Digital Forensics Investigation Report for COIT12201, Semester 2, 2019
VerifiedAdded on 2022/10/17
|33
|2049
|12
Report
AI Summary
This report details a digital forensics investigation into an eCrime case, utilizing the Autopsy tool for analysis. The investigation involved creating a new case, adding hosts and devices, initializing the process, and backing up data. Data separation techniques were employed to categorize files, including audio, video, and deleted files. The report outlines the steps taken, including the generation of a final report formatted for the client. The investigation involved analyzing several files, including .mddramimage.zip, .E01 files, and identifying key findings such as the identification of individuals spying on a company president, the methods they used, and their motives. The report also details the evidence found, including databases, HTML files, plaintext, and email addresses, and concludes with a bibliography of relevant sources.
Running head: Electronic Crime and Digital Forensics
Electronic Crime and Digital Forensics
Name of the Student
Name of the University
Author Note
Electronic Crime and Digital Forensics
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1Electronic Crime and Digital Forensics
Table of Contents
Activity two:....................................................................................................................................4
Creating a new case:....................................................................................................................4
Addition of host or the files and devices:....................................................................................4
Initialize the process:...................................................................................................................4
Back-up of data and cloning for forensics:..................................................................................4
Data separation:...........................................................................................................................5
The generation of report:.............................................................................................................5
Creating a new case:....................................................................................................................5
Addition of host or the files and devices:....................................................................................6
Initialize the process:...................................................................................................................6
Back-up of data and cloning for forensics:..................................................................................6
Data separation:...........................................................................................................................6
The generation of report:.............................................................................................................7
Investigation:...............................................................................................................................7
pat-2009-12-11.mddramimage.zip:.........................................................................................7
jo-work-usb-2009-12-11.E01:...............................................................................................11
pat-2009-12-11.E01:..............................................................................................................17
• Who is spying on Pat?.................................................................................................................29
Table of Contents
Activity two:....................................................................................................................................4
Creating a new case:....................................................................................................................4
Addition of host or the files and devices:....................................................................................4
Initialize the process:...................................................................................................................4
Back-up of data and cloning for forensics:..................................................................................4
Data separation:...........................................................................................................................5
The generation of report:.............................................................................................................5
Creating a new case:....................................................................................................................5
Addition of host or the files and devices:....................................................................................6
Initialize the process:...................................................................................................................6
Back-up of data and cloning for forensics:..................................................................................6
Data separation:...........................................................................................................................6
The generation of report:.............................................................................................................7
Investigation:...............................................................................................................................7
pat-2009-12-11.mddramimage.zip:.........................................................................................7
jo-work-usb-2009-12-11.E01:...............................................................................................11
pat-2009-12-11.E01:..............................................................................................................17
• Who is spying on Pat?.................................................................................................................29
2Electronic Crime and Digital Forensics
• How are they doing it? Can you identify specific methods or software they have used to
facilitate this?.................................................................................................................................30
• Why is the employee spying on Pat?...........................................................................................32
• Is anyone else involved? Would you characterize them as accomplices?..................................32
Bibliography:.................................................................................................................................33
• How are they doing it? Can you identify specific methods or software they have used to
facilitate this?.................................................................................................................................30
• Why is the employee spying on Pat?...........................................................................................32
• Is anyone else involved? Would you characterize them as accomplices?..................................32
Bibliography:.................................................................................................................................33
3Electronic Crime and Digital Forensics
Activity two:
For investigation the files in activity two autopsy tool has been used. The following tasks have
been done by the autopsy tool.
Creating a new case:
After the autopsy tool has been started and the interface of the too is being initialized
with the facility on the environment in order to perform a digital data forensic that is effective
over the media that is specific. For creating new case, the create new case option should be
clicked from the graphical user interface of the autopsy tool. The name of the case and details of
location are filled in order to make sure its integrity. Then to make sure who is examining the
case is then fetched into the user interface.
