Digital Forensic Investigation: USB Drive Data Recovery and Analysis
VerifiedAdded on 2021/05/27
|30
|2353
|206
Practical Assignment
AI Summary
This assignment details a digital forensic investigation involving a USB drive suspected of containing evidence related to the sale of counterfeit ISIC cards. The process begins with obtaining a forensic image of the USB drive and using tools like Autopsy and WinMD5 for analysis. The investigation includes creating a case file, conducting an initial survey using keyword searches, and analyzing unallocated space and carved files to recover potential evidence. Documentation is meticulously maintained, and the assignment explores the evidence suggesting the counterfeiting of ISIC cards, potential knowledge of illegal activities, and the identification of customers. The analysis aims to reconstruct activities and uncover hidden data, providing a comprehensive overview of the digital forensic process.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
DIGITAL FORENSIC
TECHNOLOGY
1
TECHNOLOGY
1
Table of Contents
1 Introduction.......................................................................................................................2
2 Analysis Tool.....................................................................................................................2
3 Investigation......................................................................................................................2
3.1 Creating a case file using Autopsy tool....................................................................3
3.2 Initial Survey..............................................................................................................7
3.3 Documentation Phase..............................................................................................14
3.4 Search for evidence..................................................................................................20
4 Conclusion.......................................................................................................................25
References...............................................................................................................................26
2
1 Introduction.......................................................................................................................2
2 Analysis Tool.....................................................................................................................2
3 Investigation......................................................................................................................2
3.1 Creating a case file using Autopsy tool....................................................................3
3.2 Initial Survey..............................................................................................................7
3.3 Documentation Phase..............................................................................................14
3.4 Search for evidence..................................................................................................20
4 Conclusion.......................................................................................................................25
References...............................................................................................................................26
2
1 Introduction
The main objective of this project is to retrieve a forensic image of the USB data
storage device. Farayi is suspected of selling counterfeit International Student Identity Cards
to people who are not entitled to claim the discounts this card brings. An undercover sting
operation was setup to catch Farayi in the act of selling his counterfeit goods. Farayi
attempted to sell a counterfeit ISIC card to an undercover officer who was part of the sting
operation. After being arrested and questioned at the local police station, Farayi provided a
USB data stick to be further examined. Under questioning Farayi has stated that all the
evidence that can be found is on this USB data stick. This USB storage device has been
processed by a forensic imaging technician and the forensic image has been obtained. So I
have to recover the forensic image of the USB data storage device. Then the copied Data in
USB will be determined. The investigation will be carried out to determine that the hidden
data in USB, the reasons and facts behind the theft.
2 Analysis Tool
This analysis using two main tool to retrieve a forensic image of the USB data storage device.
Autopsy
WinMD5
3 Investigation
Data recovery is might be helpful for examination in a wide range of ways. A few Data
stay introduce even after Data erasure or USB repartitioning (Gogolin et al., 2013). Also,
there are numerous alternatives for offenders with specialized know how to shroud Data, for
the most part utilizing a USB supervisor, stenography, encryption and so forth. Discovering,
recuperation and remaking of concealed Data can be an extremely tedious and dreary process,
however sometimes it might create prove that will split the case. So as to completely see how
and why Data stay on a plate, one ought to find out about the idea of putting away Data on a
USB. A USB part is a unit of settled size characterized when record framework is made
(generally 512 bits). More seasoned hard USBs may have some 'squandered' storage room
outwardly tracks, as intelligently each track is partitioned into break even with number of
divisions. It is conceivable sometimes to shroud Data in the space between areas on the
bigger outside tracks. This is known as the division hole. A few Data recuperation
administrations might have the capacity to find and recover Data that is covered up in this
hole. Erased records and slack space When a working framework composes a document to
3
The main objective of this project is to retrieve a forensic image of the USB data
storage device. Farayi is suspected of selling counterfeit International Student Identity Cards
to people who are not entitled to claim the discounts this card brings. An undercover sting
operation was setup to catch Farayi in the act of selling his counterfeit goods. Farayi
attempted to sell a counterfeit ISIC card to an undercover officer who was part of the sting
operation. After being arrested and questioned at the local police station, Farayi provided a
USB data stick to be further examined. Under questioning Farayi has stated that all the
evidence that can be found is on this USB data stick. This USB storage device has been
processed by a forensic imaging technician and the forensic image has been obtained. So I
have to recover the forensic image of the USB data storage device. Then the copied Data in
USB will be determined. The investigation will be carried out to determine that the hidden
data in USB, the reasons and facts behind the theft.
