University Semester.
VerifiedAdded on 2023/01/18
|25
|2602
|55
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
University
Semester
Digital Forensics
Student ID
Student Name
Submission Date
1
Semester
Digital Forensics
Student ID
Student Name
Submission Date
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Executive Summary
We shall be making use of the WinHex digital forensics tool to recover the provided the
scrambled bits and this will form the first part our project. (WinHex is a commercial disk editor
and universal hexadecimal editor used for data recovery and digital forensics). A new employee
of Superior Bicycles Inc will prepare the digital forensics report for Intellectual property theft,
and this will form the second part of our task.The new employee name is Tom Johnson; this
employee is the cousin of the Jim Shu an employee who had been terminated. The Bob Aspen is
external investor and contractor who gets a strange email from Terry Sadler that email contains
the information about the Jim Shu new project. So, the Bob forwards the email to Chris
Robinson to inquire about the special project that might need the capital investments.In this
project, we shall determine the drive contains any proprietary Superior Bicycles Inc. data in the
form of any digital photograph as evidence. The FTK imager and Autopsy tool will be used for
the analysis of the USB drive. We shall now evaluate and discuss the digital forensics report,
which was prepared for the investigation.
2
We shall be making use of the WinHex digital forensics tool to recover the provided the
scrambled bits and this will form the first part our project. (WinHex is a commercial disk editor
and universal hexadecimal editor used for data recovery and digital forensics). A new employee
of Superior Bicycles Inc will prepare the digital forensics report for Intellectual property theft,
and this will form the second part of our task.The new employee name is Tom Johnson; this
employee is the cousin of the Jim Shu an employee who had been terminated. The Bob Aspen is
external investor and contractor who gets a strange email from Terry Sadler that email contains
the information about the Jim Shu new project. So, the Bob forwards the email to Chris
Robinson to inquire about the special project that might need the capital investments.In this
project, we shall determine the drive contains any proprietary Superior Bicycles Inc. data in the
form of any digital photograph as evidence. The FTK imager and Autopsy tool will be used for
the analysis of the USB drive. We shall now evaluate and discuss the digital forensics report,
which was prepared for the investigation.
2
Table of Contents
Task 1: Recovering Scrambled Bits.........................................................................................................3
Task 2: Digital Forensics Report..............................................................................................................7
1. Introduction and Background......................................................................................................7
2. Tools................................................................................................................................................8
3. Analysis.........................................................................................................................................10
4. Findings........................................................................................................................................15
5. Conclusion....................................................................................................................................23
References................................................................................................................................................23
3
Task 1: Recovering Scrambled Bits.........................................................................................................3
Task 2: Digital Forensics Report..............................................................................................................7
1. Introduction and Background......................................................................................................7
2. Tools................................................................................................................................................8
3. Analysis.........................................................................................................................................10
4. Findings........................................................................................................................................15
5. Conclusion....................................................................................................................................23
References................................................................................................................................................23
3
Task 1: Recovering Scrambled Bits
We shall be using the Winhex digital forensics tool, in this project for recovering the
provided for the scrambled bits. Also, for the digital forensics evaluation, the WinHex tool is
used for the effective data recovery (Duranti & Endicott-Popovsky, 2010). The following are the
steps, which by using the WinHex are used for the recovery of the provided scrambled bits,
As presented in the below image, open the Winhex software,
After click file to choose the open file. Then, Browse the scrambled bits by choose the provided
text file. This process is used to display the scrambled bits of text file which is illustrated as
below.
4
We shall be using the Winhex digital forensics tool, in this project for recovering the
provided for the scrambled bits. Also, for the digital forensics evaluation, the WinHex tool is
used for the effective data recovery (Duranti & Endicott-Popovsky, 2010). The following are the
steps, which by using the WinHex are used for the recovery of the provided scrambled bits,
As presented in the below image, open the Winhex software,
After click file to choose the open file. Then, Browse the scrambled bits by choose the provided
text file. This process is used to display the scrambled bits of text file which is illustrated as
below.
4
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The text format is the display after the execution of the scrambled bits and the same is
represented in the below image,
5
represented in the below image,
5
A message is displayed on the screen once the process has been completed. The message
will be, and the below image is the representation,
“Congratulations! You have successfully unscrambled bits in this file”
6
will be, and the below image is the representation,
“Congratulations! You have successfully unscrambled bits in this file”
6
Task 2: Digital Forensics Report
1. Introduction and Background
For the new employee of the Superior Bicycles Inc, we shall prepare the digital forensics
report for Intellectual property theft and this task is about the same. The new employee name is
Tom Johnson; this employee is the cousin of the Jim Shu an employee who had been terminated.
