Digital Desktop Analysis: CO4514 Digital Forensic Technology Report

Verified

Added on 2023/01/13

AI Summary

This report provides a detailed analysis of digital forensic technology, focusing on its importance in crime investigation. It begins with an introduction to the subject and then examines the author's digital technology usage, including devices like a Samsung S3 Mini, Google Drive, Microsoft Surface Pro, and Chromecast, along with their justifications and potential crime scenarios. The report delves into evidence recovery processes from an iPhone and iCloud, discussing various acquisition techniques (manual, logical, file system, and physical), their usefulness, strengths, weaknesses of acquisition tools, and their applicability in prosecution. It also explores evidence recovery from Google Drive, including acquisition techniques and tool analysis. Furthermore, the report offers predictions about the future of evidence recovery, highlighting challenges such as analyzing large datasets, encryption complexities, and the rise of smart appliances. The report concludes by emphasizing the evolving nature of digital forensics and the need to anticipate future technological advancements and challenges. The report includes references to relevant literature and sources.

CO4514 Digital Forensic Technology
Your G Number
Assignment One

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The Digital Desktop
1. Introduction
This report discuses about digital forensic technology and how it is important in conducting crime investigation. A scenario is developed in this report for
providing context to the digital desktop components. Among the various devices, two of the devices that are considered for analysing digital evidence
recovery process are iPhone and iCloud. A detailed description has been provided in this aspect. This description includes evidence collection techniques,
usefulness of acquisition techniques, strengths and weakness of acquisition tools and usefulness of acquired tools. Along with that a detailed description is
provided which analyses future challenges, specifically technical challenges of digital forensic techniques for executing the crime investigation efficiently.
2. My Digital Technology
No Device Justification Crime Available Evidence
1 Samsung S3 mini not as expensive as iPhone 4s, but
offers almost similar functionalities
and access to millions of android
apps
Calling someone to instruct about
planed criminal activity such as
robbery.
call log of phone either through
manual evidence acquisition or file
based acquisition
2 Google Drive Provides expanded storage options
with enhanced security
To save confidential document such
as financial data hacked without
authorization of owner
Document saved or stored in iCloud
through online backup
3 Microsoft Surface Pro 3 It has powerful processor, good
display quality and access to
windows platform which is great
advantage
Record personal video and harass
someone or even demand money
Access storage on iPad or iCloud or
even consider file recovery system
in case it is deleted
4 Chromecast Cheap, portable and offers access to
applications that are installed on
mobile and computer
Watch illegal content that are
criminally offensive
Watch history of TV from personal
account

3. Evidence Recovery
3.1 Evidence Recovery – Device 1
Detailed information here about how to recover evidence from one of your devices.
3.1.1 Evidence Acquisition Techniques: There are various acquisition techniques that is
considered for collecting evidence from mobile device. Some of the popular data
acquisition techniques are manual acquisition, logical acquisition, file system
acquisition, physical acquisition.
3.1.2 Usefulness of acquisition techniques: Mobile or tablet often goes through forensic
investigation to identify important information regarding investigation. Smartphones
are today excessively used for various purpose regarding communication like making
phone calls, sending messages, storing media files and various other things. During
crime investigation a little piece of information often proves to be significant to
identify victim. Data acquisition tool lets recover information regarding phone call,
any deleted messages or any other files that might be required for the investigation
and hence these data acquisition tools available for the mobile device is very
significant and hence these tolls are often considered for acquiring information from
mobile device to execute investigation properly to identify criminal efficiently while
investigating the case and gathering information. Cell phones contain call history,
contacts, text messages, web browser history, email, a Global Positioning System
(GPS), and other location information that police and law enforcement agencies
thinks valuable. Evidence acquired from cell phones provide assistance to the
investigators combine together motives and events and provide new leads that
often helps in the investigations.
3.1.3 Acquisition Tools: Strengths and Weaknesses
Acquisition Tools Strengths Weaknesses
Manual acquisition it requires less effort and
technical complexity for
acquiring evidence from phone
Although it requires less effort
and technical complexity, it is
time consuming and it relies on
regular interfaces as provided
on the device for examining
contents on the device and
contents which are not present
on the phone or deleted are
only accessible which is a big
drawback for the investigation
as most of the time the focus is
to collect contents that are
either deleted or not present on
the phone as criminal do not
want others to access content
that might provide evidence to
the crime
Logical acquisition A logical acquisition provides
more detailed and elaborate
This type of acquisition, if need
to execute properly requires to