Addition of host or the files and devices:
The analysis of the process begins with the data link that is given in the autopsy window.
Initialize the process:
In order to initialize the procedure, the configuration of wizard option is used in the
autopsy tool in order to finalize the data link that is being added for analysis.
Back-up of data and cloning for forensics:
After the above procedure, the data is saved automatically in order to avoid the loss of
data and then they are placed in the format as said in the previous step request as the look-up
hash, exit parser etc. The data is then stored in the folders as cache, temp, export file backup with
Activity two:
For investigation the files in activity two autopsy tool has been used. The following tasks have
been done by the autopsy tool.
Creating a new case:
After the autopsy tool has been started and the interface of the too is being initialized
with the facility on the environment in order to perform a digital data forensic that is effective
over the media that is specific. For creating new case, the create new case option should be
clicked from the graphical user interface of the autopsy tool. The name of the case and details of
location are filled in order to make sure its integrity. Then to make sure who is examining the
case is then fetched into the user interface.
Addition of host or the files and devices:
The analysis of the process begins with the data link that is given in the autopsy window.
Initialize the process:
In order to initialize the procedure, the configuration of wizard option is used in the
autopsy tool in order to finalize the data link that is being added for analysis.
Back-up of data and cloning for forensics:
After the above procedure, the data is saved automatically in order to avoid the loss of
data and then they are placed in the format as said in the previous step request as the look-up
hash, exit parser etc. The data is then stored in the folders as cache, temp, export file backup with
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4Electronic Crime and Digital Forensics
the run time details and complete details about the procedure and can only be read by the
explorer of autopsy.
Data separation:
The separation of data is done as per the nature of the data as audio, video and some other
formats along with their files that are deleted and the files that are edited too. The specific details
of the documents and the details of metadata are retrieved using the autopsy tool. The next step is
the extraction using the autopsy tool. The files that are deleted and the other extra data are found
to be availed. The data that are present are detailed according to the criteria. The data that is in
the form of video can be played and examined. All the files that are in extension are named
according to their detail and nature. The details of the devices that are connected can reveal their
durations and establishments. The information that is about the software can be detailed.
The generation of report:
In this stage the details that are being retrieved are then formatted into a report for the
client or the case of use proceedings. The data format that is being required according to the
snapshot that is given is only possible with the version that is latest of the autopsy software.
These are the criteria’s that are required according to the preference of the client. The file of html
gives the data with the details that are limited or consolidated according to the policy of privacy
of data share according to the legal privacy policy f the government.
Creating a new case:
After the autopsy tool has been started and the interface of the too is being initialized
with the facility on the environment in order to perform a digital data forensic that is effective
the run time details and complete details about the procedure and can only be read by the
explorer of autopsy.
Data separation:
The separation of data is done as per the nature of the data as audio, video and some other
formats along with their files that are deleted and the files that are edited too. The specific details
of the documents and the details of metadata are retrieved using the autopsy tool. The next step is
the extraction using the autopsy tool. The files that are deleted and the other extra data are found
to be availed. The data that are present are detailed according to the criteria. The data that is in
the form of video can be played and examined. All the files that are in extension are named
according to their detail and nature. The details of the devices that are connected can reveal their
durations and establishments. The information that is about the software can be detailed.
The generation of report:
In this stage the details that are being retrieved are then formatted into a report for the
client or the case of use proceedings. The data format that is being required according to the
snapshot that is given is only possible with the version that is latest of the autopsy software.
These are the criteria’s that are required according to the preference of the client. The file of html
gives the data with the details that are limited or consolidated according to the policy of privacy
of data share according to the legal privacy policy f the government.
Creating a new case:
After the autopsy tool has been started and the interface of the too is being initialized
with the facility on the environment in order to perform a digital data forensic that is effective
5Electronic Crime and Digital Forensics
over the media that is specific. For creating new case, the create new case option should be
clicked from the graphical user interface of the autopsy tool. The name of the case and details of
location are filled in order to make sure its integrity. Then to make sure who is examining the
case is then fetched into the user interface.
