PricingBlogAbout Us

BIT362: Digital Forensics Assignment - USB Drive Investigation

Verified

Added on  2022/09/11

|18
|1393
|19
Homework Assignment
AI Summary
This assignment delves into the realm of digital forensics, focusing on the analysis of a USB drive. The student begins by creating and deleting a file on the drive, then explores various forensic acquisition tools like ProDiscover, Autopsy, and FTK Imager. The assignment covers key concepts such as search warrants, chain of custody, and write-blocker devices. The student utilizes Autopsy to create an image file of the USB drive, demonstrating offline acquisition techniques. They analyze the benefits of offline data acquisition, particularly in malware detection scenarios. The assignment also involves calculating hash values and restoring a deleted text file using Autopsy, providing practical experience in data recovery and forensic investigation. The student's work is a comprehensive exploration of digital forensics principles and practices, offering a valuable resource for students studying the subject.
Document Page
Running head: Digital forensics
Digital forensics
Name of the Student
Name of the University
Author Note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Digital forensics 1
Table of Contents
Question 1:.................................................................................................................................2
Question 2:.................................................................................................................................3
Question 3:.................................................................................................................................4
Question 4:.................................................................................................................................5
Question 5:.................................................................................................................................6
Question 6:...............................................................................................................................10
Question 7:...............................................................................................................................10
Question 8:...............................................................................................................................13
References:...............................................................................................................................17
Document Page
2Digital forensics
Question 1:
File on the drive:
Content in the file:

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3Digital forensics
File is deleted from the drive:
Question 2:
Pro discover:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4Digital forensics
The pro discover can be regarded as a disc forensic system having the capability of capturing
and analysis of the discs. It supports several Mac, Linux, and window files and uses
forensically proven methods for solving its purpose. It has the ability to locate every data on a
disc as well as protect them and report them for the legal purposes. It is a Utility tool which is
best when the person needs to analyse the entire system at once (Cameron 2018).
Autopsy:
The Computer software autopsy is a part of the Sleuth Kit, which is used for the purpose of
digital forensic investigation. It is a GUI which displays the various research results of a
forensic search and is based on the following principles:
The users can easily add new features for analysis using plugins on the previous data
sources
All modules and access features must offer consistent and standard mechanisms
It is user friendly and supports multiple users as well.
FTK Imager:
The forensic Tool kit is one of the most renowned tools used in the Forensics developed by
AccessData. It has the ability to access an entire disk or HDD in search of information
images, deleted mails and data and can even scan through files looking for particular text
strings and codes which could be potential passwords for various encryptions. It can calculate
MD5 hash values to check data integrity and save image files in multiple formats for later
use.
Question 3:
Search warrant
Document Page
5Digital forensics
A digital search warrant is defined as a warrant issues for searching any electronic or
computer media files images or other details which may contain crime evidences, details of
crimes, illegal documentations, and crime instrumentalities (Easttom 2019). Those search
warrants must particularly mention the type of record to seize and also the time limit for that
seizure. It may be electronic or non-electronic in nature and whether the seized data will be
retained by the investigatory department forever or be cleared away after the closure of the
investigation is determined by the law.
Chain of custody:
This is the tool used for the purpose of the forensic which can preserve the digital
evidences that has been gathered from the various crime scenes. These are preserved in a way
in which they can be presented in the court for the purpose of the law. The chain of custody is
often referred to as the chronological documentation of the evidences and is used for
preserving the integrity of the document (Ghazinour et al. 2017).
Write blocker devices:
Write block device or forensic disc controller is a hardware specially designed for
controlling hard disk and their contents. The purpose of this device is to acquire control over
the read only access of the hard drives of the computer without damaging the contents. It is
commonly used by the forensic investigators to access hard drives containing evidences
(Holt, Bossler and Seigfried-Spellar 2015). It looks like a dongle and can fit into the port of
the computer and access the drives making it easy to use and supporting a wide range of
accessibility makes it popular.
Question 4:
In the Field of Internet Technology Digital Forensics is one of the Most Popular
technology that is used to test cybercrime. Considering the above, it can be said that digital

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6Digital forensics
forensics is a technology by which cyber-criminals can be identified. While analysing the
concept it is noticed that In the Field of Digital Forensics, data acquisition is one of the most
essential part which is primarily used to gather digital evidences in the form of digital images.
When investigating this matter, it is found that there are two types of acquisition processes,
one of which is offline acquisition (Easttom, 2019). These types of processes can generate
some information, if they can't get information from something.
Autopsy has been chosen for conducting the forensic analysis tasks as the tool is
having a GUI interface and it is easy to use. Offline forensic technique has been used as in
this technique an usb drive can be analysed without using Internet.
Question 5:
Creating image file using Autopsy:
Step 1: After opening Autopsy, the screen will pop up automatically to create a new project.
There is also option for opening an existing project. With the help of the option an existing
project can be opened.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7Digital forensics
Step 2: After selecting new case there will be options to input case name and base directory.
In this step I have given the case name and selected the base directory.
Step 3: After step 2, there will be an option information section that will pop up. In this
section I have given the information.
Document Page
8Digital forensics
Step 4: I this step I have added the files from the local disk (USB image drive). Then I have
selected the USB drive.
The data source has been selected:

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
9Digital forensics
Step 5: In this step the ingest modules will be selected:
The data source is adding:
Step 6: image file created:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10Digital forensics
Question 6:
There is no need to analyze the entire data disk and alter the data when using offline
digital acquisition process to create digital advancement. In this process the metadata as well
as spaces will be analysed to gather the digital evidences. While analysing this considerations
it is found that in case of any malware forensic detection the recently used files will be
analysed and from that investigation it will generate digital evidences against the criminal
incident. While investigating the benefits of this method it is noticed that this is one of fastest
data acquisition process that enhances the speed of the digital forensic practices.
Question 7:
Usually the forensic professionals opts for gathering the digital evidences by copying
the original data but in this process it does not gathers the volatile information but it analyses
the entire data and collects digital evidences (Cameron, 2018). For getting the hash value, I
have selected the image file first from Autopsy:
Document Page
11Digital forensics
Then I right clicked on the image and select view summary information:

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
12Digital forensics
The hash value of the image is:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13Digital forensics
Question 8:
For restoring the deleted text file via Autopsy, I have discovered the file from the deleted
files section.
Step 1: Select the deleted files section from the tab:
Document Page
14Digital forensics
Step 2: There will be 2 options. One is File systems and the other one is all section. Select All
from there.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
15Digital forensics
Step 3: Open the all section find the deleted file. The deleted file found.
Hex value of the deleted file:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
16Digital forensics
Document Page
17Digital forensics
References:
Cameron, L., 2018. Future of digital forensics faces six security challenges in fighting
borderless cybercrime and dark web tools.
Easttom, C., 2019. Computer security fundamentals. Pearson IT Certification.
Ghazinour, K., Vakharia, D.M., Kannaji, K.C. and Satyakumar, R., 2017, September. A study
on digital forensic tools. In 2017 IEEE International Conference on Power, Control, Signals
and Instrumentation Engineering (ICPCSI) (pp. 3136-3142). IEEE.
Holt, T.J., Bossler, A.M. and Seigfried-Spellar, K.C., 2015. Cybercrime and digital
forensics: An introduction. Routledge.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 18
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.