CO4514 Digital Forensic Technology Assignment 1: Report on Devices

Verified

Added on 2023/01/16

AI Summary

This report provides a comprehensive analysis of digital forensic technology, focusing on its application in crime investigation. It begins with an introduction to digital forensics, followed by a detailed examination of the author's digital devices, including an iPhone 4s, iCloud, an iPad 2 Air, and an Apple TV, along with justifications for their selection and potential crime scenarios. The core of the report delves into evidence recovery techniques for the iPhone and iCloud, discussing acquisition methods such as manual, logical, file system, and physical acquisition, along with their strengths, weaknesses, and usefulness in prosecution. It also covers the use of acquisition tools like EPPB. Furthermore, the report explores future challenges in evidence recovery, predicting difficulties related to vast amounts of unstructured data, digital currencies, and the increasing use of smart appliances. The report concludes by emphasizing the importance of adapting digital forensic techniques to keep pace with evolving technology and the need for continuous innovation in the field.

CO4514 Digital Forensic Technology
Your G Number
Assignment One

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The Digital Desktop
1. Introduction
The project provides a detailed description of digital forensic technology along with its application in crime investigation known as digital forensic. In order
to discuss the technology and its application, a context has been provided which has been developed to provide reference while discussing about various
digital technologies and how those technologies are being considered for conducting crime. Proper justification has also been provided to demonstrate why
a particular device is chosen over other alternatives. Among various available devices, two devices that have been considered in this report are iPhone and
iCloud which has been described in details. The description contains analysis of techniques considered for evidence collection, their importance in evidence
collection, strength and weakness of various acquisition technique. Future challenges that might be faced by the forensic experts has also been described
here in this report. The report has specifically discussed about technical challenges that might be important to consider in conducting crime investigation
through the digital forensic.

2. My Digital Technology
No Device Justification Crime Available Evidence
1 iPhone 4s Reason for choosing this device are
Powerful processor, good display
quality, smooth software experience
over android phone.
She uses this for phone calls, text
messages, iMessage, and skype and
to listen from Apple iTunes.
Record private video to later abuse
the victim
Video stored in phone storage or in
cloud storage
2 iCloud Provides expanded storage options
with enhanced security.
Store inappropriate image of
someone to later demand money
from them
Document saved or stored in iCloud
3 iPad 2 Air It has powerful processor, good
display quality and a smooth
software experience over android
and windows based tablets.
Download illegal content against
which criminal warning is issued
Access storage on iPad or iCloud
4 Apple TV Great display and performance
along with extensive apple
ecosystem over android based TV
Instruct someone about a crime
plan through voice communication
which is supported by smart phone
communication history from
personal account associated with
the smart TV

3. Evidence Recovery
3.1 Evidence Recovery – Device 1
Detailed information here about how to recover evidence from one of your devices.
3.1.1 Evidence Acquisition Techniques: There are various acquisition techniques that is
applied to collect evidence from iPhone. Some of the data acquisition techniques
that are widely applied and very popular are manual acquisition, logical acquisition,
file system acquisition, physical acquisition.
3.1.2 Usefulness of acquisition techniques: Often it is seen that in order to conduct
investigation, forensic tem often access phone that belongs to victim or criminal to
gather crucial information as during investigations, it often becomes important to
identify to whom victims or criminals have communicated, what they have
communicated. Sometimes it also becomes necessary to trace location of victims or
criminals, in case they are missing. Now there might be various reasons for which it
becomes important to consider mobile phones during investigations. Smart phones
these days are extensively accessed by people for communication and entertainment
purpose such as making calls, sending message, viewing videos, storing files and media.
Hence it is possible to acquire a ton of information from mobile device and these might
provide crucial information that might prove to be significant for investigation. Cell
phones contain call history, contacts, text messages, web browser history, email, a
Global Positioning System (GPS), and other location information that police and law
enforcement agencies thinks valuable for investigation case and hence if these
acquisition tools are properly applied, it might help to gather important information that
is useful for investigation.
3.1.3 Acquisition Tools: Strengths and Weaknesses
Acquisition Tools Strengths Weaknesses
Manual acquisition  Not technically
complex
 Not much effort
required
 it is time consuming
 contents which are
present on the phone
or not deleted are only
accessible
Logical acquisition detailed and elaborate data is
acquired
 most of the time it is
not possible to recover
much deleted
information
 accuracy and quantity
of data is not often
ensured
File system acquisition Provides access to deleted
data
Sometime decryption key is
required which is not always
easily accessible
Physical acquisition All the deleted data stored in  It is highly complex

