Case Study: Digital Forensic Investigation of 'Clowning About Again'

Verified

Added on 2023/06/03

AI Summary

This document presents a forensic investigation case study titled 'Clowning About Again,' which involves the alleged illegal access and distribution of digital content related to clowns. The case details the seizure of a computer, the forensic acquisition process using FTK Imager, and the challenges faced due to a junior investigator's actions. The report covers various aspects of digital forensics, including identification, evidence gathering, analysis, and presentation, while also addressing the challenges and regulations within the field. It further discusses the quality of different file types, the use of FTK Imager for acquiring volatile and non-volatile memory, and techniques for erased data recovery, browser forensics, email forensics, and data analysis from hard disks, RAM, Windows Registry, and USB drives. The report aims to provide a comprehensive analysis of the case and the digital forensic processes involved, while also highlighting the importance of proper procedures and regulatory compliance. Desklib provides a platform to explore similar solved assignments and past papers.

Running head: Clowning About Again
Clowning About Again
Name
Institution

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Clowning About Again
Summary
Computer Forensic generally refers to the process of gathering, investigating and the
provision of an account about some many more information regarding to the computerization
through a manner in which it is lawfully permitted. It tends to be made good use or rather say
utilized in the invention and all other counteractive deeds and the results of the wrongdoing and
along any other discussion where evidence is considered carefully. Criminological experts
looking at PC bad behaviors require a course of action of gave instruments and also the usage of
very certain frameworks. Dependent upon the kind of PC contraption and the kind of cutting-
edge proof, authorities may pick some instrument.
A regular misinformed judgment in the use of PC legitimate instruments is the conviction
these gadgets are simply used to disentangle computerized bad behavior. While advanced bad
behavior is quickly accomplishing levels extraordinary just 10 years earlier, PC lawful sciences
isn't limited to this kind of bad behavior. To be sure, only a little degree of cases enlightened by
PC criminological bosses is related to computerized bad behavior, Taniguchi, T. A., & Gill, C.
(2018).

Clowning About Again
Table of Contents
Summary..........................................................................................................................................2
1.0 Clowning About Again..............................................................................................................5
1.1 Features of the digital forensic..............................................................................................6
1.2 Digital forensic principal.......................................................................................................6
1.3 Challenges to digital forensic................................................................................................7
1.4 Objectives..............................................................................................................................8
1.5 Regulation..............................................................................................................................8
2.0 Identification..............................................................................................................................8
3.0 Quality of files.........................................................................................................................10
3.1 Encapsulated PostScript.......................................................................................................11
3.2 Portable Document Format..................................................................................................11
3.3 Tag Image File Format........................................................................................................11
4.0 Installed software.....................................................................................................................12
4.1 FTK Imager.........................................................................................................................12
4.1.1 The use of FTK Imager in the acquisition of the volatile memory..............................12
4.1.2 The use of FTK Imager for acquiring non-volatile memory........................................14
4.1.3 Physical Drives Collection...........................................................................................15
4.2 Erased Data Recovery..........................................................................................................20
4.3 Laptop Internet Browser Forensics......................................................................................21

Clowning About Again
4.4 Email Forensics...................................................................................................................21
4.5 Hard Disk Data....................................................................................................................21
4.6 RAM Data............................................................................................................................22
4.7 Windows Registry Data.......................................................................................................22
4.8 USB drive............................................................................................................................22
Appendix A: Running sheet...........................................................................................................23
Appendix B: Timeline of Events...................................................................................................25
References......................................................................................................................................26

