PricingBlogAbout Us

Digital Forensics Report: Scrambled Bits Recovery & USB Drive Analysis

Verified

Added on  2023/01/18

|25
|2602
|55
Report
AI Summary
This document presents a digital forensics report involving the recovery of scrambled bits using WinHex and an investigation into potential intellectual property theft at Superior Bicycles Inc. The report details the process of unscrambling the provided bits, followed by a digital forensics analysis of a USB drive using FTK Imager and Autopsy. The investigation aims to determine if the USB drive contains any proprietary data, specifically digital photographs, related to the company. The report outlines the tools used, the analysis steps taken, and the findings, including information about the digital forensics case file, such as file names, types, sizes, and hash values. The scenario involves a new employee, Tom Johnson, and his connection to a terminated employee, Jim Shu, along with an external investor, Bob Aspen, who received a suspicious email prompting the investigation.
Document Page
University
Semester
Digital Forensics
Student ID
Student Name
Submission Date
1
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Executive Summary
We shall be making use of the WinHex digital forensics tool to recover the provided the
scrambled bits and this will form the first part our project. (WinHex is a commercial disk editor
and universal hexadecimal editor used for data recovery and digital forensics). A new employee
of Superior Bicycles Inc will prepare the digital forensics report for Intellectual property theft,
and this will form the second part of our task.The new employee name is Tom Johnson; this
employee is the cousin of the Jim Shu an employee who had been terminated. The Bob Aspen is
external investor and contractor who gets a strange email from Terry Sadler that email contains
the information about the Jim Shu new project. So, the Bob forwards the email to Chris
Robinson to inquire about the special project that might need the capital investments.In this
project, we shall determine the drive contains any proprietary Superior Bicycles Inc. data in the
form of any digital photograph as evidence. The FTK imager and Autopsy tool will be used for
the analysis of the USB drive. We shall now evaluate and discuss the digital forensics report,
which was prepared for the investigation.
2
Document Page
Table of Contents
Task 1: Recovering Scrambled Bits.........................................................................................................3
Task 2: Digital Forensics Report..............................................................................................................7
1. Introduction and Background......................................................................................................7
2. Tools................................................................................................................................................8
3. Analysis.........................................................................................................................................10
4. Findings........................................................................................................................................15
5. Conclusion....................................................................................................................................23
References................................................................................................................................................23
3

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Task 1: Recovering Scrambled Bits
We shall be using the Winhex digital forensics tool, in this project for recovering the
provided for the scrambled bits. Also, for the digital forensics evaluation, the WinHex tool is
used for the effective data recovery (Duranti & Endicott-Popovsky, 2010). The following are the
steps, which by using the WinHex are used for the recovery of the provided scrambled bits,
As presented in the below image, open the Winhex software,
After click file to choose the open file. Then, Browse the scrambled bits by choose the provided
text file. This process is used to display the scrambled bits of text file which is illustrated as
below.
4
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
The text format is the display after the execution of the scrambled bits and the same is
represented in the below image,
5
Document Page
A message is displayed on the screen once the process has been completed. The message
will be, and the below image is the representation,
“Congratulations! You have successfully unscrambled bits in this file”
6