Addition of host or the files and devices:
The analysis of the process begins with the data link that is given in the autopsy window.
Initialize the process:
In order to initialize the procedure, the configuration of wizard option is used in the
autopsy tool in order to finalize the data link that is being added for analysis.
Back-up of data and cloning for forensics:
After the above procedure, the data is saved automatically in order to avoid the loss of
data and then they are placed in the format as said in the previous step request as the look-up
hash, exit parser etc. The data is then stored in the folders as cache, temp, export file backup with
the run time details and complete details about the procedure and can only be read by the
explorer of autopsy.
Data separation:
The separation of data is done as per the nature of the data as audio, video and some other
formats along with their files that are deleted and the files that are edited too. The specific details
of the documents and the details of metadata are retrieved using the autopsy tool. The next step is
the extraction using the autopsy tool. The files that are deleted and the other extra data are found
to be availed. The data that are present are detailed according to the criteria. The data that is in
over the media that is specific. For creating new case, the create new case option should be
clicked from the graphical user interface of the autopsy tool. The name of the case and details of
location are filled in order to make sure its integrity. Then to make sure who is examining the
case is then fetched into the user interface.
Addition of host or the files and devices:
The analysis of the process begins with the data link that is given in the autopsy window.
Initialize the process:
In order to initialize the procedure, the configuration of wizard option is used in the
autopsy tool in order to finalize the data link that is being added for analysis.
Back-up of data and cloning for forensics:
After the above procedure, the data is saved automatically in order to avoid the loss of
data and then they are placed in the format as said in the previous step request as the look-up
hash, exit parser etc. The data is then stored in the folders as cache, temp, export file backup with
the run time details and complete details about the procedure and can only be read by the
explorer of autopsy.
Data separation:
The separation of data is done as per the nature of the data as audio, video and some other
formats along with their files that are deleted and the files that are edited too. The specific details
of the documents and the details of metadata are retrieved using the autopsy tool. The next step is
the extraction using the autopsy tool. The files that are deleted and the other extra data are found
to be availed. The data that are present are detailed according to the criteria. The data that is in
6Electronic Crime and Digital Forensics
the form of video can be played and examined. All the files that are in extension are named
according to their detail and nature. The details of the devices that are connected can reveal their
durations and establishments. The information that is about the software can be detailed.
The generation of report:
In this stage the details that are being retrieved are then formatted into a report for the
client or the case of use proceedings. The data format that is being required according to the
snapshot that is given is only possible with the version that is latest of the autopsy software.
These are the criteria’s that are required according to the preference of the client. The file of html
gives the data with the details that are limited or consolidated according to the policy of privacy
of data share according to the legal privacy policy f the government.
Investigation:
pat-2009-12-11.mddramimage.zip:
By investigation this file the results that have been got are given below:
the form of video can be played and examined. All the files that are in extension are named
according to their detail and nature. The details of the devices that are connected can reveal their
durations and establishments. The information that is about the software can be detailed.
The generation of report:
In this stage the details that are being retrieved are then formatted into a report for the
client or the case of use proceedings. The data format that is being required according to the
snapshot that is given is only possible with the version that is latest of the autopsy software.
These are the criteria’s that are required according to the preference of the client. The file of html
gives the data with the details that are limited or consolidated according to the policy of privacy
of data share according to the legal privacy policy f the government.
Investigation:
pat-2009-12-11.mddramimage.zip:
By investigation this file the results that have been got are given below:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7Electronic Crime and Digital Forensics
1 archive have been found within the encrypted file
There are 6 databases that have been found in the encrypted file
1 archive have been found within the encrypted file
There are 6 databases that have been found in the encrypted file
8Electronic Crime and Digital Forensics
24 HTML files has been found in the file that has been encrypted.
612 plaintext has been found in the encrypted file.