data transfer as much data as
possible and for this the
standard transfer channels, like
those that is required to be used
in order to sync a phone to a
computer. This type of transfer
provides easy method which
assists forensic investigators to
work with the data that is
stored in the phone, but most of
the time it is not possible to
recover much deleted
information and hence this type
of data acquisition is often not
considered when accuracy and
quantity of data becomes
important feature for
investigation
File system acquisition Sometime investigator needs to
access deleted data and in such
cases, file system acquisition is
required
When data are deleted, it is
present in the mobile database
and in some cases like in iPhone
it is encrypted and no known
decryption key is available for
this which makes it difficult to
access the system database to
recover deleted data. In such
cases, cloud based backup data
is often considered for
investigation purpose as phone
automatically backup deleted
data in the user’s computer or
in the cloud storage.
Physical acquisition Provide actual information as it
captures all the deleted data
from the flash memory chip on
the device
It is highly complex and requires
sophisticated tools chip
programmers, and occasionally
even tools are required as it
needs to take away the chip
integrated with the phone itself
3.1.4 Usefulness of acquired evidence – is it useful during prosecution?
Evidence acquired from the mobile device is applicable during prosecution. However, it is important
to note that in order to justify the importance of the evidence in the prosecution, it is required to
prove the legitimacy and authenticity of the information gathered. Just because a phone call or
message was sent from a device, this does not imply that it is the owner of the device who has sent
this. Hence providing evidence is not enough, proof for authenticity of the evidence is equally
important.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

3.2 Evidence Recovery – Device 2
Detailed information here about how to recover evidence from one of your devices.
You should talk about…
3.2.1 Evidence Acquisition Techniques
In order to acquire evidence from google drive, it is required to have login credentials of the account.
Although it is possible to access the account from any device, but account id and password is
necessary.
Magnet AXIOM 1.2 is a forensic software that is developed to access data from cloud storage and it
provides support for google drive too. Once the software is loaded, investigator just need to click
“cloud as an evidence source”. It then presents an authorization message which confirms that users
have proper authorization and once this is confirmed, then the software presents list of platforms
that are supported and available. Users of the software then, need to login to the account from
which they want to acquire the data.
Another way of acquiring data for forensic purpose is through API. The kumodd tool helps in
acquiring evidence from four major cloud drive providers: Google Drive, Microsoft OneDrive, Dropbox
and Box. The implementation which provides command line and web user interfaces, are readily
incorporated to establish forensic processes.
3.2.2 Usefulness of acquisition techniques
Criminal might store important document, crime plan, clips required for investigation and might
prove to be extremely important from investigation point of view. Hence these acquisition
techniques might be significant for investigation.
3.2.3 Acquisition Tools: Strengths and Weaknesses:
Both of the acquisition tool, discussed here provides way to acquire data from cloud data, even
though actual device of the criminal is available. Hence it is a major advantage for investigation.
However, it should also be noted that, these process are not possible to complete as those data
saved in the google drive is only available if and only if login credentials are obtained. If anyone
wants to access the google drive with login credentials, owner of the account will be notified which is
a big disadvantage for investigation purpose. If required, forensic team has to approach google itself
to get access to the required account. Hence this process is not so much effective due to these issues.
3.2.4 Usefulness of acquired evidence – is it useful during prosecution?
It is not justified to comment on the usefulness of the evidence collected in this process as it is
required to consider some aspects like what are those information, how it is presented, how relevant
it is with reference to the crime. All of these aspects are extremely important to properly present
evidence as it decides how useful the collected information is as evidence with respect to the
investigation. If collected information in this process is properly presented while ensuring

