Intellectual property - Assignment
VerifiedAdded on 2021/06/14
|18
|2330
|179
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
[Document title]
[Document subtitle]
[DATE]
[Company name]
[Company address]
[Document subtitle]
[DATE]
[Company name]
[Company address]
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
Task 1.........................................................................................................................................2
Task 2.........................................................................................................................................4
Abstract..................................................................................................................................4
Introduction............................................................................................................................4
Analysis conducted................................................................................................................5
Findings................................................................................................................................16
References............................................................................................................................17
Task 1.........................................................................................................................................2
Task 2.........................................................................................................................................4
Abstract..................................................................................................................................4
Introduction............................................................................................................................4
Analysis conducted................................................................................................................5
Findings................................................................................................................................16
References............................................................................................................................17
Task 1
The WinHex is the software tool used by forensic experts around the world for various
purposes like to repair headers of files, editing the files in binary mode and scrambling of
data which can only be reversed if the correct order is known. In order to recover the
scrambled bits we need to do the following:
Modify Data-> “left shift by 1-bit option”
Output:
The WinHex is the software tool used by forensic experts around the world for various
purposes like to repair headers of files, editing the files in binary mode and scrambling of
data which can only be reversed if the correct order is known. In order to recover the
scrambled bits we need to do the following:
Modify Data-> “left shift by 1-bit option”
Output:
Modify Data-> “32-bit byte swap”
Output and decrypted text:
Output and decrypted text:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Task 2
Abstract
The case is about the possible theft of intellectual property by a contract employee of Exotic
Mountain Tour Services (ETMS), the intellectual property is the secret data that might have
been leaked by the employee to competitor who might mitigate the entire project survey done
by the ETMS along with the Superior Bicycles, LLC. The leak if true might lead to severe
loss of revenue to ETMS as they might lose out to competition their strategic advantage
gained from the survey and its results. The leak came into picture when two of the emails of
the contract employee were filtered out and the emails contained some suspicious
conversation that might have led to deliberate leakage of critical intellectual property data.
There was USB drive that was also found on the contract employee’s desk, which was
handed over for further investigations and data that was recovered from the USB drive can
help in framing correct charges against the culprit Bob Aspen.
Introduction
There are two major software that are used in the forensic investigations ProDiscover and
WinHex, both serving a desired important purpose and complementing each other. Thought
there are many different software available for the same purpose but the number of features
provided by them, make them stand out comparing to the competition.
The ProDiscover is the software that is used to develop the copies of images or disks
(physical storage media), these images are used to read sectors and clusters as desired for the
purpose of recovering of data and information regarding recovering of data from different
clusters. Thought there are number of other features that are used by forensic experts but we
use these features of this case study. The ProDiscover is also compatible with number of
other hardware as well like write block that means the process of image creation will not
affect the original device, this feature is very critical as in few cases the original device needs
to remain in the same condition as it was being found.
When the data is being recovered by the forensic expert using the ProDiscover but usually the
files have their header or some part of data corrupted or even sometimes the header of the
files have been manually altered in order to bypass major filters in organizations. The
WinHex forensic tool comes in picture for this special purpose itself, it can alter or edit the
data of files in binary mode hence managing the data like edit, copy, delete, paste, insert etc.
Abstract
The case is about the possible theft of intellectual property by a contract employee of Exotic
Mountain Tour Services (ETMS), the intellectual property is the secret data that might have
been leaked by the employee to competitor who might mitigate the entire project survey done
by the ETMS along with the Superior Bicycles, LLC. The leak if true might lead to severe
loss of revenue to ETMS as they might lose out to competition their strategic advantage
gained from the survey and its results. The leak came into picture when two of the emails of
the contract employee were filtered out and the emails contained some suspicious
conversation that might have led to deliberate leakage of critical intellectual property data.
There was USB drive that was also found on the contract employee’s desk, which was
handed over for further investigations and data that was recovered from the USB drive can
help in framing correct charges against the culprit Bob Aspen.