24 HTML files has been found in the file that has been encrypted.
612 plaintext has been found in the encrypted file.
9Electronic Crime and Digital Forensics
There are 7624 deleted files in the encrypted file
These are the email addresses that have been found are provided in the screenshot
There are 7624 deleted files in the encrypted file
These are the email addresses that have been found are provided in the screenshot
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10Electronic Crime and Digital Forensics
jo-work-usb-2009-12-11.E01:
By investigation this file the results that have been got are given below:
jo-work-usb-2009-12-11.E01:
By investigation this file the results that have been got are given below:
11Electronic Crime and Digital Forensics
10 video files have been found
3 databases have been found in the encrypted file
10 video files have been found
3 databases have been found in the encrypted file
12Electronic Crime and Digital Forensics
1604 pdf files have been found
There are 1 x-sqlite file that have been found in the encrypted file
1604 pdf files have been found
There are 1 x-sqlite file that have been found in the encrypted file
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13Electronic Crime and Digital Forensics
39 JPEG file has been found in the encrypted file
There are 2 appledouble file that has been found in the encrypted file
39 JPEG file has been found in the encrypted file
There are 2 appledouble file that has been found in the encrypted file
14Electronic Crime and Digital Forensics
13 plain files has been found in the encrypted file.
1 xml file have been found in the encrypted file.
4 x-m4v files have been found.
13 plain files has been found in the encrypted file.
1 xml file have been found in the encrypted file.
4 x-m4v files have been found.
15Electronic Crime and Digital Forensics
93 file system has been found in the encrypted file.
93 file system has been found in the encrypted file.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16Electronic Crime and Digital Forensics
pat-2009-12-11.E01:
By investigation this file the results that have been got are given below:
2555 image files have been found in the encrypted file.
pat-2009-12-11.E01:
By investigation this file the results that have been got are given below:
2555 image files have been found in the encrypted file.
17Electronic Crime and Digital Forensics
102 video files have been found in the encrypted file.
169 audio files have been found.
169 archive files has been found in the encrypted file
102 video files have been found in the encrypted file.
169 audio files have been found.
169 archive files has been found in the encrypted file
18Electronic Crime and Digital Forensics
38 databases have been found.
1226 html files have been found.
38 databases have been found.
1226 html files have been found.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19Electronic Crime and Digital Forensics
42 Ms office files including doc, excel and ppt are found in the encrypted file.
111 pdf files have been found.
42 Ms office files including doc, excel and ppt are found in the encrypted file.
111 pdf files have been found.
20Electronic Crime and Digital Forensics
1046 plaintext files have been found.
11 rich text files have been found.
1046 plaintext files have been found.
11 rich text files have been found.
21Electronic Crime and Digital Forensics
1448 .exe have been found.
5076 .dll files have been found.
1448 .exe have been found.
5076 .dll files have been found.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
22Electronic Crime and Digital Forensics
5 .bat files have been found in the encrypted file.
2 .cmd files have been found.
5 .bat files have been found in the encrypted file.
2 .cmd files have been found.
23Electronic Crime and Digital Forensics
18 .com files have been found in the encrypted file.
5159 file system have been found in the encrypted file.
18 .com files have been found in the encrypted file.
5159 file system have been found in the encrypted file.
24Electronic Crime and Digital Forensics
The content that are being extracted have been found in the encrypted file.
66 EXIF metadata have been found.
The content that are being extracted have been found in the encrypted file.
66 EXIF metadata have been found.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
25Electronic Crime and Digital Forensics
26Electronic Crime and Digital Forensics
27Electronic Crime and Digital Forensics
The founded web histories are provided in the screenshot below:
The founded web histories are provided in the screenshot below:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
28Electronic Crime and Digital Forensics
These are the email addresses that have been found in the encrypted file.
• Who is spying on Pat?
