Digital Forensic Investigation Report: Clowning About Again Case Study
VerifiedAdded on 2023/06/03
|97
|8142
|332
Report
AI Summary
This report details a digital forensics investigation into a case involving the alleged access and distribution of clown-related content. The investigation uses the Autopsy forensic tool to examine a forensic image of a computer seized from a workplace. The case involves a suspect, Clark, who denies accessing the content but admits ownership of the computer and suggests malware infection. The report addresses several key issues, including the presentation of the offense, identification of files and data within the forensic images (182.7z.002 through 182.7z.015), determination of intent, analysis of the quantity of files, and identification of installed software. Each forensic image is analyzed for deleted files and keyword searches, particularly email addresses. The report highlights the challenges of logical acquisitions and the importance of forensically sound practices in digital investigations. The investigation aims to determine if Clark accessed the illegal content, considering the potential impact of malware and the challenges presented by the junior investigator's actions.
Computer Forensics
Unit Number:
Student Name:
Student Number:
Unit Number:
Student Name:
Student Number:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
1 Summary............................................................................................................................3
2 Issue - 1 Presentation of content relating to offence......................................................3
3 Issue 2 – Identification......................................................................................................9
3.1 Identification on Case File - 182.7z.002...................................................................9
3.2 Identification on Case File - 182.7z.003.................................................................12
3.3 Identification on Case File - 182.7z.004.................................................................15
3.4 Identification on Case File - 182.7z.005.................................................................19
3.5 Identification on Case File - 182.7z.006.................................................................21
3.6 Identification on Case File - 182.7z.007.................................................................23
3.7 Identification on Case File - 182.7z.008.................................................................26
3.8 Identification on Case File - 182.7z.009.................................................................29
3.9 Identification on Case File - 182.7z.010.................................................................31
3.10 Identification on Case File - 182.7z.011.............................................................34
3.11 Identification on Case File - 182.7z.012.............................................................36
3.12 Identification on Case File - 182.7z.013.............................................................39
3.13 Identification on Case File - 182.7z.014.............................................................42
3.14 Identification on Case File - 182.7z.015.............................................................44
4 Issue 3 – Intent................................................................................................................46
4.1 Intent on Case File - 182.7z.002..............................................................................46
4.2 Intent on Case File - 182.7z.003..............................................................................48
4.3 Intent on Case File - 182.7z.004..............................................................................50
4.4 Intent on Case File - 182.7z.005..............................................................................52
4.5 Intent on Case File - 182.7z.006..............................................................................54
4.6 Intent on Case File - 182.7z.007..............................................................................56
4.7 Intent on Case File - 182.7z.008..............................................................................58
1
1 Summary............................................................................................................................3
2 Issue - 1 Presentation of content relating to offence......................................................3
3 Issue 2 – Identification......................................................................................................9
3.1 Identification on Case File - 182.7z.002...................................................................9
3.2 Identification on Case File - 182.7z.003.................................................................12
3.3 Identification on Case File - 182.7z.004.................................................................15
3.4 Identification on Case File - 182.7z.005.................................................................19
3.5 Identification on Case File - 182.7z.006.................................................................21
3.6 Identification on Case File - 182.7z.007.................................................................23
3.7 Identification on Case File - 182.7z.008.................................................................26
3.8 Identification on Case File - 182.7z.009.................................................................29
3.9 Identification on Case File - 182.7z.010.................................................................31
3.10 Identification on Case File - 182.7z.011.............................................................34
3.11 Identification on Case File - 182.7z.012.............................................................36
3.12 Identification on Case File - 182.7z.013.............................................................39
3.13 Identification on Case File - 182.7z.014.............................................................42
3.14 Identification on Case File - 182.7z.015.............................................................44
4 Issue 3 – Intent................................................................................................................46
4.1 Intent on Case File - 182.7z.002..............................................................................46
4.2 Intent on Case File - 182.7z.003..............................................................................48
4.3 Intent on Case File - 182.7z.004..............................................................................50