The Bob Aspen is external investor and contractor who gets a strange email from Terry Sadler
that email contains the information about the Jim Shu new project. So, the Bob forwards the
email to Chris Robinson to inquire about the special project that might need the capital
investments.Then, Chris forwards the email to the general counsel, Ralph Benison asking him to
look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with
attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris
Robinson. The USB to which Tom Johnson was assigned, was found by Chris on the desk.
7
1. Introduction and Background
For the new employee of the Superior Bicycles Inc, we shall prepare the digital forensics
report for Intellectual property theft and this task is about the same. The new employee name is
Tom Johnson; this employee is the cousin of the Jim Shu an employee who had been terminated.
The Bob Aspen is external investor and contractor who gets a strange email from Terry Sadler
that email contains the information about the Jim Shu new project. So, the Bob forwards the
email to Chris Robinson to inquire about the special project that might need the capital
investments.Then, Chris forwards the email to the general counsel, Ralph Benison asking him to
look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with
attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris
Robinson. The USB to which Tom Johnson was assigned, was found by Chris on the desk.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
In this project, we are determining the drive contains any proprietary Superior Bicycles
Inc. data in the form of any digital photograph as evidence. The FTK imager and Autopsy tool
are the tools that will be used for the analysis of the USB drive. At last prepare the digital
forensics report about the investigation. These are will be analyzed and discussed in detail.
2. Tools
This digital investigation uses the FTK imager and Autopsy tool to determine and analyse
the USB drive and finally prepare the digital forensics report about the investigation. We shall be
using the FTK imager tool forcreating the USB drive as disk image file and then evaluating the
USB drive.Use the autopsy tool to analyse and evaluate the created disk image file, once the disk
image file is created by the USB drive. These are used to analysis the hidden data, hidden image,
data recovery on USB drive.
FTK Imager
A Forensic Image is frequently expected to check trustworthiness of picture after a
procurement of a Hard Drive has occurred. This is normally performed by law authorization for
court on the grounds that, after a measurable picture has been made, its trustworthiness can be
checked to confirm that it has not been messed with. Further, a legal picture can be upheld up
and additionally tried on without harming the first duplicate or proof.
Further, you can make a legal picture from a running or dead machine. I surmise the most
ideal approach to disclose the criminological picture to somebody who does not think about PCs
is that it is an exacting preview in time that has honesty checking.
The finished PC criminology tool will be the proposed FTK. In a single location, the most well-
known criminological instruments are given by the agents as a conglomeration. To make the
system safe and secured, FTK will give the following services,
endeavoring to break a secret key
dissect messages
Search for explicit characters in documents.
An instinctive GUI will be made use of to further improve the pot. With more additional features
, it execution procedure and recognizing characteristics, the FTK is distinctly different from the
other tools of its type.Use of the multi-center CPUs to parallelize the activities was the main
feature for the main criminological programming and for which the buying in of a dispersed
preparing approach is carried out.
8
Inc. data in the form of any digital photograph as evidence. The FTK imager and Autopsy tool
are the tools that will be used for the analysis of the USB drive. At last prepare the digital
forensics report about the investigation. These are will be analyzed and discussed in detail.
2. Tools
This digital investigation uses the FTK imager and Autopsy tool to determine and analyse
the USB drive and finally prepare the digital forensics report about the investigation. We shall be
using the FTK imager tool forcreating the USB drive as disk image file and then evaluating the
USB drive.Use the autopsy tool to analyse and evaluate the created disk image file, once the disk
image file is created by the USB drive. These are used to analysis the hidden data, hidden image,
data recovery on USB drive.
FTK Imager
A Forensic Image is frequently expected to check trustworthiness of picture after a
procurement of a Hard Drive has occurred. This is normally performed by law authorization for
court on the grounds that, after a measurable picture has been made, its trustworthiness can be
checked to confirm that it has not been messed with. Further, a legal picture can be upheld up
and additionally tried on without harming the first duplicate or proof.
Further, you can make a legal picture from a running or dead machine. I surmise the most
ideal approach to disclose the criminological picture to somebody who does not think about PCs
is that it is an exacting preview in time that has honesty checking.
