are different conditions when there is the need of secure transmission
of records. Programmers are all around and dependably attempt to block correspondence to get
private information.
By utilizing Steganography, we can diminish the possibility of information spillage.
Regardless of whether the assailant gains admittance to our record or email, he will do not
understand where the private document in our record is. There are different methods for
accomplishing the steganography in advanced correspondence. In any case, we don't have to
perform coding to accomplish this. There are different programming instruments are accessible
for Steganography. This product can conceal the mystery message behind the picture document,
HTML fil, DOC record or some other sort of record (Flandrin, 2018).
5
2.2 Stenography
Steganography is the craft of concealing a mystery message behind the typical message.
This is utilized to exchange some mystery message to other individual and no between time
individual will have the capacity to comprehend what the genuine message which we needed to
pass on was. This specialty of concealing mystery messages has been utilized for a considerable
length of time, all things considered, correspondences. Since the evolvement of computerized
correspondence, it has additionally been utilized as a part of advanced discussions. In PC, it is
accomplished by supplanting the unused or futile information of a standard PC document with
the bit of our mystery message. This mystery shrouded data can be a plain instant message,
figure content, or picture. One can conceal data in any sort of document. Normally picture, video
and sound records are utilized to conceal plain instant message or picture message. Scarcely any
instruments presently enable one to conceal documents inside a picture or sound record("Best
Tools to Perform Steganography", 2018).
The principle purpose behind utilizing steganography is that are concealing our mystery
message behind a customary document. Nobody will presume the record. Individuals will for the
most part figure it as a conventional record and our mystery message will abandon any doubt.
The document used to shroud a message will work typically and we won't presume just by
looking the record. There are different conditions when there is the need of secure transmission
of records. Programmers are all around and dependably attempt to block correspondence to get
private information.
By utilizing Steganography, we can diminish the possibility of information spillage.
Regardless of whether the assailant gains admittance to our record or email, he will do not
understand where the private document in our record is. There are different methods for
accomplishing the steganography in advanced correspondence. In any case, we don't have to
perform coding to accomplish this. There are different programming instruments are accessible
for Steganography. This product can conceal the mystery message behind the picture document,
HTML fil, DOC record or some other sort of record (Flandrin, 2018).
5
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Digital Forensic Report for EMTS Organizationlg...
|18
|1989
|460
Digital Forensics Report for a Case Study on Intellectual Property Theftlg...
|19
|2633
|66
Digital Forensics Report for Exotic Mountain Tour Servicelg...
|24
|2567
|203
Digital Forensics: Investigation and Recovery of Lost Datalg...
|21
|2379
|235
Digital Forensics Report for EMTS Organizationlg...
|28
|2503
|371
Digital Forensicslg...
|19
|2730
|345