PricingBlogAbout Us

Digital Forensics Investigation Project: USB Drive Analysis & Evidence

Verified

Added on  2023/06/13

|19
|1502
|399
Practical Assignment
AI Summary
This assignment details a practical application of digital forensics techniques, focusing on the analysis of USB drives using tools like ProDiscover and OSForensics. The project involves creating forensic images, searching for specific keywords and files, recovering deleted data, and validating data integrity using hash algorithms. It includes hands-on projects such as analyzing a USB drive for potential evidence related to a suicide note and patent case. The assignment also emphasizes the importance of proper investigation management, data validation, and generating comprehensive evidence reports for potential use in legal proceedings. The use of MD5 and SHA algorithms for data validation is discussed, along with references to established digital forensics models and research.
Document Page
Task 1:
Hands-On Project 1-1:
Step 1 - 3: Creating a new project C1Prj01 with a project number, and a brief description.
Step 4: Add C1Prj01.eve image File to our C1Prj01 Project.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Step 5: Select the C1Prj01.eve to add it to C1Prj01 Project
Step 6: Contact of C1Prj01.eve upon expanding Content View.
Step 7: Open Content of the Files in C1Prj01.eve image with associated programs.
Step 8:
Generate
Evidence
Report for
C1Prj01
Document Page
Report:
A backed up image of the USB Drive copied bit-by-bit analysed in this project. Files were
found on the drive who content indicates a possibility of Joshua Zoran’s girlfriend having
committed suicide due to tough times as shown by suicide1.txt in the C1Prj01.eve image. It is
also worth noting that both the “suicide1.txt” note and “Sylvia’s Assets.xls” were created in
the year 2002 and last modified in 2005, a duration of 3 years. (Chung, 2012) Although not
yet factual at this point, it is likely that this is not the first time the girlfriend contemplates of
committing suicide as suicide1 note dates back to the year 2002 before the last modification
in the year 2005

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Hands-On Project 1-2
Step 1: Creating a new project C1Prj02 with a project number and brief description.
Step 2: Adding C1Prj02.eve image File to our C1Prj02 Project.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Step 3: Content of C1Prj02.eve after Expanding its Content View.
Step 4: “book” keyword Searching.
Step
5:
Cluster Search Results for the “Book” Search
Document Page
Hands-On Project 1-3
Step 1: New project C1Prj03 with a project number and a brief description.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Step 2-3: C1Prj03.dd added and its Content Sorted by “Deleted” Column
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Step 4: A Search for the 461562 bank account in the Gallery. Found as COUNT.GIF
Document Page
Hands-On Project 1-4
Step 1: C1Prj04 project creation
Step 2-3: Adding the C1Prj04.eve to Our Project to Display its Content

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Step 4: Sorting files by “Deleted” Column into YES NO groupings.
Step 6: Extract files not deleted from image (Allocated Files).
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Report
Files that were not deleted from the image could easily be accessed and opened with
associated programs. While at times we might not get direct answer we are looking for in the
textual content of the image we are investigating, it is possible to get those answers or clues
in non-textual files on that image such as images and binary files. (Carrier,2009) Deleted files
are also indicated by their names. Even though this might not show us the content of the
deleted files, the fact that the deleted files are listed by their names and sizes is by itself a clue
to getting further into the investigation. ProDiscover allows searching for occurrences of the
specified keywords in images. This is a simple task to perform but it goes a long way in
seeking for answers. Keywords searching assists us to deduce how and where the hidden
message resides in the host file. Keyword searching reduces investigation time and increases
productivity. ProDiscover also generates an Evidence report of the forensic operations and
findings, capable of being used in the court of law when summoned upon to present the
findings of an investigation.
Document Page
TASK 2
Hands-On Project 4:3
Step 1-2: Create a case with OSForensics to get started.
Step 3: M57 - Terry USB Drive Investigation.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 19
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.