The finished PC criminology tool will be the proposed FTK. In a single location, the most well-
known criminological instruments are given by the agents as a conglomeration. To make the
system safe and secured, FTK will give the following services,
endeavoring to break a secret key
dissect messages
Search for explicit characters in documents.
An instinctive GUI will be made use of to further improve the pot. With more additional features
, it execution procedure and recognizing characteristics, the FTK is distinctly different from the
other tools of its type.Use of the multi-center CPUs to parallelize the activities was the main
feature for the main criminological programming and for which the buying in of a dispersed
preparing approach is carried out.
8
Autopsy tool
The Sleuth Kit® and other advanced legal sciences devices are used in the graphical
interface and computerized legal sciences stage by the use of Autopsy®. It is used on computer
devices for investigation and research study by law implementation, military, and corporate
inspectors. Another common use of this tool is on the camera’s memory card and to recuperate
photographs from it, and here also the graphical UI (GUI) is utilized for the analysis and
evaluation. The features of the Sleuth Kit are,
More straightforward to work
computerizing a considerable lot of the strategies
simpler and easier to recognize
Sortall the inventory appropriate bits of criminological information.
For enabling the clients to gather, parse and break down measurable information on PC
frameworks and cell phones, we shall make use of the “Sleuth Kit” which is an accumulation of
order lines and a C library. Most of the photographs from the camera can be recouped by using
this framework as guaranteed by the site. The perfectionists have always liked their work to be
straightforward and they would not like the layering of the GUI over the content based projects
and also the direction line interfaces on it. But the innovative tool, “Autopsy” is appreciated and
liked even by people who have always worked with GUI interfaces.
Simple to Use
As an out of crate, user friendly tool, Autopsy evaluation was purposefully natural. At every step
of the installation procedure for the tool, there are wizards to guide you. A solitary tree gives all
the possible outcomes. For more subtleties, check the natural page.
Extensible
With modules that accompany it out of the container and others that are accessible from
outside, the Autopsy was always intended to be a start to finish stage. Below are the modules as
part of the tool:
Timeline Analysis - Advanced graphical occasion seeing interface (video
instructional exercise included).
Hash Filtering - Flag known awful records and disregard known great.
9
The Sleuth Kit® and other advanced legal sciences devices are used in the graphical
interface and computerized legal sciences stage by the use of Autopsy®. It is used on computer
devices for investigation and research study by law implementation, military, and corporate
inspectors. Another common use of this tool is on the camera’s memory card and to recuperate
photographs from it, and here also the graphical UI (GUI) is utilized for the analysis and
evaluation. The features of the Sleuth Kit are,
More straightforward to work
computerizing a considerable lot of the strategies
simpler and easier to recognize
Sortall the inventory appropriate bits of criminological information.
For enabling the clients to gather, parse and break down measurable information on PC
frameworks and cell phones, we shall make use of the “Sleuth Kit” which is an accumulation of
order lines and a C library. Most of the photographs from the camera can be recouped by using
this framework as guaranteed by the site. The perfectionists have always liked their work to be
straightforward and they would not like the layering of the GUI over the content based projects
and also the direction line interfaces on it. But the innovative tool, “Autopsy” is appreciated and
liked even by people who have always worked with GUI interfaces.
Simple to Use
As an out of crate, user friendly tool, Autopsy evaluation was purposefully natural. At every step
of the installation procedure for the tool, there are wizards to guide you. A solitary tree gives all
the possible outcomes. For more subtleties, check the natural page.
Extensible
With modules that accompany it out of the container and others that are accessible from
outside, the Autopsy was always intended to be a start to finish stage. Below are the modules as
part of the tool:
Timeline Analysis - Advanced graphical occasion seeing interface (video
instructional exercise included).
Hash Filtering - Flag known awful records and disregard known great.
9
Keyword Search - Indexed catchphrase inquiry to discover records that notice
important terms.
Web Artifacts - Extract history, bookmarks, and treats from Firefox, Chrome, and IE.
Data Carving - Recover erased documents from unallocated space utilizing PhotoRec
Multimedia - Extract EXIF from pictures and watch recordings.
Indicators of Compromise - Scan a PC utilizing STIX.
Quick
Yesterday is when everybody needs the Results. As soon as the results are found they are
given to you by Analysis, by running the foundation assignments in parallel utilizing various
centers You will know in minutes if your catchphrases were found in the client's home organizer,
even though for the tool it might take hours to completely look through the drive. For more of
the subtleties, check the quick outcomes page.
