ITC597: Digital Forensics Report Analysis - Task Breakdown

Verified

Added on 2020/03/16

AI Summary

This digital forensics report comprises three tasks. Task 1 focuses on recovering scrambled bits using a hex tool, providing a plaintext output. Task 2 involves revealing hidden information from an image using S-Tools, employing a username, password, and DES algorithm to extract the hidden data related to steganography. Task 3 presents a case study on the TJX security breach, detailing the incident's overview, disaster administration, deferred public announcements, lack of compassion, missed opportunities, and the overall impact. The report provides an in-depth analysis of the breach, its handling, and the implications for the company and its customers, including the financial and reputational damage. It also includes the technical steps of data recovery and the hidden image details.

Digital Forensics
Report

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Table of Contents
TASK 1:......................................................................................................................................................2
TASK 2.......................................................................................................................................................3
TASK 3.......................................................................................................................................................5
Overview:-...............................................................................................................................................5
Disaster Administration...........................................................................................................................6
Deferred Public Announcement and arrangement of wreckage ups.........................................................7
Absence of compassion and Two-way correspondence...........................................................................9
Opportunities were missed......................................................................................................................9
Breaches................................................................................................................................................12
Class Action........................................................................................................................................16
Conclusion.............................................................................................................................................16
Reference...................................................................................................................................................18

TASK 1:
Recuperating scrambled bits:-
Step 1
We will install Hex tool to recover every scrambled bits
Step 2
After installing, we will open the hex tool and open the file which was saved on my desktop, that
is “1769725_1217499830_ITC597Assi2Task1”
Step 3
We will use data operator since we all precise data required to recover the bits are opened. By
Left-click on invers bit the process shall start for recovery
Step 4
We will perform the shift right operations to gather all the data at once place, after that
information and byte order message shall be displayed once the process is completed
Step 5
Once we have got all the scrambled bits, we will discharged the scrambles bits which are the
right hand side of the corner.

Here is a plaintext:-
“The Web is a more dangerous place than most people may think. With more than one billion
websites now living on the internet and over 100,000 websites created daily, the risk from
vulnerable sites is multiplying. In fact, one-third of the most-trafficked websites are risky, new
research has revealed.....www.forensicmag.com .27 March 2015..”
TASK 2
Revealing hidden information from an image
To get hidden information from the image provided we will utilize the s-tools.
First Step:
We will install the S-Tools and then open to access it
Second Step:
We will drag the image and then drop the image in s-tools and left-click on Reveal button
Third Step

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

We will use the User Name and Password, “asdf1530/.,” and then paraphrase it for verification
and then select the DES algorithm.
Final Step:
We will see the revealing image and then save it on desktop for final output.
Following is the output for the Hidden image information:-
“Steganography is the art of covered or hidden writing. The purpose of steganography is covert
communication-to hide the existence of a message from a third party. This paper is intended as a
high-level technical introduction to steganography for those unfamiliar with the field. It is
directed at forensic computer examiners who need a practical understanding of steganography
without delving into the mathematics, although references are provided to some of the ongoing
research for the person who needs or wants additional detail. Although this paper provides a
historical context for steganography, the emphasis is on digital applications, focusing on hiding
information in online image or audio files. Examples of software tools that employ
steganography to hide data inside of other files as well as software to detect such hidden files
will also be presented.
http://www.garykessler.net/library/fsc_stego.html “

TASK 3
TJX Breach Impact Case study
Place:-USA
Dated:-Jan 17, 2007
Business: Retail
Company: TJX Companies Inc.
Case: - The organization's 90 million client's records were stolen. This occurrence will cost TJX
in any event $250 million
Overview:-
TJX Companies Inc. is a main off-value clothing as well as home mold retailer with home office
arranged in Framingham, MA. There Safety break emergency occurred on 18th December, 2006
while they found that obscure gatecrashers wrongfully got to one of its installment frameworks
and stole very card information having a place with clients in the countries such Canada, UK,
USA and Mexico. All significant card brands acknowledged by TJX were influenced, that
includes Discover, MasterCard, Visa as well as American Express (Abelson, 2007).

Almost 50 million card numbers was taken, alongside name as well as data of more than 100
million clients, influencing clients of its different nations as well as in USA stores. Because of
that episode, numerous banks that includes Bank of America were made to reissue the cards for
the customer again as well as cancelled thousand of cards because of theft that happened at TJX.
This report looks at TJX's reaction to the emergency, also makes suggestions for an all the more
balanced, compelling emergency taking care of arrangement later on.
Disaster Administration
The extent of TJX security rupture was serious and worldwide It turned into the biggest
information break as well as wholesale fraud occasion at any point recorded in business. It was
an outer as well as purposeful emergency. If company had taken security measures and PCI
(Payment Card Industry) rules, this emergency could have been stayed away from. In any case,
in decency to TJX, in face of emergency, there were a few decent parts of their treatment of
emergency:
Appreciatively, TJX does not attempt to move fault, or gave away any weak excuse. Despite the
prominent as well as serious greatness of the emergency, it required a solid reaction from top
level authority. Chief, Ben Cammarata, ventured up, as well as correctly filled in as the essential
representative sending two effective messages: "I give it a second thought and I am responsible."
He assumed liability, recognized the problem occurred because of company security pass,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