2 Analysis Tool
This analysis using two main tool to retrieve a forensic image of the USB data storage device.
Autopsy
WinMD5
3 Investigation
Data recovery is might be helpful for examination in a wide range of ways. A few Data
stay introduce even after Data erasure or USB repartitioning (Gogolin et al., 2013). Also,
there are numerous alternatives for offenders with specialized know how to shroud Data, for
the most part utilizing a USB supervisor, stenography, encryption and so forth. Discovering,
recuperation and remaking of concealed Data can be an extremely tedious and dreary process,
however sometimes it might create prove that will split the case. So as to completely see how
and why Data stay on a plate, one ought to find out about the idea of putting away Data on a
USB. A USB part is a unit of settled size characterized when record framework is made
(generally 512 bits). More seasoned hard USBs may have some 'squandered' storage room
outwardly tracks, as intelligently each track is partitioned into break even with number of
divisions. It is conceivable sometimes to shroud Data in the space between areas on the
bigger outside tracks. This is known as the division hole. A few Data recuperation
administrations might have the capacity to find and recover Data that is covered up in this
hole. Erased records and slack space When a working framework composes a document to
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
USB, it dispenses a specific number of segments. The quantity of areas designated relies
upon the restrictions of the working framework and setup choices made by the framework
overseer. The areas allotted and their area on the plate are recorded in a registry table for later
access. At the point when the record is erased, the space initially dispensed to it is essentially
set apart as unallocated. The genuine Data stays on the USB (Larson, 2014).
3.1 Creating a case file using Autopsy tool
User needs to create the case file to open the provided the DD image file. The below
screenshots is shows the new case creations. First, enter the case name as Unit09 and browser
the base directory. Then click Next button to enter the optional information.
Here, we will select the data sources to add the data sources for created case file. So, select
the unallocated space image file and click the next button to proceed the adding the data
sources. It is shown below (Pollitt and Shenoi, 2010).
4
upon the restrictions of the working framework and setup choices made by the framework
overseer. The areas allotted and their area on the plate are recorded in a registry table for later
access. At the point when the record is erased, the space initially dispensed to it is essentially
set apart as unallocated. The genuine Data stays on the USB (Larson, 2014).
3.1 Creating a case file using Autopsy tool
User needs to create the case file to open the provided the DD image file. The below
screenshots is shows the new case creations. First, enter the case name as Unit09 and browser
the base directory. Then click Next button to enter the optional information.
Here, we will select the data sources to add the data sources for created case file. So, select
the unallocated space image file and click the next button to proceed the adding the data
sources. It is shown below (Pollitt and Shenoi, 2010).
4
After, browse the data source path to select the DD image file. It is shown below.
Then, configure the DD image file to ingest modules and click the next button. It is shown
below.
5
Then, configure the DD image file to ingest modules and click the next button. It is shown
below.
5
Finally, added the data sources. Then, the Autopsy tool will be analysed the DD image file to
click the Ok button.
Here, the below screenshots is used to displayed the successful analysed of DD image file.
6
click the Ok button.
Here, the below screenshots is used to displayed the successful analysed of DD image file.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
But, the DD image file does not have the MD5 hash number. So, it needs to identify by using
the WinMD5 tool. First, user needs to download the install the WinMD5 tool. After, open the
tool. Then, browse the DD image file. This process is shown below.
Then, the WinMS5 tool provides the MD5 hash values for provided DD image file. It is
shown below.
7
the WinMD5 tool. First, user needs to download the install the WinMD5 tool. After, open the
tool. Then, browse the DD image file. This process is shown below.
Then, the WinMS5 tool provides the MD5 hash values for provided DD image file. It is
shown below.
7
3.2 Initial Survey
Here, we will perform the initial survey of the evidence. First, user needs to create the
keywords list to discover the relevant digital evidence on the DD image file. List of keywords
are shown below (Ray and Shenoi, 2011).
No Keyword Justification for Inclusion
1 ISIC Farayi is suspected of counterfeiting ISIC cards
2 B. Smart This is identified as Student Name that student was studied
in University of Economics.