Cost Effective
There is no cost to dissection and it is free. Financially savvy computerized criminology
tools have become easy and basic, as the spending plans and values have diminished. By offering
services that other business apparatuses don't give, like the basic highlights like web antiquity
analysis and vault investigation, Dissection offers a similar center highlights as other
computerized crime scene investigation instruments.
3. Analysis
We shall be using the FTK imager to create the disk image file for USB drive, before we
start with the evaluation process (Larson, 2014).Below is the representation for the first step of
opening the FTK imager,
10
important terms.
Web Artifacts - Extract history, bookmarks, and treats from Firefox, Chrome, and IE.
Data Carving - Recover erased documents from unallocated space utilizing PhotoRec
Multimedia - Extract EXIF from pictures and watch recordings.
Indicators of Compromise - Scan a PC utilizing STIX.
Quick
Yesterday is when everybody needs the Results. As soon as the results are found they are
given to you by Analysis, by running the foundation assignments in parallel utilizing various
centers You will know in minutes if your catchphrases were found in the client's home organizer,
even though for the tool it might take hours to completely look through the drive. For more of
the subtleties, check the quick outcomes page.
Cost Effective
There is no cost to dissection and it is free. Financially savvy computerized criminology
tools have become easy and basic, as the spending plans and values have diminished. By offering
services that other business apparatuses don't give, like the basic highlights like web antiquity
analysis and vault investigation, Dissection offers a similar center highlights as other
computerized crime scene investigation instruments.
3. Analysis
We shall be using the FTK imager to create the disk image file for USB drive, before we
start with the evaluation process (Larson, 2014).Below is the representation for the first step of
opening the FTK imager,
10
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Below is the representation for creating the disk image file by clicking on the “file” option,
Next image below displays the choosing of the Physical Drive by selecting the source evidence
type USB and then clicking on the “Next” button,
11
Next image below displays the choosing of the Physical Drive by selecting the source evidence
type USB and then clicking on the “Next” button,
11
Below image displays the source folder to be selected and then clicking on the next button,
Next image below shows Raw DD as the selected destination image type, and then clicking on
the next button,
12
Next image below shows Raw DD as the selected destination image type, and then clicking on
the next button,
12
Below shows the evidence item and all the information that was entered into it,
Below image represent the title naming of the image file as digital forensics which is done once
the image destination has been chosen from the folder. Click on the next icon after completion of
this.
13
Below image represent the title naming of the image file as digital forensics which is done once
the image destination has been chosen from the folder. Click on the next icon after completion of
this.
13
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
At last, we are creating the disk image for provided USB drive which is presented as below.
Here, we are open the created disk image file which is illustrated as below.
14
Here, we are open the created disk image file which is illustrated as below.
14
4. Findings
Here, we are determine the evidence on the provided USB drive which is newly created as
disk image. So, to determine the evidence on disk image file by using the Autopsy tool. So, first
open the autopsy tool which is presented as below.
15
Here, we are determine the evidence on the provided USB drive which is newly created as
disk image. So, to determine the evidence on disk image file by using the Autopsy tool. So, first
open the autopsy tool which is presented as below.
15
click the new case to enter the case information like case name as digital forensis and case stype
as single user and click the Next button which is illustrated as below.
And, also enter the optional case information like case number as 001 and click the finish button
which is illustrated as below.
16
as single user and click the Next button which is illustrated as below.
And, also enter the optional case information like case number as 001 and click the finish button
which is illustrated as below.
16
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
After, we will view the database creation for created case file which is presented as below.
And, also view the text index for created new case which is presented as below.
Then, add the data source to the created case by choose the data source type. Here, we are
created the disk image for provided USB. So the below image displays the data source as the
disk image selected and after than clicking on the Next button,
17
And, also view the text index for created new case which is presented as below.
Then, add the data source to the created case by choose the data source type. Here, we are
created the disk image for provided USB. So the below image displays the data source as the
disk image selected and after than clicking on the Next button,
17
Below image is the representation of the selected and created disk image file after browsing the
disk image,
Below image shows the created case file from the added the data source,
18
disk image,
Below image shows the created case file from the added the data source,
18
After, we will see the created disk image as provided USB is successfully added in
created new case which is illustrated as below.
Then, we will see the provided USB drive information which is illustrated as below.