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Task 2: Digital Forensics Report
1. Introduction and Background
For the new employee of the Superior Bicycles Inc, we shall prepare the digital forensics
report for Intellectual property theft and this task is about the same. The new employee name is
Tom Johnson; this employee is the cousin of the Jim Shu an employee who had been terminated.
The Bob Aspen is external investor and contractor who gets a strange email from Terry Sadler
that email contains the information about the Jim Shu new project. So, the Bob forwards the
email to Chris Robinson to inquire about the special project that might need the capital
investments.Then, Chris forwards the email to the general counsel, Ralph Benison asking him to
look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with
attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris
Robinson. The USB to which Tom Johnson was assigned, was found by Chris on the desk.
7
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
In this project, we are determining the drive contains any proprietary Superior Bicycles
Inc. data in the form of any digital photograph as evidence. The FTK imager and Autopsy tool
are the tools that will be used for the analysis of the USB drive. At last prepare the digital
forensics report about the investigation. These are will be analyzed and discussed in detail.
2. Tools
This digital investigation uses the FTK imager and Autopsy tool to determine and analyse
the USB drive and finally prepare the digital forensics report about the investigation. We shall be
using the FTK imager tool forcreating the USB drive as disk image file and then evaluating the
USB drive.Use the autopsy tool to analyse and evaluate the created disk image file, once the disk
image file is created by the USB drive. These are used to analysis the hidden data, hidden image,
data recovery on USB drive.
FTK Imager
A Forensic Image is frequently expected to check trustworthiness of picture after a
procurement of a Hard Drive has occurred. This is normally performed by law authorization for
court on the grounds that, after a measurable picture has been made, its trustworthiness can be
checked to confirm that it has not been messed with. Further, a legal picture can be upheld up
and additionally tried on without harming the first duplicate or proof.
Further, you can make a legal picture from a running or dead machine. I surmise the most
ideal approach to disclose the criminological picture to somebody who does not think about PCs
is that it is an exacting preview in time that has honesty checking.
The finished PC criminology tool will be the proposed FTK. In a single location, the most well-
known criminological instruments are given by the agents as a conglomeration. To make the
system safe and secured, FTK will give the following services,
endeavoring to break a secret key
dissect messages
Search for explicit characters in documents.
An instinctive GUI will be made use of to further improve the pot. With more additional features
, it execution procedure and recognizing characteristics, the FTK is distinctly different from the
other tools of its type.Use of the multi-center CPUs to parallelize the activities was the main
feature for the main criminological programming and for which the buying in of a dispersed
preparing approach is carried out.
8
Document Page
Autopsy tool
The Sleuth Kit® and other advanced legal sciences devices are used in the graphical
interface and computerized legal sciences stage by the use of Autopsy®. It is used on computer
devices for investigation and research study by law implementation, military, and corporate
inspectors. Another common use of this tool is on the camera’s memory card and to recuperate
photographs from it, and here also the graphical UI (GUI) is utilized for the analysis and
evaluation. The features of the Sleuth Kit are,
More straightforward to work
computerizing a considerable lot of the strategies
simpler and easier to recognize
Sortall the inventory appropriate bits of criminological information.
For enabling the clients to gather, parse and break down measurable information on PC
frameworks and cell phones, we shall make use of the “Sleuth Kit” which is an accumulation of
order lines and a C library. Most of the photographs from the camera can be recouped by using
this framework as guaranteed by the site. The perfectionists have always liked their work to be
straightforward and they would not like the layering of the GUI over the content based projects
and also the direction line interfaces on it. But the innovative tool, “Autopsy” is appreciated and
liked even by people who have always worked with GUI interfaces.
Simple to Use
As an out of crate, user friendly tool, Autopsy evaluation was purposefully natural. At every step
of the installation procedure for the tool, there are wizards to guide you. A solitary tree gives all
the possible outcomes. For more subtleties, check the natural page.
Extensible
With modules that accompany it out of the container and others that are accessible from
outside, the Autopsy was always intended to be a start to finish stage. Below are the modules as
part of the tool:
Timeline Analysis - Advanced graphical occasion seeing interface (video
instructional exercise included).
Hash Filtering - Flag known awful records and disregard known great.
9

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Keyword Search - Indexed catchphrase inquiry to discover records that notice
important terms.
Web Artifacts - Extract history, bookmarks, and treats from Firefox, Chrome, and IE.
Data Carving - Recover erased documents from unallocated space utilizing PhotoRec
Multimedia - Extract EXIF from pictures and watch recordings.
Indicators of Compromise - Scan a PC utilizing STIX.
Quick
Yesterday is when everybody needs the Results. As soon as the results are found they are
given to you by Analysis, by running the foundation assignments in parallel utilizing various
centers You will know in minutes if your catchphrases were found in the client's home organizer,
even though for the tool it might take hours to completely look through the drive. For more of
the subtleties, check the quick outcomes page.
Cost Effective
There is no cost to dissection and it is free. Financially savvy computerized criminology
tools have become easy and basic, as the spending plans and values have diminished. By offering
services that other business apparatuses don't give, like the basic highlights like web antiquity
analysis and vault investigation, Dissection offers a similar center highlights as other
computerized crime scene investigation instruments.
3. Analysis
We shall be using the FTK imager to create the disk image file for USB drive, before we
start with the evaluation process (Larson, 2014).Below is the representation for the first step of
opening the FTK imager,
10
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Below is the representation for creating the disk image file by clicking on the “file” option,
Next image below displays the choosing of the Physical Drive by selecting the source evidence
type USB and then clicking on the “Next” button,
11
Document Page
Below image displays the source folder to be selected and then clicking on the next button,
Next image below shows Raw DD as the selected destination image type, and then clicking on
the next button,
12

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 25
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.