authenticity, it is most likely that the information will be useful for the investigation purpose.
4 Future Evidence Recovery
Here in this context, predictions about the future of evidence recovery is discussed. These are based
on personal predictions, based on things that are identified interesting within this area.
One of the challenges that might be faced by the investigators to collect evidence is analyse huge
amount of data to collect the actual information specifically needed for the investigation. Due to
advancement of digital technologies, the amount of digital data that is generated on a daily basis is
increasing significantly most of which are not structured that makes analysis of this data even more
challenging.
Social media is becoming significantly popular and so does it consumer base. Investigation might
require to collect information and these digital data includes social media data, data associated with
internet based call, video chatting through various social media platform. Simple data analysis
techniques might not be sufficient and advanced and sophisticated techniques like big data
techniques might be required.
Another major problem that might be encountered by investigator in future is integration of strong
encryption with mobile OS and at hardware level as well. The recent dispute between FBI and Apple
Inc. provides a basic idea about this. FBI was not able to decrypt data from an iPhone that belonged
to a terrorist and significantly affected the investigation process. As device and software
manufacturers are taking user privacy seriously these techniques are likely to be more advanced in
future which might create significant technical challenges in future.
Another important consideration that should be discussed here that might create challenges in
digital forensic investigation is smart appliances. Applications of smart home appliances like smart
TV is becoming popular today which is likely to increase in future. Smart TV may be recording private
conversations and sending them to third-party companies for processing. Now it will be difficult for
someone who is tasked with the recovery of evidence from one of these Smart TVs, with the objective
of capturing a digital recording of a private conversation (between two terrorist suspects for
example).
5 Conclusions
Nowadays, the digital desktop is no longer constrained by your physical desktop, and may include
items such as mobile devices, cloud-based storage, mobile phones, tablets, and any other device you
use. Although these device are increasing productivity and efficiency, it is also significantly
considering for conducting crime and due to this digital forensic is becoming significantly important.
Mobile based forensic is an important part of this process. There are various techniques that are
applied in mobile based forensic that are considered for recovering evidence from this device. Some
of the popular data acquisition techniques are manual acquisition, logical acquisition, file system
acquisition, physical acquisition. Computer technology is constantly changing, and as such the
challenges facing those whose role it is to collect digital evidence change all the time. In order to
properly execute digital forensic in future it is required to make educated guesses at what might

happen in the future where technology is involved, and to identify the technical challenges an
evidence recovery team may face.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

6 References
Casey, E., Back, G. and Barnum, S., 2015. Leveraging CybOX™ to standardize representation and
exchange of digital forensic information. Digital Investigation, 12, pp.S102-S110.
Chung, H., Park, J., & Lee, S. (2017). Digital forensic approaches for Amazon Alexa ecosystem. Digital
Investigation, 22, S15-S25.
Conlan, K., Baggili, I. and Breitinger, F., 2016. Anti-forensics: Furthering digital forensic science
through a new extended, granular taxonomy. Digital investigation, 18, pp.S66-S75.
Ko, A.C. and Zaw, W.T., 2015. Digital forensic investigation of dropbox cloud storage
service. Network Security and Communication Engineering (Ed: Kennis Chan), CRC Press: İngiltere,
pp.147-150.
Lillis, D., Becker, B., O'Sullivan, T. and Scanlon, M., 2016. Current challenges and future research
areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Mink, D., Yasinsac, A., Choo, K.K.R. and Glisson, W., 2016. Next generation aircraft architecture and
digital forensic.
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital forensic
investigation model: Top-down forensic approach methodology. In 2015 Fifth International
Conference on Digital Information Processing and Communications (ICDIPC) (pp. 19-23). IEEE.
Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and electronic
evidence. Cluster Computing, 19(2), pp.723-740.