Introduction
There are two major software that are used in the forensic investigations ProDiscover and
WinHex, both serving a desired important purpose and complementing each other. Thought
there are many different software available for the same purpose but the number of features
provided by them, make them stand out comparing to the competition.
The ProDiscover is the software that is used to develop the copies of images or disks
(physical storage media), these images are used to read sectors and clusters as desired for the
purpose of recovering of data and information regarding recovering of data from different
clusters. Thought there are number of other features that are used by forensic experts but we
use these features of this case study. The ProDiscover is also compatible with number of
other hardware as well like write block that means the process of image creation will not
affect the original device, this feature is very critical as in few cases the original device needs
to remain in the same condition as it was being found.
When the data is being recovered by the forensic expert using the ProDiscover but usually the
files have their header or some part of data corrupted or even sometimes the header of the
files have been manually altered in order to bypass major filters in organizations. The
WinHex forensic tool comes in picture for this special purpose itself, it can alter or edit the
data of files in binary mode hence managing the data like edit, copy, delete, paste, insert etc.
of data in binary mode is made possible using this tool. This tool in simple terms can be
viewed as the binary mode editor using hexadecimal values just like any word editor that
works majorly on ASCII values. There are several types of views available like cluster view,
tree view etc. that can help in finding the related data quite simple and efficient for any
forensic expert. Generating checksum and digest of the data is quite useful tool along with
that the reporting can be done using HTML or RTF based format that is beneficial for any
forensic expert delivering important findings in their final reports sometimes.
Analysis conducted
The initial findings of the emails that were being communicated by the Bob Aspen the
contract employee at ETMS outside the ETMS official known circle were found later in the
screening of emails for all the accounts of the organization. Apart from the emails the USB
drive was also recovered form the Bob Aspen’s desk and its was being suspicious for a
contract employee to being storage device to the company having strict policy for data and
intellectual property. The emails were being scanned and with the help of traced emails, it
was clear that the contract employee was indeed trying to leak the data to one of the
competitor of the ETMS and data was altered before being send out in order to escape the
filtering policy of the organization to send an email with attachment. The emails were being
communicated to terrysadler@groowy.com to and from baspen@aol.com which meets the
Bob Aspen details registered at the organization. The emails coming from
terrysadler@groowy.com were coming from Jim Shu, the time stamp forwarded messages
were little off that means the Jim Shu must be from different time zone and must be from
western corner of the world as the timestamps are being assigned by the servers not users.
The email conversation also asked the employee to alter the extension from jpg to txt and
header information as well in order to bypass the email scanners easily.
Search for and Recovering Digital photography Evidence
This section we would be recovering the image file from the USB drive image that was being
provided by the ETMS. The initial recovering of data from the file is to search the keyword in
ASCII mode with case sensitive match of “FIF”, the reason to use “FIF” not JPEG or JFIF is
that this might lead to find the clusters with lots of previous files that might have been stored
on the USB drive. These clusters of old files are known as false positive that may lead to lost
of unwanted data to be screened by the forensic expert and ultimately leading to loss of time
and effort.
viewed as the binary mode editor using hexadecimal values just like any word editor that
works majorly on ASCII values. There are several types of views available like cluster view,
tree view etc. that can help in finding the related data quite simple and efficient for any
forensic expert. Generating checksum and digest of the data is quite useful tool along with
that the reporting can be done using HTML or RTF based format that is beneficial for any
forensic expert delivering important findings in their final reports sometimes.
Analysis conducted
The initial findings of the emails that were being communicated by the Bob Aspen the
contract employee at ETMS outside the ETMS official known circle were found later in the
screening of emails for all the accounts of the organization. Apart from the emails the USB
drive was also recovered form the Bob Aspen’s desk and its was being suspicious for a
contract employee to being storage device to the company having strict policy for data and
intellectual property. The emails were being scanned and with the help of traced emails, it
was clear that the contract employee was indeed trying to leak the data to one of the
competitor of the ETMS and data was altered before being send out in order to escape the
filtering policy of the organization to send an email with attachment. The emails were being
communicated to terrysadler@groowy.com to and from baspen@aol.com which meets the
Bob Aspen details registered at the organization. The emails coming from
terrysadler@groowy.com were coming from Jim Shu, the time stamp forwarded messages
were little off that means the Jim Shu must be from different time zone and must be from
western corner of the world as the timestamps are being assigned by the servers not users.