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Running head: Clowning About Again
1.0 Clowning About Again
Computerized gadgets, for example, PDAs, tablets, gaming consoles, PC and personal
computers have turned out to be vital piece of the advanced society. With the multiplication of
these gadgets in our regular daily existences, there is the propensity to utilize data got from them
for criminal exercises. Wrongdoings, for example, misrepresentation, tranquilize trafficking,
crime, hacking, imitation, and psychological oppression frequently include PCs. To battle PC
wrongdoings, advanced legal sciences (DF) started in law implementation, PC security, and
national barrier. Law authorization offices, budgetary foundations, and speculation firms are
joining computerized legal sciences into their framework, Littlefield, Kebande, V. R., & Ray, I.
(2016, August). Advanced legal sciences are utilized to help examine cybercrime or recognize
coordinate proof of a PC helped wrongdoing. The idea of advanced criminology goes back to
late 1990s and mid 2000s when it was considered as PC legal sciences. The lawful calling, law
implementation, arrangement creators, the business network, instruction, and government all
have a personal stake in computerized criminological.
Computerized criminology is frequently utilized in both criminal law and private
examination. It has been customarily connected with criminal law. It requires thorough gauges to
face questioning in court. Information on device can be looked for if the gadget has been
lawfully captured such as under the police as well as criminal evidence Act 1984. Policy
enforcement as well as security officers may, with a warrant, block the details of the
communication for the more serious assessments. They may also gain data about
communications from communications service providers, Kouwen (2018). These authorities are
now governed by the Control of Investigatory Authority Act 2000 as well as other legislation.
Police agencies can also gain information through equipment interference like bugging. Police
personnel may either attempt this by use of physical instruments or software that permits remote
access to the gadget (Serious Crime Act 2015), that allows particular exemptions from the
personal computer misuse Act 1990. Currently, legislators are considering Investigatory
Authority Bill.
Currently, parliament is considering the Investigatory Powers Bill and the governments
wants to the Bill to reinforce powers present to security agencies, law enforcement bodies as well
as intelligence to attain communications as well as information on the communications,

Clowning About Again
Lentine ,Kouwen (2018). Its objective is to offer a more open basis for securing the warrants
needed for interception as well as instrument interference, and to advance safeguards by
proposing judicial overlook. Although, there has been opposition to the Bill. A draft form of the
Bill has been tested by some parliamentary committees. Evidence is subject to the threat process
Rules 2015, and there are appropriate exercise guidelines for policy enforcement professionals
concerning with digital
evidence. These include the policies that information should not be modified by a
investigation as well as that records should not be maintained of the procedures applied to
information, Agarwal, R., & Kothari, S. (2015). The Forensic Science Regulator (FSR) is liable
for maintaining the quality of the digital forensic activities within the United Kingdom Criminal
Justice System, therefore she now lacks statutory authority to guarantee compliance. The
Forensic Service Regulator states the risk of errors taking place in digital forensic is important,
Quick,Lillis, (2016).
1.1 Features of the digital forensic
Computerized legal sciences are normally connected with the location and anticipation of
cybercrime. It is identified with advanced security in that both are centered around computerized
episodes. While computerized security centers around protection measures, advanced
criminology centers around responsive measures. Advanced legal sciences can be part up into
five branches. Cell phone legal sciences is a recently creating part of advanced crime scene
investigation identifying with recuperation of computerized proof from a cell phone. The
computerized medium has turned into the key region for email hacking, Hashim, Halim, Ismail,
Noor, Fuzi, Mohammed., & Gining (2017).
1.2 Digital forensic principal.
Computerized Forensic is inferred as an equivalent word for PC legal sciences, yet its
definition has extended to incorporate the crime scene investigation of every single advanced
innovation. An advanced measurable examination can be extensively separated into three phases:
protection of proof, investigation and introduction. Computerized proof exists in open PC
frameworks, correspondence frameworks, and inserted PC frameworks. Computerized proof can
be copied precisely and it is hard to devastate. It very well may be found in hard drive, streak
drive, telephones, cell phones, switches, tablets, and instruments, for example, GPS. To be