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the flash memory chip is
possible to acquire in this
process. hence elaborate and
detailed data is gathered which
is accurate and original
 It requires
sophisticated tools and
chip programmers
 Often tools are
required for removing
the chip that
integrated with the
phone itself
3.1.4 Usefulness of acquired evidence – is it useful during prosecution?
As application of digital technology is increasing in conducting crime, digital evidence also gaining
popularity as evidence in court or during the criminal trial. However, one main issue with digital
evidence is that before this evidence is granted, the authenticity of this evidence has to be proved
properly as there is chance of tempering of digital evidence. Hence in order to justify whether digital
evidence is useful or not, it is important to prove authenticity and legitimacy of the information
acquired even before it is accepted as evidence.

3.2 Evidence Recovery – Device 2
Detailed information here about how to recover evidence from one of your devices.
3.2.1 Evidence Acquisition Techniques
If anyone wants to access backup file stored in iCloud, it requires appropriate encryption
key. Data stored in iCloud through online backup process do not have encryption integrated.
Though technically it might be considered encrypted, the encryption key along with the files
is stored in the cloud. It is possible to access files that are stored through online backups in
the cloud service if anyone has the original user’s credentials, which also includes their Apple
ID along with the corresponding password.
The data that is stored in the cloud through online backup is accessible through commercial
software such as Elcomsoft Phone Password Breaker (EPPB) and Wondershare Dr.Fone.
3.2.2 Usefulness of acquisition techniques
Criminal might consider it to store various important document, crime plan, clips that are
required for properly executing investigation and these evidences might prove to be
extremely important when considered from investigation point of view. Hence these
acquisition techniques which are discussed here might proves to be very significant in order
to execute investigation.
3.2.3 Acquisition Tools: Strengths and Weaknesses
Strengths: EPPB allows to acquire the data and it even does not require an original iOS
device. It just requires the original user’s credentials, including their Apple ID, provided that
the corresponding password is also available.
Weakness: although there is no requirement for original iOS devices, the process is not that
easy to get access to the account credential belongs to the original users as apple integrates
high level of security for iCloud to ensure that accounts are not accessed without proper
authorization.
The login credentials in iCloud can be retrieved as follows:
– Using social engineering techniques
– From a PC (or a Mac) on which they are stored:
– iTunes Password Decryptor
– WebBrowserPassView
– Directly from the device (iPhone/iPad/iPod touch) by extracting the credentials stored in
the keychain
3.2.4 Usefulness of acquired evidence – is it useful during prosecution?