Jo was spying on Pat. Jo is one of the patent researchers of the company.
These are the email addresses that have been found in the encrypted file.
• Who is spying on Pat?
Jo was spying on Pat. Jo is one of the patent researchers of the company.
29Electronic Crime and Digital Forensics
• How are they doing it? Can you identify specific methods or software they
have used to facilitate this?
They are doing this by using the networking routing protocols as the router is connected with all
of the employees.
The evidences found:
There are 1 x-sqlite file that have been found in the encrypted file
39 JPEG file has been found in the encrypted file
• How are they doing it? Can you identify specific methods or software they
have used to facilitate this?
They are doing this by using the networking routing protocols as the router is connected with all
of the employees.
The evidences found:
There are 1 x-sqlite file that have been found in the encrypted file
39 JPEG file has been found in the encrypted file
30Electronic Crime and Digital Forensics
There are 2 appledouble file that has been found in the encrypted file
13 plain files has been found in the encrypted file.
There are 2 appledouble file that has been found in the encrypted file
13 plain files has been found in the encrypted file.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
31Electronic Crime and Digital Forensics
1 xml file have been found in the encrypted file.
• Why is the employee spying on Pat?
Pat is the president of the company, he has stored some confidential documents that are directly
related to the company. Jo wants to access all the confidential data that are stored in Pat’s PC and
want benefit from the data.
• Is anyone else involved? Would you characterize them as accomplices?
With Jo, Charlie is also involved in this case as they both are pattern developers of the company.
This is definitely a crime as they are not taking any permission for doing this.
1 xml file have been found in the encrypted file.
• Why is the employee spying on Pat?
Pat is the president of the company, he has stored some confidential documents that are directly
related to the company. Jo wants to access all the confidential data that are stored in Pat’s PC and
want benefit from the data.
• Is anyone else involved? Would you characterize them as accomplices?
With Jo, Charlie is also involved in this case as they both are pattern developers of the company.
This is definitely a crime as they are not taking any permission for doing this.
32Electronic Crime and Digital Forensics
Bibliography:
Casey, E., Back, G. and Barnum, S., 2015. Leveraging CybOX™ to standardize representation
and exchange of digital forensic information. Digital Investigation, 12, pp.S102-S110.
Conlan, K., Baggili, I. and Breitinger, F., 2016. Anti-forensics: Furthering digital forensic
science through a new extended, granular taxonomy. Digital investigation, 18, pp.S66-S75.
Gupta, J.N., Kalaimannan, E. and Yoo, S.M., 2016. A heuristic for maximizing investigation
effectiveness of digital forensic cases involving multiple investigators. Computers & Operations
Research, 69, pp.1-9.
Lutui, R., 2016. A multidisciplinary digital forensic investigation process model. Business
Horizons, 59(6), pp.593-604.
Montasari, R., 2016. Review and assessment of the existing digital forensic investigation process
models. International Journal of Computer Applications, 147(7), pp.41-49.
Bibliography:
Casey, E., Back, G. and Barnum, S., 2015. Leveraging CybOX™ to standardize representation
and exchange of digital forensic information. Digital Investigation, 12, pp.S102-S110.
Conlan, K., Baggili, I. and Breitinger, F., 2016. Anti-forensics: Furthering digital forensic
science through a new extended, granular taxonomy. Digital investigation, 18, pp.S66-S75.
Gupta, J.N., Kalaimannan, E. and Yoo, S.M., 2016. A heuristic for maximizing investigation
effectiveness of digital forensic cases involving multiple investigators. Computers & Operations
Research, 69, pp.1-9.
Lutui, R., 2016. A multidisciplinary digital forensic investigation process model. Business
Horizons, 59(6), pp.593-604.
Montasari, R., 2016. Review and assessment of the existing digital forensic investigation process
models. International Journal of Computer Applications, 147(7), pp.41-49.
1 out of 33
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.