Clowning About Again
allowable in a courtroom, proof must be both applicable and dependable. To date, there have
been couple of lawful difficulties to advanced proof. Measurable examination distinguishes the
riddle pieces that understand the PC wrongdoing. It requires utilizing productive instruments.
Various programming apparatuses that are presently accessible for prepared measurable agents
to utilize. Investigators direct examinations utilizing different systems following the standards of
criminological science. The introduction of proof includes setting up an answer to show the
discoveries to all partners including the judge, jury, charged, legal advisors, and examiners. The
report must be set up so that it is appropriate to be displayed in a courtroom.
1.3 Challenges to digital forensic
The exponential development and headways in the field of figuring and system
advancements have made existing computerized criminology apparatuses and strategies
insufficient.
i. The multifaceted nature issue, emerging from information being procured
at the most minimal (i.e. parallel) organize with expanding volume and heterogeneity,
which calls for advanced information decrease strategies before examination.
ii. The assorted variety issue, coming about normally from consistently
expanding volumes of information, yet likewise from an absence of standard systems to
inspect and investigate the expanding numbers furthermore, kinds of sources, which
bring a plurality if working frameworks, file designs, and so on. The absence of
institutionalization of advanced evidence capacity and the organizing of associated
metadata likewise superfluously adds to the many-sided quality of sharing advanced
proof among national and universal law enforcement organizations.
iii. The consistency and connection issue resulting from the way that current
devices are intended to find parts of proof, however not to generally aid examinations.
iv. The volume issue, coming to fruition due to in wrinkled limit limits and
the quantity of devices that store information, and a need of su cient automation forffi
examination.
v. The unified time lining issue, where various sources present di erent timeff
zone references, timestamp interpretations, clock skew/glide issues, and the etymological
structure perspectives engaged with making a unified timetable.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Clowning About Again
1.4 Objectives
The main objective of this research report is to retrieve back all the information within
the damaged computer. Having selected the FTK Imager as the main tool of work, then recovery
process will just be accomplished. Some of the intruders may wish to capture the whole
computer and carry out their own dangerous activities, which in most cases is to tamper with the
normal functioning of the computer. In this scenario we are provided in such a way that the
personnel are using the clones, in which the law does not allow in the acquisition of some of the
information from the office computer. This practice in most cases in very much prohibited.,
Norouzi (2014).
1.5 Regulation
Early 2018, the Government budgeted for more allocation of resources in the
police force financing for modern policing reform. The institution of Policing, National Crime
Agency as well as National Police Chief’s Council have perceived a need to create digital
investigation as well as intelligence abilities. Currently, the House of Commons Science as well
as Technology Committee recorded a shortage of United Kingdom financing for forensic science
study, and revived recommendation that Authority creates a strategy for forensics. The Home
Office is also starting to gather statistics from the peacemaker forces in England as well as Wales
on their deployment of digital forensics, van Duyne, Thethi, N., & Keane, A. (2014, February).
Chief Scientific of the Government adviser’s 2018 yearly report tested forensic science, counting
digital forensic, as well as its various applications, Agrawal, N., & Islam, S. (2016, February).
2.0 Identification
Computerized Forensic Evidence gathering procedure offers the flow of evidence
gathering, and constitutes of four stages which include:
Identification
Collection,
Observation and
Preservation
Analysis and
organization
Verification

Clowning About Again
Figure 1.0 Digital Forensic Procedure Model for Gathering Digital Evidence, Soltani, S.,
& Seno, S. A. H. (2017, October).
i) Identification – every computerized data or artifacts which can be referred to as
evidence.
Forensic assessors first required to establish the Digital instrument like Computer, mobile
Phone, Laptop, Storage Drive, iPod as well as camera.
ii) Gather, note and keep the evidence: next step contains gathering of seized digital
evidence, observation of the assessments and then keep in the given form.
iii) Analyze, establish and arrange the evidence: this stage constitutes of analysis of the
gathered Evidences in respect of significance of offence and lastly arrange the evidence
in different classification such as windows Registry, Browser files and System log.
iv) Build up the evidence or repeat an incident to approve the same outcome each time.
Approval of gathered evidence is a significance factor of computerized forensic