express regret for the oversight that happened. It was moral and genuine reaction (Abelson,
2007).
Immediately after break was identified TJX employed driving PC security and occurrence
reaction firms to assess the degree of information uncovered, and aid examination.
Also, TJX speedily informed govt agencies- Secret Service of US, Securities and Exchange
Commission of US as well as U.S. Bureau of Justice.
After advising law requirement, company educated different partners, contract banks as well as
installment card along with check preparing organizations.
The company connecting with various partners at the flare-up of emergency, keeping them
advised of whole circumstance, as well as quick activity to cooperate with best security
specialists in examination was exemplary. It kept up TJX's validity as well as decreased the
effect of the emergency.
Deferred Public Announcement and arrangement of wreckage ups
Despite the fact that organization found it was casualty to a monstrous security rupture in mid-
December, however didn't uncover to clients till 17th January, 2007. Initially company kept up
that it deferred making an open declaration at the demand of law implementation just to later
concede the postponement was to a limited extent a "business choice" and in the advertisements,

the organization expressed it was "to the greatest advantage of our customers." The top
enthusiasm of clients was to keep them out of the loop until the point when they completed their
shopping during the December Holiday season. At last, TJX just admitted to an issue after the
primary Wall Street Journal report. Absence of straightforwardness forthright and
opposing/clashing explanations gave organization part of negative exposure.
Moreover, representative attempted to over guarantee partners expressing that company had as of
now fundamentally fortified security of its PC frameworks, it will avoid future interruptions, as
well as now clients should feel safe shopping at their stores. This claim, without express points
of interest of steps taken, scarcely appeared to be trustworthy for partners; when examination to
such genuine security break at company was still in beginning times.
To exacerbate the situation, company already expressed that the interruption had occurred just
from Mid of 06 to Start of 2007 plus Visas uncovered were constrained as well as "generously
under millions.". Examinations however revealed later that their PC frameworks had been
hacked on a few events starting from July 2005 till Jan 2007 and records bargained were more
than 45 million. company, instead of conceding vulnerability, was simply claiming to know
scope. This conflicting data prompted hypothesis that organization had a comment.
To add to troubles, Federal court filings later demonstrated that company had neglected to follow
installment card industry compliance, as well as were in "grievous infringement" of security
methodology they didn't have great control framework set up, even fundamental security
checking or logs to track action were missing.

Absence of compassion and Two-way correspondence
While expressions of conciliatory sentiment and sensitivity to influenced clients were critical, be
that as it may, there was no activity design or direct contact with clients who progressed toward
becoming casualties of misrepresentation because of TJX's carelessness. Tragically, clients were
left to manage vulnerability. Subsequently, various clients, in any expectation of recuperating
their harms, recorded claims against TJX (Abelson, 2007).
The company under-weight declares a settlement to offer clients with credit observing, as well
as repaying their misfortunes. While declaration was made in September,2007, notwithstanding,
sees containing data about qualification for remuneration were not sent to influenced clients until
February, 2008. No doubt, this sort of messy and amateurish dealing with mirrored company’s
absence of worry for client (Abelson, 2007).
To set up two way correspondence, however company established a hotline for clients who had
questions, yet obviously it was shallow; there was no procedure set up, clients who endeavored
to contact just got runarounds. Company were not genuine about tuning in to partners, their
worries or criticism.
Opportunities were missed

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Taking a gander at general emergency reaction, company emergency administration was
strategic, for the most part centered around limiting the misfortune with a quickly made
emergency correspondences system. The company site was utilized as essential specialized
instrument for both influenced customers as well as the media. Since this occurrence got the
organization across the board media consideration which they would some way or another never
get, company missed on an awesome chance to interface all the more intimately with clients,
make affinity with its clients through direct correspondence channels, and feature its image and
qualities amid emergency (TJX Press release, 2007).
The TJX companies Inc. reaction didn't mirror its center estimations of honesty as well as
openness. An additionally prospective reaction—making declaration early, normal updates, and
offering influenced client's remuneration forthright would have driven TJX on a significantly
higher good ground. Along these lines, TJX could have utilized this open door in making an
enduring positive impression in psyches of client (TJX Press release, 2007).
Case Outline: -
The TJX security breach was happened in end of year 2007. This is the biggest wholesale fraud
case at any point arraigned by the equity office from company. The beginning ambush was on a
hub in the TJX organize in United States of America, basically in one of the retail outlets.
Additionally, through that early on interference, the main convict as well as his co-plotters had
the limit increase all concluded as well as spread themselves all through various parts of the

company framework. Similarly, they got themselves ready to get as well as keep up access for
different years, up until 2008 (TJX Press release, 2007).
Government experts have charged an as of now arraigned software engineer with breaking
additional corporate PCs as well as taking data for no under 130 million credit and check cards,
the best extortion case at any point prosecuted in the United States (TJX Press release, 2007).
Albert as well as two mysterious Russians were charged for ambushes that hit Visa processor
companies, as well as two anonymous associations. The twenty-eight-year-old occupant of
coastal region Miami rebuked for executing a break on stores controlled by TJX Companies Inc.,
which revealed almost 50 million card subtle elements. These distinctive associations, including
Dave & Busters as well as Boston Market restaurant systems, were moreover among the charged
casualties (TJX Press release, 2007).
Reports recorded in United States District Court in Newark, New Jersey attest that Albert as well
as three unidentified individuals cased the latest setbacks by setting off to their customer facing
facades along with locales to perceive the reason for offer tasks plus web applications they used.
The charged guilty parties attempted to cover their tracks, according to the indictment. Despite
using middle person servers that disguise their real IP addresses, they used 20 assorted against
infection projects to check none of them perceived the malware used as a piece of the
arrangement, prosecutors said. Once the guilty parties got Visas data, they endeavored to offer it
in underground social affairs to others to use in making false purchases as well as withdrawals in