PricingBlogAbout Us

Detailed Plan for Forensic Acquisition of SD Card with FTK Imager

Verified

Added on  2022/10/02

|15
|1369
|94
Practical Assignment
AI Summary
This assignment provides a comprehensive plan for the forensic acquisition of data from an SD card, formatted with a FAT32 file system, using the FTK Imager tool. The plan begins with establishing the scope and identifying key players, followed by the use of FTK Imager to create a forensically sound image of the SD card. The process includes selecting the SD card as the source, choosing the image format, and entering case details. The assignment also describes the tools used for data recovery, such as MjM Free Photo Recovery Software and Inspector Smart Recovery, and provides insights into the file system structure, including the NTFS segment and the MFT record. The student's methodology ensures the reliability and admissibility of the evidence, emphasizing the importance of a structured report understandable to both technical and non-technical readers. The assignment also references relevant academic papers to support the methodology and tools used, demonstrating a strong understanding of digital forensic principles and practices.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
1
Forensic Analysis
Student’s Name:
Institution Affiliation:
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
2
Plan of a digital forensic collection of data from a specific device
Step 1: Distinguishing proof is a critical initial phase in the scientific assessment process. It
legitimately impacts endeavors to build up a strategy and, eventually, the achievement of the
venture. It additionally enables the client to control costs.
Step 2: Before any computerized measurable assessment starts, the extent of activities must be
recognized. Who are the key players and overseers? What are the best wellsprings of potential
electronic proof that should be gotten to for gathering?
Step 3: Leading meetings is a significant early advance in a fruitful computerized scientific
assessment. When deciding important gadgets from which to gather information for a case
Step 4: Take a gander at the scope of factors and figure out what variables are affecting
everything for the situation.
Step 5: Archive what you have gathered.
Step 6: On the off chance that it is resolved that extra electronic proof (excluded in the first
arrangement) should be assembled, it's critical to decide whether there is a requirement for a
legitimate warrant, corrected assent structure, or some other changes to the first extent of work.
Document Page
3
Computerized proof should be altogether evaluated concerning the extent of the case. The extent
of a criminological assessment ca exclude "everything." At least, not except if there is boundless
time and spending plan included.
Forensic acquisition of the SD card
Experiment procedure
In carrying out our experiment, we used a 256 MB SD card, which has photos, word, pdf,
and other file formats. Our system for testing the SD card is running a Windows
operating system. We first formatted our SD card using our Windows machine(Kebande,
and Ray, 2016).
Tools used
Forensic Tool Kit (FTK) Imager software
It is an information preview and imaging device used to obtain information (proof) in a
forensically stable way by making duplicates of information without making changes to
the first proof. Here is our FTK tool(Shrivastava, 2017).
Click on the source for our case is SD card
Document Page
4
Selecting drive and click finish
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
5
We then select the image format
Our next step is to enter case details.
Document Page
6
We choose destination folder in our PC
Document Page
7
Evidence found in SD card using FTK
MjM Free Photo Recovery Software
The apparatus naturally finds the memory card once it's been connected to the card
peruser and is at that point prepared to examine. It shows what is contained on the card as
thumbnail pictures. It can see photographs in full size or recuperate them all(Kouwen et
al., 2018).
Tool functionality
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
8
The instrument utilizes a drop-down menu to choose the size of the record with the most
extreme and least document size by Default most extreme (2048k) and least (128k). The
instrument bolsters profound sweep usefulness where the client ticks the container will
show a back rub setting saying "profound can just be utilized on the off chance that your
photographs don't show utilizing default settings, utilizing an ordinary sweep or if the
memory document framework is degenerate."
Evidence from SD card
Document Page
9
Inspector Smart Recovery
It is an examination based program to take a gander at removable media, for example,
securely computerized. Furthermore, mixed media cards. This device has been promoted
to work with any removable media from computerized cameras and recoup any
documents that have been erased.
Document Page
10
The interface of the instrument is primary. It comprises of two drop-down menus and a
program bar to choose the goal of the recovered pictures. The first drop-down menu is to
choose the removable drive expected for review and recovery. The gadget determination
subtleties the gadget, for example, the size of media drive and on the off chance that it is
fixed or removable. While a subsequent drop-down menu offers, a determination of the
arrangement of the records means to be recovered as appeared in Figure 4. Since this
paper will look into the adequacy of the device in recovering pictures from an SD card,
the device was set to recoup the JPG photograph position. In choosing the JPG group,
additional help ends up accessible, called upgraded alternatives to show with or without
thumbnail pictures. The instrument bolsters diverse picture design anyway with the end
goal of this examination, and the device recouped JPG records as it were(Valjarevic, and
Venter, 2015).
Evidence from SD card
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
11
Document Page
12
File system
An NTFS segment itself has a straightforward structure. Toward the start is the single
NTFS boot division. Some places in the sector are the two reflections of the Master File
Table. The Master File Table (MFT) has large passages. Without a doubt, numerous little
records are wholly put away inside the MFT. Ordinarily, the MFT is distributed about
12.5% of the segment size. However, this worth can be changed to accommodate a record
framework with untypically numerous huge or untypically little documents. If necessary,
some portion of this assignment is utilized to provide different materials. The rest of a
few vast records are put away in the File System Data zone, which makes up the more
significant part of the parcel. From this design, we can see that NTFS is a substantial
takeoff from FAT, adjusted to the monstrous (by principles of 10 years prior) circle sizes
and volume of information. A duplicate of the ace record table stores the initial four
framework passages (or of the MFT to fix the document framework if a plate square turns
terrible.
$MFT FILE Record
Document Page
13
The magic number for the MFT record provided in the instruction file is 46, 49, 4C, 45. The
offset of the MFT record given is 00, 30, respectively. The offset in the records has three entries
for the update array. For the 59, 00 respectively indicates that the entry has been used up to 89
times. The count link for 00, 02 is 2. In our record, the flag will be 0x, 00, and 03. Our base
record will be 00, 00, 00, 00, 00, 00, 00, 00. The start fixup array will be 0x30.
Attributes
As we have seen, the principal trait is situated at balance 0x38. The trait identifier is 0x, 00, 00,
00, and 10; that is, the primary quality is the standard data. The characteristic is 0x60, B long. It
is inhabitant, and its substance has size 0x48, situated at balance 0x18.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
14
References
Shrivastava, G., 2017. Approaches of network forensic model for
investigation. International Journal of Forensic Engineering, 3(3), pp.195-215.
Kebede, V.R., and Ray, I., 2016, August. A generic digital forensic investigation
Document Page
15
framework for the internet of things (IoT). In 2016 IEEE 4th International Conference on
Future Internet of Things and Cloud (FiCloud) (pp. 356-362). IEEE.
Kouwen, A., Scanlon, M., Choo, K.K.R. and Le-Khac, N.A., 2018. Digital forensic
investigation of two-way radio communication equipment and services. Digital
Investigation, 26, pp.S77-S86.
Valjarevic, A., and Venter, H.S., 2015. A comprehensive and harmonized digital forensic
investigation process model. Journal of forensic sciences, 60(6), pp.1467-1483.
chevron_up_icon
1 out of 15
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.