Forensic Examination of Digital Evidence - PDF
22 Pages5339 Words94 Views
Added on 2021-06-15
Forensic Examination of Digital Evidence - PDF
Added on 2021-06-15
ShareRelated Documents
Tasks and Forensics Report
Table of ContentsTask 1.........................................................................................................................................3Introduction................................................................................................................................3Task 2.........................................................................................................................................3Analysis......................................................................................................................................3Findings......................................................................................................................................4Final Findings...........................................................................................................................17Conclusion................................................................................................................................18
Task 1IntroductionProcessThe process that has been used in this case have been started from the collection of theevidence material, that is the machine. Once the machine has been seized, attempts weremade to create a digital image of the machine and the files and transfer it to other computers.This helps in preserving the state of the machine as it is and the data collection is done in avery organized manner. Next, all kinds of analysis is performed on the digital image that havebeen collected and stored in the data. The image was collected in FTK Image and throughthat software, any kind of corrupted file or image has been identified and studied. With theuse of soft ware like Pro Discover, there has been an attempt made to decrypt encrypted dataand using the form of decryption different ways of corruption or encryption is analyzed. Itcan also be used to study into the nature of the different cache files and cooking formedduring use of internet (Sunde, et al.,2017). The software has also been used to understandhow the data has been encrypted and to look into any form of corruption. With the help ofWire Shark, the network protocol has been analyzed and this has allowed finding out the dateof access to the internet and the different sort of search engine that is used and searched textsthat could be studied into to understand the general way in which the specified user worksthrough. By the use of ripper software like Rag Ripper, it was easy to take an image of animage and analyze it in isolated by placing it into the different software (Franke, et al., 2018).With Encase, it was possible to conduct different kinds of analysis tests such as cyber security,security analytics, and e-discovery use and hence, several kinds of information appeared through it.Other kinds of studies where the study of cache files include through Pro Discover, and identificationof the make and model of the product (Swartz, 2017). The second one of the two has been conductedthrough the visit to a police academy and acquiring a license so that the legality of entering into thesuspect machine and to analyse the areas.Tools used for the analysisThe scrambled bit of information which was obtained partial data from the email connectedto the web link. The information over there was suspicious, but very less data was able toidentified. In case the data was unidentified due to the encrypt mode of the data. Thus inorder to decode the information which was found suspiciously from email connected weblink, the company EMPT is planning to use forensic analytical tool. In this circumstance they
have used the evaluation version of the software named as WinHex. It is a power tool todetect any suspicious data and it could be recovered using a data wiping tool. Steps of Process: Installation to ExtractionLaunching after the program is set up and choosing a folder destination in order to install theprogram. The set up program is easy to use with any other window wizard. In order to editthe hard disc sectors, the administration permission was taken. WinHex is a hex editor. It displays three columns with represent a 16 byte display address. Itis a 16 character of text display. The data viewer can be viewed extensively. Both the modeof hex only and text only, could be selected by clicking check boxes within the view menu.The session begins with the start centre and the previously detected files can be viewed.
The unknown data can be extracted from any unknown sources. An example way to extractinformation regarding the location of the data can be found out. This is the way it isproceeded with the available data in the stored drive.
This is the way data is viewed in order to go for the data recovery process through thissoftware. There are tools that work with discs involved with stored se of data and the datarecovery process. The scrambled bits of data which was found undetected within the emailwas anyhow managed to extract by using this software. Now the decoded data will be sent tothe administrative section of the EMTS to further decide on the steps of action to be takenahead.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Digital Forensics: Recovering Deleted Files from USB using Winhex and Stenography Toollg...
|22
|2401
|395
Digital Forensic Report for EMTS Organizationlg...
|18
|1989
|460
Principles of Digital Forensics PDFlg...
|22
|1932
|375
Intellectual property - Assignmentlg...
|18
|2330
|179
Digital Forensics Report for EMTS Organizationlg...
|28
|2503
|371
Digital Forensics Report for a Case Study on Intellectual Property Theftlg...
|19
|2633
|66