4.4 Intent on Case File - 182.7z.005..............................................................................52
4.5 Intent on Case File - 182.7z.006..............................................................................54
4.6 Intent on Case File - 182.7z.007..............................................................................56
4.7 Intent on Case File - 182.7z.008..............................................................................58
1
4.8 Intent on Case File - 182.7z.009..............................................................................60
4.9 Intent on Case File - 182.7z.010..............................................................................62
4.10 Intent on Case File - 182.7z.011..........................................................................64
4.11 Intent on Case File - 182.7z.012..........................................................................66
4.12 Intent on Case File - 182.7z.013..........................................................................68
4.13 Intent on Case File - 182.7z.014..........................................................................69
4.14 Intent on Case File - 182.7z.015..........................................................................71
5 Issue 4 – Quantity of Files..............................................................................................73
5.1 Quantity of Case File - 182.7z.002..........................................................................73
5.2 Quantity of Case File - 182.7z.003..........................................................................74
5.3 Quantity of Case File - 182.7z.004..........................................................................75
5.4 Quantity of Case File - 182.7z.005..........................................................................77
5.5 Quantity of Case File - 182.7z.006..........................................................................78
5.6 Quantity of Case File - 182.7z.007..........................................................................79
5.7 Quantity of Case File - 182.7z.008..........................................................................81
5.8 Quantity of Case File - 182.7z.009..........................................................................83
5.9 Quantity of Case File - 182.7z.010..........................................................................85
5.10 Quantity of Case File - 182.7z.011......................................................................86
5.11 Quantity of Case File - 182.7z.012......................................................................88
5.12 Quantity of Case File - 182.7z.013......................................................................90
5.13 Quantity of Case File - 182.7z.014......................................................................92
5.14 Quantity of Case File - 182.7z.015......................................................................93
6 Issue 5 – Installed Software............................................................................................94
References...............................................................................................................................95
2
4.9 Intent on Case File - 182.7z.010..............................................................................62
4.10 Intent on Case File - 182.7z.011..........................................................................64
4.11 Intent on Case File - 182.7z.012..........................................................................66
4.12 Intent on Case File - 182.7z.013..........................................................................68
4.13 Intent on Case File - 182.7z.014..........................................................................69
4.14 Intent on Case File - 182.7z.015..........................................................................71
5 Issue 4 – Quantity of Files..............................................................................................73
5.1 Quantity of Case File - 182.7z.002..........................................................................73
5.2 Quantity of Case File - 182.7z.003..........................................................................74
5.3 Quantity of Case File - 182.7z.004..........................................................................75
5.4 Quantity of Case File - 182.7z.005..........................................................................77
5.5 Quantity of Case File - 182.7z.006..........................................................................78
5.6 Quantity of Case File - 182.7z.007..........................................................................79
5.7 Quantity of Case File - 182.7z.008..........................................................................81
5.8 Quantity of Case File - 182.7z.009..........................................................................83
5.9 Quantity of Case File - 182.7z.010..........................................................................85
5.10 Quantity of Case File - 182.7z.011......................................................................86
5.11 Quantity of Case File - 182.7z.012......................................................................88
5.12 Quantity of Case File - 182.7z.013......................................................................90
5.13 Quantity of Case File - 182.7z.014......................................................................92
5.14 Quantity of Case File - 182.7z.015......................................................................93
6 Issue 5 – Installed Software............................................................................................94
References...............................................................................................................................95
2
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 Summary
Main objective of this project is investigate the digital forensics images by using
appropriate tool. Basically, state of Western Australia does not provide access for digital
content related to clown because it is illegal access, own and distribute the digital content
related to clowns. The clown’s digital content are accessed by malware. So, this investigation
is needs to investigate the digital content related to the clowns. Generally, the allegation was
create the law enforcement where by a witness claims to access the clowns related data
within a work place. But, some clown’s contents are accessed without the work place.
