PricingBlogAbout Us

Forensic Investigation: Evidence Recovery on an Amazon Kindle Fire HD

Verified

Added on  2024/06/28

|2
|551
|345
Case Study
AI Summary
This case study details the forensic investigation of an Amazon Kindle Fire HD (2014 model) for evidence recovery. The process begins with creating an MD5 hash value of the device to ensure data integrity throughout the investigation. The analysis is performed on an image of the device, created using tools like XRY or Oxygen, to preserve the original evidence. The image is then analyzed using Internet Evidence Finder (IEF) to identify artifacts from the device's custom Android Ice Cream Sandwich operating system and Silk web browser. The IEF Report Viewer is used to present the findings, which include URLs with timestamps and data from Facebook, Silk Browser, email, and Amazon Cloud Drive. The investigation highlights the importance of system and event logs in tracking user activity. While tools like Oxygen and IEF are valuable, they have limitations, necessitating the use of multiple tools for comprehensive analysis. The Kindle stores significant user data, making it a valuable source of evidence for investigators, including location data, behavioral patterns, and communication records.
Document Page
We have an amazon kindle fire HD 2014 model for evidence recovery. As soon as we have
control of the evidence we must take the MD5 hash value of the same. This step is done in order
to prove that in order to perform evidence acquisition we have not tampered the evidence. Thus,
we must take the MD5 hash value of the evidence two times one while taking over on the
evidence and the other is handing over the evidence. This will ensure the integrity of evidence in
court.
We must perform all the evidence recovery operation not on evidence but on the image of it.
Imaging of evidence could be done with the help of software like XRY, Oxygen etc. After
imaging, the image is fed to the IEF (Internet evidence finder). This software has the signature of
many operating systems and devices stored in it thus it will easily identify this image. After
identifying the device of the image fed, it will start looking for the artifacts which could be
present on the device. This device uses a custom version of android ice cream sandwich. It also
has its own web browser silk. Once the analysis part is completed with IEF, we can easily see the
report by using a functionality provided by IEF itself which is IEF Report Viewer. Using this
tool, we can see the gathered information by analysis in the more structured way. Detailed
information may / may not be obtained but we can have all the URLs with time and date stamps.
Databases contained valuable forensic artifacts. The most interesting artifacts came from
Facebook, Silk Web Browser, Email, and the Amazon Cloud Drive. Information such as system
logging and event logging kept track of nearly every user action, for example, turning the Kindle
on or off, connecting to Wi-Fi, and search queries.
We will use several tools and technologies in order to find evidence from the image of the
device. All the tools have their strengths as well as their weaknesses. Like we have used oxygen
for imaging, this will not provide us the image of the whole storage area there are still some
areas to store data which can only be accessed after having root privileges. IEF findings only
limited to the knowledge base of it. In order to get through forensic analysis, we cannot solely
rely on IEF. Instead, we must use another tool available to us.
The Kindle stores a lot of user activity and user data that could help investigators provide
evidence. Users may not be aware how much of the activity they perform on the Kindle is
logged, dated, and available in plain text. Artifacts pertinent to an investigation could help show
that a suspect was at a crime scene at the time, nowhere near the crime when it happened, show
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
patterns of behavior, show that a suspect had contraband on the Kindle, create a timeline, and
show relationships between the suspect and accomplices through their communications.
chevron_up_icon
1 out of 2
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.