The email conversation also asked the employee to alter the extension from jpg to txt and
header information as well in order to bypass the email scanners easily.
Search for and Recovering Digital photography Evidence
This section we would be recovering the image file from the USB drive image that was being
provided by the ETMS. The initial recovering of data from the file is to search the keyword in
ASCII mode with case sensitive match of “FIF”, the reason to use “FIF” not JPEG or JFIF is
that this might lead to find the clusters with lots of previous files that might have been stored
on the USB drive. These clusters of old files are known as false positive that may lead to lost
of unwanted data to be screened by the forensic expert and ultimately leading to loss of time
and effort.
We would now create the ProDiscover project and try to find the recoverable file.
1. Open the ProDiscover in the Administrator mode and create the project named as
C10InChp.
2. Add image that was provided by the ETMS of the USB drive found at the Bob Aspen
desk naming C10InChp.eve file.
1. Open the ProDiscover in the Administrator mode and create the project named as
C10InChp.
2. Add image that was provided by the ETMS of the USB drive found at the Bob Aspen
desk naming C10InChp.eve file.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
3. As discussed earlier we would now search for the clusters that ae there on the disk using
the cluster-based search with ASCII mode with Case Sensitive selected with keyword to
be searched as “FIF” as discussed earlier.
the cluster-based search with ASCII mode with Case Sensitive selected with keyword to
be searched as “FIF” as discussed earlier.
4. The clusters matching the search criteria “FIF” will be marked in the usb drive data pane
as below.
5. Select the first location or the occurrence of “FIF” and click it to move to the memory
location of the found cluster
6. Double click the cluster and you will be redirected to the tree view where the files will be
listed that are recoverable.
as below.
5. Select the first location or the occurrence of “FIF” and click it to move to the memory
location of the found cluster
6. Double click the cluster and you will be redirected to the tree view where the files will be
listed that are recoverable.
7. Right click on the cluster and search for find file
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8. Press “Yes”
All the matching clusters would be shown and click on show file:
All the matching clusters would be shown and click on show file:
9. On the file click on the image and save it as “recover1.jpg”.
Rebuilding File Header
As we have found on the email conversation of the accused Bob Aspen, the files header was
being changed in order to bypass the email filters at ETMS. Due to this the file is not
viewable in any image viewer software, hence we need to edit the header of the file and
repair it, in order to view the recovered file.
1. Open recover1.jpg using WinHex tool.
2. The header contains the first offset at 0 to sixth offset as 7A 7A 7A 7A10 and 7A
As we have found on the email conversation of the accused Bob Aspen, the files header was
being changed in order to bypass the email filters at ETMS. Due to this the file is not
viewable in any image viewer software, hence we need to edit the header of the file and
repair it, in order to view the recovered file.
1. Open recover1.jpg using WinHex tool.
2. The header contains the first offset at 0 to sixth offset as 7A 7A 7A 7A10 and 7A
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
3. For any known JFIF or JPEG file the header information from first offset should be “FF
D8 FF E0” so we alter the values such that header information is fixed.
4. Finally, in the right-hand side of the pane replace the zFIF to JFIF and save the file with
the name as Fixed1.jpg
Reconstructing File Fragments
Now we would be recovering the file from the clustered data or we can say the data that
might have been written down with spilt headers, in order to recover such file following
approach would be used:
1. Find all the clusters of the image file that is needed to be reconstructed.
2. After the successful classification of the clusters we need to mark the starting and
ending clusters of the fragmented group.
3. Arrange the clusters in correct order or file to recover the file
4. Finally recovering and editing the header so as to view the recovered image in any
image viewer.
D8 FF E0” so we alter the values such that header information is fixed.