Unfortunately, junior digital investigator obtained the forensics image of the computer that is
clowns contents performed a logical acquisition. So, this situation the junior digital forensics
investigator wiped the original hard drive from the computer. Because, the logical acquisition
is done by forensically sound manner. So, the junior investigator easily determined the
forensic image. The suspect, Clark demies the accessing the clown content and also Clark
does not confirm that the computer does belong to him. The Clark says, he does not always
take the computer home or lock it. So, senior investigator needs to examine the forensic
image of the lap which was seized with correct warrants. And, also Clark state the computer
was infected with malware that resulted in different potential content appearing on the
computer. This investigation is done by using the autopsy forensics tool. The investigation
will be done and discussed in detail.
2 Issue - 1 Presentation of content relating to offence
Here, user needs to provide the presentation of content relating to the offence. The
provided case study stated that the allegation was create the law enforcement where by a
witness claims to access the clowns related data within a work place. But, some clown’s
contents are accessed without the work place. Unfortunately, junior digital investigator
obtained the forensics image of the computer that is clowns contents performed a logical
acquisition. So, this situation the junior digital forensics investigator wiped the original hard
drive from the computer. Because, the logical acquisition is done by forensically sound
manner. So, the junior investigator easily determined the forensic image. So, senior
investigator needs to examine the forensic image of the lap which was seized with correct
warrants. This investigation is done by using the autopsy forensics tool (Bodden, n.d.).
3
Main objective of this project is investigate the digital forensics images by using
appropriate tool. Basically, state of Western Australia does not provide access for digital
content related to clown because it is illegal access, own and distribute the digital content
related to clowns. The clown’s digital content are accessed by malware. So, this investigation
is needs to investigate the digital content related to the clowns. Generally, the allegation was
create the law enforcement where by a witness claims to access the clowns related data
within a work place. But, some clown’s contents are accessed without the work place.
Unfortunately, junior digital investigator obtained the forensics image of the computer that is
clowns contents performed a logical acquisition. So, this situation the junior digital forensics
investigator wiped the original hard drive from the computer. Because, the logical acquisition
is done by forensically sound manner. So, the junior investigator easily determined the
forensic image. The suspect, Clark demies the accessing the clown content and also Clark
does not confirm that the computer does belong to him. The Clark says, he does not always
take the computer home or lock it. So, senior investigator needs to examine the forensic
image of the lap which was seized with correct warrants. And, also Clark state the computer
was infected with malware that resulted in different potential content appearing on the
computer. This investigation is done by using the autopsy forensics tool. The investigation
will be done and discussed in detail.
2 Issue - 1 Presentation of content relating to offence
Here, user needs to provide the presentation of content relating to the offence. The
provided case study stated that the allegation was create the law enforcement where by a
witness claims to access the clowns related data within a work place. But, some clown’s
contents are accessed without the work place. Unfortunately, junior digital investigator
obtained the forensics image of the computer that is clowns contents performed a logical
acquisition. So, this situation the junior digital forensics investigator wiped the original hard
drive from the computer. Because, the logical acquisition is done by forensically sound
manner. So, the junior investigator easily determined the forensic image. So, senior
investigator needs to examine the forensic image of the lap which was seized with correct
warrants. This investigation is done by using the autopsy forensics tool (Bodden, n.d.).
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
First, user needs to download and install the autopsy tool. Installation of autopsy is
successfully completed, after open the autospy tool. Then, click the new case. This process is
illustrated as below.
After, enter the case name as digital forensics and browse the directory to save the case. It is
demonstrated as below (Boddington, 2016).
Then, enter the case number as digital forensics case 01 and click the finish button to proceed
the analysis. It is shown below.
4
successfully completed, after open the autospy tool. Then, click the new case. This process is
illustrated as below.
After, enter the case name as digital forensics and browse the directory to save the case. It is
demonstrated as below (Boddington, 2016).
Then, enter the case number as digital forensics case 01 and click the finish button to proceed
the analysis. It is shown below.
4
The creation of case process is demonstrated as below.
Once case is successfully created, after user needs to add the data source which is forensics
image file. Here, we are using the raw bit data. So, choose the unallocated disk image file and
click the next button. This process is shown below (Casey, 2013).