Clowning About Again
3.0 Quality of files
The files acquired from the digital technology tends to be very much clear if the required
procedure is well followed. When imaging is finished, any great apparatus ought to produce a
computerized unique mark of the gained media, also called a hash, Rashid, Rahim, R., & Dewi,
A. R. (2017, December). A hash age process includes inspecting the majority of the 0's and 1's
that exist over the divisions analyzed. Modifying a solitary 0 to a 1 will cause the subsequent
hash an incentive to appear as something else. Both the first and duplicate of the proof are
dissected to create a source and target hash. Accepting they both matches, we can be sure of the
genuineness of the duplicated hard drive or other media. The type of information of concern here
in this case is the multimedia type in which the images are taken for consideration. This image is
considered the tool for the evidence of the recently carried out clowning process. Through this
process, to ensure that he image being obtained meets the minimal requirements of any file, then
the following are the methods and tools for quality file production:
 Checksum- this is one of the most common tools in which the file under
investigation is approved to ascertain if truly the file was changed or altered at the time of
occurrence of the incidence. Involves the deployment of the SHA! Hashes together with
the md5.
 Authentic amped-to deal with the images appropriately, this tool is
employed such that the authentication process of an image is checked to confirm the
establishment of facts and proofs on whether a given image is a copy of the original
image, the original itself, a valid copy that is produced through the use of some other
devices or to some extent the resultant of some other program mostly used for
modification of the photos and some other images.
 File Checksum Integrity Verifier utility- another tool in which an image
can be checked via the use of this computer command prompt utility in which the file is
converted to a file hash mode where only the values are to be analyzed. This facility is
used for the approval of this type of file format. The resulting outcome of this process is
the xml file in which the display on the monitor can be later on saved to a specified
database such that they are stored for future verification of the same data file.
The following section explains the possible types of images that could be utilized:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Clowning About Again
3.1 Encapsulated PostScript
EPS can be utilized for pictures created by vector-drawing applications, for example,
Adobe Illustrator or CorelDraw. Be that as it may, EPS has a tendency to be a cumbersome
record design, contrasted and PDF which is a more current and smaller useful likeness EPS, so
accommodation of figures in PDF arrange is empowered. EPS pictures ought to be trimmed
utilizing indistinguishable programming from was utilized to make it (allude to the producer's
documentation). On the off chance that there are issues editing the EPS picture at that point, if all
else fails, consider rasterizing it (changing over from vector to bitmap design) utilizing
Photoshop, trimming the bitmap (again utilizing Photoshop) and presenting the subsequent
bitmap picture in TIFF or JPEG organize. Be that as it may, rasterization will ordinarily build
record estimate and lessen quality, contrasted and a vector picture.
3.2 Portable Document Format
This is the modern image format which is very excellent and is capable of
containing both the elements of the bitmap and the vectors. The trick that comes in the forensics
imagery of the photos is the selection of the right settings.
3.3 Tag Image File Format
This is the type of image that is suitable for photographic scanned images. The format
mostly supports the lossless compression in the which it works with the color flats such as the
screenshots. This type provides a room for the compression process.

Clowning About Again
4.0 Installed software
4.1 FTK Imager
Scientific Toolkit or FTK is a Personal Computer legal sciences programming
item made by Access Data. This is Windows based business item. For criminological
examinations, a similar improvement group has made a new absolutely free form of the business
item having very less and reduced implementations. This Forensic Toolkit Imager device is
equipped for both obtaining together with breaking down PC measurable proof. The primary
sections in which the Forensic toolkit can be made a source of the proof are classified into two
namely:
 The acquisition of the volatile memory.
 The acquisition of the non-volatile memory, that is the Hard Disk.
There are two conceivable ways this instrument can be utilized in legal sciences picture
acquisitions:
Utilizing Forensic Toolkit Imager compact form in a USB pen drive or Hard Disk Drive
and the process of opening it straightforwardly from the proof computer in mind. This alternative
is most as often as possible utilized in live information procurement where the proof
PC/workstation is exchanged on.
Introducing Forensic Toolkit Imager on the agent's PC, Barnes, A., Farr, P., James, J., &
Mason, P. (2016).
For a situation like this, the source disk ought to be sets up into the specialist's
workstation by means of compose blocker. The compose blocker counteracts information being
altered in the proof source plate while giving read-only access to the specialist's PC. This keeps
up the respectability of the source plate.
4.1.1 The use of FTK Imager in the acquisition of the volatile memory
The FTK Imager instrument encourages agents used for gathering the entire volatile
memory (RAM) belonging to any given Personal Computer. The accompanying advances
provides a clear demonstration to you of all the proper methodologies to carry out the whole
process of the clowning.