19
created new case which is illustrated as below.
Then, we will see the provided USB drive information which is illustrated as below.
19
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Information about the digital forensics case file is illustrated as below.
Name /img_Digital Forensics.001//$Unalloc
Type Virtual Directory
MIME Type application/octet-stream
Size 0
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 4
The provided USB file has the hidden data, image and attributes. These are illustrated as below.
20
Name /img_Digital Forensics.001//$Unalloc
Type Virtual Directory
MIME Type application/octet-stream
Size 0
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 4
The provided USB file has the hidden data, image and attributes. These are illustrated as below.
20
Name /img_C:/$Extend/$ObjId
Type File System
MIME Type application/octet-stream
Size 0
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 2019-02-02 01:16:01 PST
Accessed 2019-02-02 01:16:01 PST
Created 2019-02-02 01:16:01 PST
Changed 2019-02-02 01:16:01 PST
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 16892
21
Type File System
MIME Type application/octet-stream
Size 0
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 2019-02-02 01:16:01 PST
Accessed 2019-02-02 01:16:01 PST
Created 2019-02-02 01:16:01 PST
Changed 2019-02-02 01:16:01 PST
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 16892
21
Name /img_C:/Digital Photo/IMGu3128872_3.jpg
Type File System
MIME Type application/octet-stream
Size 219752
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 2019-05-08 08:12:35 PDT
Accessed 2019-05-18 00:00:53 PDT
Created 2019-05-18 00:00:53 PDT
Changed 2019-05-08 08:22:08 PDT
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 275850
22
Type File System
MIME Type application/octet-stream
Size 219752
File Name Allocation Allocated
Metadata Allocation Allocated
Modified 2019-05-08 08:12:35 PDT
Accessed 2019-05-18 00:00:53 PDT
Created 2019-05-18 00:00:53 PDT
Changed 2019-05-08 08:22:08 PDT
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 275850
22
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Name /img_C:/Recovery/ReAgentOld.xml
Type File System
MIME Type application/octet-stream
Size 1037
File Name Allocation Allocated
Metadata Allocation Allocated
23
Type File System
MIME Type application/octet-stream
Size 1037
File Name Allocation Allocated
Metadata Allocation Allocated
23
Modified 2019-02-02 01:54:25 PST
Accessed 2019-05-13 08:42:12 PDT
Created 2019-05-13 08:42:12 PDT
Changed 2019-02-02 01:54:25 PST
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 601545
Based on analysis, the provided USB file has information about the projects. It has hidden
data, hidden image, hidden attributes and files. It has more than 10000 files on USB. These are
related to the projects. The hidden data, attributes and images are effectively recovered by
autopsy and FTK imager.
5. Conclusion
This task is successfully prepare the digital forensics report for Intellectual property theft
by a new employee of Superior Bicycles Inc. This project also successfully determined the drive
contains any proprietary Superior Bicycles Inc. data in the form of any digital photograph as
evidence. by using the Autopsy tool and the FTK imager, we have successfully analysed the
USB drive. At last we are effectively prepare the digital forensics report about the investigation.
These are analyzed and discussed in detail.
References
24
Accessed 2019-05-13 08:42:12 PDT
Created 2019-05-13 08:42:12 PDT
Changed 2019-02-02 01:54:25 PST
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 601545
Based on analysis, the provided USB file has information about the projects. It has hidden
data, hidden image, hidden attributes and files. It has more than 10000 files on USB. These are
related to the projects. The hidden data, attributes and images are effectively recovered by
autopsy and FTK imager.
5. Conclusion
This task is successfully prepare the digital forensics report for Intellectual property theft
by a new employee of Superior Bicycles Inc. This project also successfully determined the drive
contains any proprietary Superior Bicycles Inc. data in the form of any digital photograph as
evidence. by using the Autopsy tool and the FTK imager, we have successfully analysed the
USB drive. At last we are effectively prepare the digital forensics report about the investigation.
These are analyzed and discussed in detail.
References
24
Duranti, L., & Endicott-Popovsky, B. (2010). Digital Records Forensics: A New Science and
Academic Program for Forensic Readiness. Journal Of Digital Forensics, Security And
Law. doi: 10.15394/jdfsl.2010.1075
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2014.1165
25
Academic Program for Forensic Readiness. Journal Of Digital Forensics, Security And
Law. doi: 10.15394/jdfsl.2010.1075
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2014.1165
25
1 out of 25
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.