It is not appropriate to analyse whether evidence gathered in this process has any importance for
investigation as it is not just the evidence itself, there are other various related factors as well that
decides the usefulness of the evidence gathered. These factors are information accuracy, relevance,
style of presentation and these factors matters a lot, even sometime more than the information itself
in some cases. If information gathered in this way might be highly impactful for investigation if
properly applied in the investigation. However authenticity of the information is very significant that
decides whether these evidence are accepted or not. It depends on what type of information is
acquired, how much information is acquired, how relevant the information with context to the case
that is being investigated.
4 Future Evidence Recovery
Here in this context, predictions about the future of evidence recovery is discussed. These are based
on personal predictions, based on things that are identified interesting within this area.
One of the modern day challenges that makes data analysis difficult and complex is vast amount of
data that is generated each and every day and most of these data is not structured. Traditional data
regression techniques are not sufficient. As the sources of data is not properly identified or there are
just so many data sources that often becomes difficult to differentiate them. This trend is not going
to decrease at any time, in fact it will increase even at much faster rate. This might present challenge
for future forensic experts to analyse data and associate that with the crime they are investigating
form. It will be very complex to identify information that is linked with the crime.
Investigation for financial related crime such as money -laundering, illegal export and import will be
extremely difficult to crack down. As digital currency is increasing in day to day applications, it might
well be possible that virtual currency such as block chain technology might replace physical currency
as well. Recent development in block chain technology suggest that this technology is going to be
highly secured in future which might make it extremely difficult to gather information about criminal
activities done with this virtual currency as this technology integrates strong encryption which makes
it difficult to interpret information regarding transaction and owner of the transaction.
Although driverless car is still in innovation phase and has not been properly commercialized yet. It
might be possible that application of driverless car might increase as well. Now if there is some
accident and if it is found that it has happened due to some technical faults in the program. Now it
will be difficult for the forensic expert to decide if this technical faults was deliberately done or it was
just some normal technical problem. As the scenarios for crime is likely to change in future,
investigation also needs to change as well which is most probably to be associated with technical
challenges.
Increase of popularity of smart appliances might pose challenges in digital forensic. “Smart TV may
be recording private conversations and sending them to third-party companies for processing. Now it
will be difficult for someone who is tasked with the recovery of evidence from one of these Smart
TVs, with the objective of capturing a digital recording of a private conversation (between two
terrorist suspects for example)”.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5 Conclusions
The notion of digital computer has changed a lot in modern context and it no longer only include
physical desktop, the notion of digital computing has extended beyond that. Today digital computer
also includes mobile devices, cloud-based storage, mobile phones, tablets, and any other device that
is commonly used in daily basis by millions of people. These devices are not only meant for serving
daily technological needs, although it is basically aimed for, but consideration of these devices in
conducting crime is also significantly increasing which poses threat to crime investigation as these
devices are not only advanced, they are simple to use also which is why popularity of these kind of
devices in conducting crime is becoming popular. This has made the digital forensic extremely
important in crime investigation. Mobile based forensic, a relatively new field of digital forensic has
developed a lot over the years to tackle mobile based digital crime. Now there are various technique
that is considered for collecting evidence in mobile based digital crime. Some of the popular data
acquisition techniques are manual acquisition, logical acquisition, file system acquisition, physical
acquisition. However, it is important to note that as computer technology is becoming highly
advanced, it is important to bring innovation in the digital forensic technologies, otherwise it will be
difficult for investigators to collect evidence for crime investigation. Along with that educated
guesses are required to identify about the status of the digital forensic in future as technology is
evolving and it is also required to review the technical challenges that an evidence collecting tem
might find in executing crime investigation.

6 References
Ab Rahman, N.H., Glisson, W.B., Yang, Y. and Choo, K.K.R., 2016. Forensic-by-design framework for
cyber-physical cloud systems. IEEE Cloud Computing, 3(1), pp.50-59.
Arshad, H., Jantan, A.B. and Abiodun, O.I., 2018. Digital Forensics: Review of Issues in Scientific
Validation of Digital Evidence. Journal of Information Processing Systems, 14(2).
Casey, E., Back, G. and Barnum, S., 2015. Leveraging CybOX™ to standardize representation and
exchange of digital forensic information. Digital Investigation, 12, pp.S102-S110.
Chernyshev, M., Zeadally, S., Baig, Z. and Woodward, A., 2017. Mobile forensics: Advances,
challenges, and research opportunities. IEEE Security & Privacy, 15(6), pp.42-51.
Lillis, D., Becker, B., O'Sullivan, T. and Scanlon, M., 2016. Current challenges and future research
areas for digital forensic investigation. arXiv preprint arXiv:1604.03850.
Padmanabhan, R., Lobo, K., Ghelani, M., Sujan, D. and Shirole, M., 2016, August. Comparative
analysis of commercial and open source mobile device forensic tools. In 2016 Ninth International
Conference on Contemporary Computing (IC3) (pp. 1-6). IEEE.
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital forensic
investigation model: Top-down forensic approach methodology. In 2015 Fifth International
Conference on Digital Information Processing and Communications (ICDIPC) (pp. 19-23). IEEE.
Perumal, S., Norwawi, N.M. and Raman, V., 2015, October. Internet of Things (IoT) digital forensic
investigation model: Top-down forensic approach methodology. In 2015 Fifth International
Conference on Digital Information Processing and Communications (ICDIPC) (pp. 19-23). IEEE.
Quick, D. and Choo, K.K.R., 2016. Big forensic data reduction: digital forensic images and electronic
evidence. Cluster Computing, 19(2), pp.723-740.
Umar, R., Riadi, I. and Zamroni, G.M., 2018. Mobile forensic tools evaluation for digital crime
investigation. International Journal on Advanced Science, Engineering and Information
Technology, 8(3), pp.949-955.
Wilson, R. and Chi, H., 2017, April. A case study for mobile device forensics tools. In Proceedings of
the SouthEast Conference (pp. 154-157). ACM.