4. Finally, in the right-hand side of the pane replace the zFIF to JFIF and save the file with
the name as Fixed1.jpg
Reconstructing File Fragments
Now we would be recovering the file from the clustered data or we can say the data that
might have been written down with spilt headers, in order to recover such file following
approach would be used:
1. Find all the clusters of the image file that is needed to be reconstructed.
2. After the successful classification of the clusters we need to mark the starting and
ending clusters of the fragmented group.
3. Arrange the clusters in correct order or file to recover the file
4. Finally recovering and editing the header so as to view the recovered image in any
image viewer.
Open the project C10InChp created earlier:
1. In the tree view using the search criteria of AE3(2787), to list all the clusters related to
the “FIF”, the related clusters would be listed down by the software:
2. The new pop-up box window is displayed on the screen, that shows all the related
clusters to the search AE3 (2787), we select the clusters and save them to the text file
naming AE3-crave.txt.
1. In the tree view using the search criteria of AE3(2787), to list all the clusters related to
the “FIF”, the related clusters would be listed down by the software:
2. The new pop-up box window is displayed on the screen, that shows all the related
clusters to the search AE3 (2787), we select the clusters and save them to the text file
naming AE3-crave.txt.
3. We now check the AE3-crave.txt file and mark all the clusters that have been group
together and align them to form a correct order of clusters which is quite necessary in
order to form the file from the given ranges of the clusters that have been found.
a. Fragment range 1—AC4 to B20
b. Fragment range 2—1d6 to 229
c. Fragment range 3—3cc to 406
d. Fragment range 4—14b to 182
e. Fragment range 5—938 to 96d
f. Fragment range 6—6 to d
4. Mark all the clusters using the Add Clusters option and mark clusters in the same
sequential order as of fragments found in the earlier search starting from fragment 1 to
6.
together and align them to form a correct order of clusters which is quite necessary in
order to form the file from the given ranges of the clusters that have been found.
a. Fragment range 1—AC4 to B20
b. Fragment range 2—1d6 to 229
c. Fragment range 3—3cc to 406
d. Fragment range 4—14b to 182
e. Fragment range 5—938 to 96d
f. Fragment range 6—6 to d
4. Mark all the clusters using the Add Clusters option and mark clusters in the same
sequential order as of fragments found in the earlier search starting from fragment 1 to
6.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5. After adding the clusters to option, we use the Recover clusters option and selecting
the recover all clusters to single file option we recover the file and save it as
recover2.jpg
6. Since the header information might be corrupted that is why we won’t be able to view
the recover2.jpg directly, we repair the header information as done earlier to finally
view the image recovered.
Findings
1. The email captured provided the initial direction of the investigation related to the Bob
Aspen being trying to leak the Intellectual Property of ETMS.
the recover all clusters to single file option we recover the file and save it as
recover2.jpg
6. Since the header information might be corrupted that is why we won’t be able to view
the recover2.jpg directly, we repair the header information as done earlier to finally
view the image recovered.
Findings
1. The email captured provided the initial direction of the investigation related to the Bob
Aspen being trying to leak the Intellectual Property of ETMS.
2. USB disk contained the altered data images which means the Bob Aspen was indeed
trying to hide the images leaked to the competition of ETMS that was leading severe
loss of revenue to the ETMS.
Conclusion
The case is about the possible theft of intellectual property by a contract employee of Exotic
Mountain Tour Services (ETMS), the intellectual property is the secret data that might have
been leaked by the employee to competitor who might mitigate the entire project survey done
by the ETMS along with the Superior Bicycles, LLC. The leak if true might lead to severe
loss of revenue to ETMS as they might lose out to competition their strategic advantage
gained from the survey and its results.
ProDiscover is an excellent tool in order to manage disk and images of the storage devices
which help in finding digital evidences and perform digital forensics in order to nail the
culprits. WinHex is also an excellent tool for digital forensic, enabling the expert to edit the
data in binary formats just like any text editor would do so in ASCII mode.
The Bob Aspen was indeed trying to leak out the Intellectual Property that belongs to ETMS,
he tried to leak the information via email and via USB as well copying the data.