3 Unallocated Blocks There are 6 unallocated blocks are here.
4 Office documents Here three office documents are presented.
5 Photos 6 photos are presented.
6 Deleted Files Thirteen files are detected.
7 Curved Files Curved files are contains the images and documents
8 Octet-Stream application MIME type using the 4 Octet stream applications.
9 MS word application MIME type using the 2 MS word files
10 JPEG MIME Type images MIME type has the 6 JPEG images.
8
Here, we will perform the initial survey of the evidence. First, user needs to create the
keywords list to discover the relevant digital evidence on the DD image file. List of keywords
are shown below (Ray and Shenoi, 2011).
No Keyword Justification for Inclusion
1 ISIC Farayi is suspected of counterfeiting ISIC cards
2 B. Smart This is identified as Student Name that student was studied
in University of Economics.
3 Unallocated Blocks There are 6 unallocated blocks are here.
4 Office documents Here three office documents are presented.
5 Photos 6 photos are presented.
6 Deleted Files Thirteen files are detected.
7 Curved Files Curved files are contains the images and documents
8 Octet-Stream application MIME type using the 4 Octet stream applications.
9 MS word application MIME type using the 2 MS word files
10 JPEG MIME Type images MIME type has the 6 JPEG images.
8
Creation on keyword list on autopsy
To create the keyword list by click the keyword list and choose the manage lists. It is
display the below information.
Here, we will click the New list to enter the keywords lists. It is shown below
9
To create the keyword list by click the keyword list and choose the manage lists. It is
display the below information.
Here, we will click the New list to enter the keywords lists. It is shown below
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Once the new list is entered, after enter the new keywords to enter the justification of created
keyword list. After, choose the substring match and click the Ok button.
10
keyword list. After, choose the substring match and click the Ok button.
10
Finally, we are successfully created the keywords lists and justification of keywords. It is
shown below.
Then, search the information on image files by using the keyword list. Here, we will search
the ISIC on keyword search. It is displayed the ISIC related information.
11
shown below.
Then, search the information on image files by using the keyword list. Here, we will search
the ISIC on keyword search. It is displayed the ISIC related information.
11
After, run the ingest modules by click the tool and choose the run ingest modules. It is shown
below.
To run the ingest modules on Keyword search by select configure ingest modules as keyword
search and click Finish to run the ingest modules. It is shown below.
12
below.
To run the ingest modules on Keyword search by select configure ingest modules as keyword
search and click Finish to run the ingest modules. It is shown below.
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After search the DD images information by using the keyword search like Unallocated. This
process is display the following information. It is shown below.
Here, we will the provided DD image file information. Choose the data sources. It is shown
below.
After, right click on data sources and click the properties. It is display the information about
the data sources.
13
process is display the following information. It is shown below.
Here, we will the provided DD image file information. Choose the data sources. It is shown
below.
After, right click on data sources and click the properties. It is display the information about
the data sources.
13
The final stage of initial survey is to identify the all the files are relevant to the investigation
or not. This process is shown below.
14
or not. This process is shown below.
14
3.3 Documentation Phase
Here, we will ensure the correct documentation is maintained or used. So, check the
correct document related to word documents and images. The provided image has three word
document. The First word document file is contains the file size is 20480 and Internal ID is
15.
It is shown below.
Name /img_thumbdrive.dd/$CarvedFiles/f0032856.doc
Type Carved
MIME Type application/msword
Size 20480
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 b647513040a16cdb89c8129e2701a418
Hash Lookup Results UNKNOWN
Internal ID 15
15
Here, we will ensure the correct documentation is maintained or used. So, check the
correct document related to word documents and images. The provided image has three word
document. The First word document file is contains the file size is 20480 and Internal ID is
15.
It is shown below.
Name /img_thumbdrive.dd/$CarvedFiles/f0032856.doc
Type Carved
MIME Type application/msword
Size 20480
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 b647513040a16cdb89c8129e2701a418
Hash Lookup Results UNKNOWN
Internal ID 15
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The second word document is contains the 58368 file size and internal ID is 20. It is shown
below.