5
Once case is successfully created, after user needs to add the data source which is forensics
image file. Here, we are using the raw bit data. So, choose the unallocated disk image file and
click the next button. This process is shown below (Casey, 2013).
5
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
After browse the forensics image folder to choose the appropriate folder and click the
forensic image which is 182.7z.002. Then, click the next button. It is shown below.
Then, configure the forensic image to ingest modules and click the next button. It is shown
below.
6
forensic image which is 182.7z.002. Then, click the next button. It is shown below.
Then, configure the forensic image to ingest modules and click the next button. It is shown
below.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Finally, added the data source for created case by click the Finish button. It is shown below.
Successfully data source is added into the case. It is shown below.
7
Successfully data source is added into the case. It is shown below.
7
Similarly, add the all the forensics images on the created case. The provided all the forensics
image is successfully added to the digital forensics case. This is demonstrated as below
(CYBERCRIME AND DIGITAL FORENSICS, 2018).
Once, data sources are added into the created case after user needs to identify the evidence
for digital forensics investigation.
8
image is successfully added to the digital forensics case. This is demonstrated as below
(CYBERCRIME AND DIGITAL FORENSICS, 2018).
Once, data sources are added into the created case after user needs to identify the evidence
for digital forensics investigation.
8
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3 Issue 2 – Identification
Here, investigator needs to identify the all the information from the forensic image file. These
processes are shown below.
3.1 Identification on Case File - 182.7z.002
Here, investigator requires to identify case file information by click the appropriate data file
which is shown below.
After click the data source file, it has the one deleted file. It is shown below.
9
Here, investigator needs to identify the all the information from the forensic image file. These
processes are shown below.
3.1 Identification on Case File - 182.7z.002
Here, investigator requires to identify case file information by click the appropriate data file
which is shown below.
After click the data source file, it has the one deleted file. It is shown below.
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The deleted file contains the following information (Duranti & Endicott-Popovsky, 2010).
Name /img_182.7z.002.002/Unalloc_1_0_524287999
Type Unallocated Blocks
MIME Type application/octet-stream
Size 524288000
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 2
10
Name /img_182.7z.002.002/Unalloc_1_0_524287999
Type Unallocated Blocks
MIME Type application/octet-stream
Size 524288000
File Name Allocation Unallocated
Metadata Allocation Unallocated
Modified 0000-00-00 00:00:00
Accessed 0000-00-00 00:00:00
Created 0000-00-00 00:00:00
Changed 0000-00-00 00:00:00
MD5 Not calculated
Hash Lookup Results UNKNOWN
Internal ID 2
10
This case file also having the keyword search information. It has three key word information
such as single literal keyword search, single regular expression search and email address. The
email address key word search has the three files. It is shown below.
Identified the case file results is shown below.
Type Value
Source File Path /img_182.7z.002.002/Unalloc_1_0_524287999
Set Name Email Addresses
Keyword Search Type 2
Keyword Regular Expression (\{?)[a-zA-Z0-9%+_\-]+(\.[a-zA-Z0-9%+_\-]
+)*(\}?)\@([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-
Z0-9])?\.)+[a-zA-Z]{2,4}
Keyword Preview }<6eS
k8!k<hn
{nma
«Vr@vI.It«
7BT/
o9e1}
%jN_
D3r
Keyword Vr@vI.It
Artifact ID -9223372036854775807
11
such as single literal keyword search, single regular expression search and email address. The
email address key word search has the three files. It is shown below.
Identified the case file results is shown below.
Type Value
Source File Path /img_182.7z.002.002/Unalloc_1_0_524287999
Set Name Email Addresses
Keyword Search Type 2
Keyword Regular Expression (\{?)[a-zA-Z0-9%+_\-]+(\.[a-zA-Z0-9%+_\-]
+)*(\}?)\@([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-
Z0-9])?\.)+[a-zA-Z]{2,4}
Keyword Preview }<6eS
k8!k<hn
{nma
«Vr@vI.It«
7BT/
o9e1}
%jN_
D3r
Keyword Vr@vI.It
Artifact ID -9223372036854775807
11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 97
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.