References
Jiang, C., Liu, I., Liu, C., Chen, Y., & Li, J. (2016). Distributed Log System in Cloud Digital
Forensics. 2016 International Computer Symposium (ICS). doi: 10.1109/ics.2016.0059
Ling, T. (2013). The Study of Computer Forensics on Linux. 2013 International Conference
On Computational And Information Sciences. doi: 10.1109/iccis.2013.85
Muda, A., Choo, Y., Abraham, A., & N. Srihari, S. (2014). Computational Intelligence in
Digital Forensics: Forensic Investigation and Applications. Cham: Springer.
Muda, A., Choo, Y., Abraham, A., & N. Srihari, S. (2014). Computational Intelligence in
Digital Forensics: Forensic Investigation and Applications. Cham: Springer.
Olivier, M., & Shenoi, S. (2006). Advances in digital forensics II. New York: Springer.
Prem, T., Selwin, V., & Mohan, A. (2017). Disk memory forensics: Analysis of memory
forensics frameworks flow. 2017 Innovations In Power And Advanced Computing
Technologies (I-PACT). doi: 10.1109/ipact.2017.8244977
Sibiya, G., Venter, H., & Fogwill, T. (2015). Digital forensics in the Cloud: The state of the
art. 2015 IST-Africa Conference. doi: 10.1109/istafrica.2015.7190540
Vaughn, R., & Dampier, D. (2007). Digital Forensics--State of the Science and Foundational
Research Activity. 2007 40Th Annual Hawaii International Conference On System
Sciences (HICSS'07). doi: 10.1109/hicss.2007.174
trying to hide the images leaked to the competition of ETMS that was leading severe
loss of revenue to the ETMS.
Conclusion
The case is about the possible theft of intellectual property by a contract employee of Exotic
Mountain Tour Services (ETMS), the intellectual property is the secret data that might have
been leaked by the employee to competitor who might mitigate the entire project survey done
by the ETMS along with the Superior Bicycles, LLC. The leak if true might lead to severe
loss of revenue to ETMS as they might lose out to competition their strategic advantage
gained from the survey and its results.
ProDiscover is an excellent tool in order to manage disk and images of the storage devices
which help in finding digital evidences and perform digital forensics in order to nail the
culprits. WinHex is also an excellent tool for digital forensic, enabling the expert to edit the
data in binary formats just like any text editor would do so in ASCII mode.
The Bob Aspen was indeed trying to leak out the Intellectual Property that belongs to ETMS,
he tried to leak the information via email and via USB as well copying the data.
References
Jiang, C., Liu, I., Liu, C., Chen, Y., & Li, J. (2016). Distributed Log System in Cloud Digital
Forensics. 2016 International Computer Symposium (ICS). doi: 10.1109/ics.2016.0059
Ling, T. (2013). The Study of Computer Forensics on Linux. 2013 International Conference
On Computational And Information Sciences. doi: 10.1109/iccis.2013.85
Muda, A., Choo, Y., Abraham, A., & N. Srihari, S. (2014). Computational Intelligence in
Digital Forensics: Forensic Investigation and Applications. Cham: Springer.
Muda, A., Choo, Y., Abraham, A., & N. Srihari, S. (2014). Computational Intelligence in
Digital Forensics: Forensic Investigation and Applications. Cham: Springer.
Olivier, M., & Shenoi, S. (2006). Advances in digital forensics II. New York: Springer.
Prem, T., Selwin, V., & Mohan, A. (2017). Disk memory forensics: Analysis of memory
forensics frameworks flow. 2017 Innovations In Power And Advanced Computing
Technologies (I-PACT). doi: 10.1109/ipact.2017.8244977
Sibiya, G., Venter, H., & Fogwill, T. (2015). Digital forensics in the Cloud: The state of the
art. 2015 IST-Africa Conference. doi: 10.1109/istafrica.2015.7190540
Vaughn, R., & Dampier, D. (2007). Digital Forensics--State of the Science and Foundational
Research Activity. 2007 40Th Annual Hawaii International Conference On System
Sciences (HICSS'07). doi: 10.1109/hicss.2007.174
1 out of 18
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.