Name /img_thumbdrive.dd/$CarvedFiles/f0033536.doc
Type Carved
MIME Type application/msword
Size 58368
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 1c7d265db34df1c4bdc1c4a1aa5dbb9c
Hash Lookup Results UNKNOWN
Internal ID 20
16
below.
Name /img_thumbdrive.dd/$CarvedFiles/f0033536.doc
Type Carved
MIME Type application/msword
Size 58368
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 1c7d265db34df1c4bdc1c4a1aa5dbb9c
Hash Lookup Results UNKNOWN
Internal ID 20
16
The third word document is contains the 11477 files and internal ID is 9. It is shown below.
Name /img_thumbdrive.dd/$CarvedFiles/f0032784.docx
Type Carved
MIME Type application/vnd.openxmlformats-
officedocument.wordprocessingml.document
Size 11477
File Name
Allocation
Unallocated
Metadata
Allocation
Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 5c3e42532148999c2dba97e1c6c2969b
Hash Lookup
Results
UNKNOWN
Internal ID 9
The provided DD image file has six images. This is analysed below.
17
Name /img_thumbdrive.dd/$CarvedFiles/f0032784.docx
Type Carved
MIME Type application/vnd.openxmlformats-
officedocument.wordprocessingml.document
Size 11477
File Name
Allocation
Unallocated
Metadata
Allocation
Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 5c3e42532148999c2dba97e1c6c2969b
Hash Lookup
Results
UNKNOWN
Internal ID 9
The provided DD image file has six images. This is analysed below.
17
Name /img_thumbdrive.dd/$CarvedFiles/f0032824.jpg
Type Carved
MIME Type image/jpeg
Size 3819
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 2c4fba4695ade7cfd32aeef20b450714
Hash Lookup Results UNKNOWN
Internal ID 12
18
Type Carved
MIME Type image/jpeg
Size 3819
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 2c4fba4695ade7cfd32aeef20b450714
Hash Lookup Results UNKNOWN
Internal ID 12
18
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Name /img_thumbdrive.dd/$CarvedFiles/f0032832.jpg
Type Carved
MIME Type image/jpeg
Size 5494
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 6341ec879b38dcefe4e15fb809187d99
Hash Lookup Results UNKNOWN
Internal ID 13
19
Type Carved
MIME Type image/jpeg
Size 5494
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 6341ec879b38dcefe4e15fb809187d99
Hash Lookup Results UNKNOWN
Internal ID 13
19
Name /img_thumbdrive.dd/$CarvedFiles/f0032904.jpg
Type Carved
MIME Type image/jpeg
Size 132307
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 bd503a73949adf698d37e6a20979c193
Hash Lookup Results UNKNOWN
Internal ID 17
20
Type Carved
MIME Type image/jpeg
Size 132307
File Name
Allocation
Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 bd503a73949adf698d37e6a20979c193
Hash Lookup Results UNKNOWN
Internal ID 17
20
3.4 Search for evidence
Here, we will interpret and locate the relevant digital evidence. So, look at keyboard list
results. It is shown below.
Click the ISIC images file is shows the following image (Sammons, 2015).
This scan is used to seem entirely relevant to an investigation into counterfeit ISIC
cards. Next, we are going to add a bookmark. To add a bookmark by right click on the results
and select the tag files to click the book mark.
21
Here, we will interpret and locate the relevant digital evidence. So, look at keyboard list
results. It is shown below.
Click the ISIC images file is shows the following image (Sammons, 2015).
This scan is used to seem entirely relevant to an investigation into counterfeit ISIC
cards. Next, we are going to add a bookmark. To add a bookmark by right click on the results
and select the tag files to click the book mark.
21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Similarly examining the counterfeit ISIC cards. It is shown below.
Also search the ISIC counterfeit cards by using the keyword search. It is shown the below.
22
Also search the ISIC counterfeit cards by using the keyword search. It is shown the below.
22
Then, open the images file to open in external viewer.
It is shown below.
23
It is shown below.
23
Then, examine the file to again the new keyword lists because it is very useful for a digital
investigation. The creation of keyword lists is displayed in below.
The keyword lists are shown below.
24
investigation. The creation of keyword lists is displayed in below.
The keyword lists are shown below.
24
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
After, search the keyword like sheetal on keyword search. The sheetal is one of the
customers. It is shown below.
Finally, all the evidence is located on a USB drive and investigated files are copied or
created on the the USB drive by a computer. So, this computer needs to investigate and it
25
customers. It is shown below.
Finally, all the evidence is located on a USB drive and investigated files are copied or
created on the the USB drive by a computer. So, this computer needs to investigate and it
25
may reveal the lots of more useful evidence. It is used to provide the ability to reconstruct the
activities that caused these files to exist.
4 Questions
1. What evidence exists to suggest Farayi has been counterfeiting ISIC cards?
Here, we will locate the relevant digital evidence to suggest Farayi has been counterfeiting
ISIC cards. So, look at keyboard list results. It is shown below.
Click the ISIC images file is shows the following image (Sammons, 2015).
This scan is used to seem entirely relevant to an investigation into counterfeit ISIC cards.
26
activities that caused these files to exist.
4 Questions
1. What evidence exists to suggest Farayi has been counterfeiting ISIC cards?
Here, we will locate the relevant digital evidence to suggest Farayi has been counterfeiting
ISIC cards. So, look at keyboard list results. It is shown below.
Click the ISIC images file is shows the following image (Sammons, 2015).
This scan is used to seem entirely relevant to an investigation into counterfeit ISIC cards.
26
2. Is there any evidence to suggest that Farayi knew his actions were illegal?
Here, we will suggest that Farayi knew his actions were illegal. So, check the document
related to word documents and images. It is shown below.
Name /img_thumbdrive.dd/$CarvedFiles/f0032856.doc
Type Carved
MIME Type application/msword
Size 20480
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 b647513040a16cdb89c8129e2701a418
Hash Lookup Results UNKNOWN
Internal ID 15
3. Is there any evidence to suggest the names of his customers?
27
Here, we will suggest that Farayi knew his actions were illegal. So, check the document
related to word documents and images. It is shown below.
Name /img_thumbdrive.dd/$CarvedFiles/f0032856.doc
Type Carved
MIME Type application/msword
Size 20480
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 b647513040a16cdb89c8129e2701a418
Hash Lookup Results UNKNOWN
Internal ID 15
3. Is there any evidence to suggest the names of his customers?
27
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Sheetal Named in the letter as a customer of the counterfeiter
Counterfeiter Named as the author of the letter (payment.docx)
£12.50 The price of a counterfeit ISIC card
B. Smart Named in the letter as a customer of the counterfeiter
5 Conclusion
The main objective of this project is to retrieve a forensic image of the USB data
storage device. According to the given case, the USB storage device has been processed by a
forensic imaging technician and the forensic image has been obtained. So I had to recover the
forensic image of the USB data storage device. Then the copied Data in USB is determined.
The investigations are carried out to determine that the hidden data in USB, the reasons and
facts behind the theft.
28
Counterfeiter Named as the author of the letter (payment.docx)
£12.50 The price of a counterfeit ISIC card
B. Smart Named in the letter as a customer of the counterfeiter
5 Conclusion
The main objective of this project is to retrieve a forensic image of the USB data
storage device. According to the given case, the USB storage device has been processed by a
forensic imaging technician and the forensic image has been obtained. So I had to recover the
forensic image of the USB data storage device. Then the copied Data in USB is determined.
The investigations are carried out to determine that the hidden data in USB, the reasons and
facts behind the theft.
28
References
Gogolin, G., Ciaramitaro, B., Emerick, G., Otting, J. and Pavlov, V. (2013). Digital forensics
explained. Boca Raton: CRC Press, Taylor & Francis Group.
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal of Digital Forensics, Security and Law.
Pollitt, M. and Shenoi, S. (2010). Advances in digital forensics. New York:
Springer/International Federation for Information Processing.
Ray, I. and Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Sammons, J. (2015). The basics of digital forensics. Amsterdam: Syngress Media.
29
Gogolin, G., Ciaramitaro, B., Emerick, G., Otting, J. and Pavlov, V. (2013). Digital forensics
explained. Boca Raton: CRC Press, Taylor & Francis Group.
Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital
Forensics. Journal of Digital Forensics, Security and Law.
Pollitt, M. and Shenoi, S. (2010). Advances in digital forensics. New York:
Springer/International Federation for Information Processing.
Ray, I. and Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Sammons, J. (2015). The basics of digital forensics. Amsterdam: Syngress Media.
29
1 out of 30
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.