Digital Forensics Report: Investigating Data Theft at EMTS Company
VerifiedAdded on 2023/06/12
|12
|3002
|251
Report
AI Summary
This digital forensic report investigates a potential data theft incident at Exotic Mountain Tour Service (EMTS) involving an employee, Bob Aspen. The investigation focuses on a USB flash drive found on Aspen's desk and intercepted emails on the company's web server. Tools like Xplico, COFEE, Wireshark, and Bulk Extractor were used to analyze the data. The report covers the analysis of webmail applications, USB drive EPROM and EEPROM, encryption methods, and graphic image analysis. Findings discuss techniques for concealing data, network traffic analysis using Wireshark, and email forensics. The goal is to determine if sensitive data, particularly regarding a contract agreement with Superior Bicycles, LLC, was stolen and to gather evidence for potential prosecution. The report also aims to provide recommendations for securing the company's systems.
Running Header: DIGITAL FORENSIC REPORT
Name
Institution
Date
Name
Institution
Date
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DIGITAL FORENSIC REPORT 2
Abstract
This report is entails information for digital forensic investigation to aid in piecing
evidence together for a possible theft of information by an employee by the name, Bob Aspen of
Exotic Mountain Tour Service (EMTS). Theft of any intellectual property theft by a contract
employee or any other staff are serious case of cyber security crimes hence the report is aimed to
gather evidence for prosecution purposes as well as helping the company strategize afresh on
their new marketing.
The manager of Exotic Mountain Tour Service has requesting for my services to conduct
a digital forensic as possible theft of information by an employee of Exotic Mountain Tour
Service following a flash disk found on the desk of the employee and some emails intercepted on
the companies administrator Web-Server
The conclusion of the report is based on both the information that is derived on the usb drive as
well as the Web-Server.
Introduction
Background
The report that will help be EMTS determine whether the employee has stolen very
sensitive data regarding the contact agreement with Superior Bicycles, LLC and if so what kind
of information that the employee had stolen (Baier & Breitinger, 2011). This will not only help
the company to have prosecution evidence against the employee but also reorganize their plans
considering the magnitude of the information, which had been provided to their competitor and
the harm it might cause. Mainly this report will focus on the usb flash drive as well as the
Abstract
This report is entails information for digital forensic investigation to aid in piecing
evidence together for a possible theft of information by an employee by the name, Bob Aspen of
Exotic Mountain Tour Service (EMTS). Theft of any intellectual property theft by a contract
employee or any other staff are serious case of cyber security crimes hence the report is aimed to
gather evidence for prosecution purposes as well as helping the company strategize afresh on
their new marketing.
The manager of Exotic Mountain Tour Service has requesting for my services to conduct
a digital forensic as possible theft of information by an employee of Exotic Mountain Tour
Service following a flash disk found on the desk of the employee and some emails intercepted on
the companies administrator Web-Server
The conclusion of the report is based on both the information that is derived on the usb drive as
well as the Web-Server.
Introduction
Background
The report that will help be EMTS determine whether the employee has stolen very
sensitive data regarding the contact agreement with Superior Bicycles, LLC and if so what kind
of information that the employee had stolen (Baier & Breitinger, 2011). This will not only help
the company to have prosecution evidence against the employee but also reorganize their plans
considering the magnitude of the information, which had been provided to their competitor and
the harm it might cause. Mainly this report will focus on the usb flash drive as well as the
DIGITAL FORENSIC REPORT 3
intercepted emails on the company’s Web-Server. This will involve using a number of digital
forensic tool and the data retrieved used to giving appropriate findings on the same (Yusoff et al.,
2011).
Engagement Scope
The scope about this report is based on the aspects of doubtful activities recorded through the
mail servers as well as the Usb flash drive seized on the working desk belonging to the
contracted employee.
By application of the 5W (who, when, why, what and where) tells whether there occurred
suspicious activities that might be risky to the company.
i. Identify whether the network system of the company was compromised
ii. Offer corrective process in order to secure as well as hardening the system
iii. If need be, identify the lawful process that might be taken
iv. Could there be deleted file and they files that have been overwritten
v. Determine the time as well as the date, the file was discovered on the employee’s Usb
flash drive
vi. Are there some file that could be damaged or destroyed in the Usb drive
vii. What content about the company in the employee’s Usb flash drive
Tools used
Xplico
COFEE
intercepted emails on the company’s Web-Server. This will involve using a number of digital
forensic tool and the data retrieved used to giving appropriate findings on the same (Yusoff et al.,
2011).
Engagement Scope
The scope about this report is based on the aspects of doubtful activities recorded through the
mail servers as well as the Usb flash drive seized on the working desk belonging to the
contracted employee.
By application of the 5W (who, when, why, what and where) tells whether there occurred
suspicious activities that might be risky to the company.
i. Identify whether the network system of the company was compromised
ii. Offer corrective process in order to secure as well as hardening the system
iii. If need be, identify the lawful process that might be taken
iv. Could there be deleted file and they files that have been overwritten
v. Determine the time as well as the date, the file was discovered on the employee’s Usb
flash drive
vi. Are there some file that could be damaged or destroyed in the Usb drive
vii. What content about the company in the employee’s Usb flash drive
Tools used
Xplico
COFEE
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DIGITAL FORENSIC REPORT 4
Wireshark
Bulk Extractor
Summary
Preliminarily finding shows a likely data stealing or suspicious practices thru the images
produced by the company’s manager that makes him, suspicious that the contracted employee,
Bob Aspen might have conducted himself in a way that can be related to cybercrime (Wang et
al., 2012). The images that he produced were captured through Autopsy Browsers and Sleuth
Kits to do evaluation Linux Ext3 and Ext2 file structure. With Autopsy for closing the Website
browser before one start to evaluate the system copy the GCFI-LX.00n (n representing numbers
from 1 to 5), therefore the image files captured through the manager, associates Bob Aspen’s
work folder to the proof folder, the folder branded the operating area for Autopsy (Solomon,
2011). Investigation results are kept in the Examination evidence locker (autopsy folder).
Also, the Usb found on the lock can be linked to the above activities especially if the
employees are not allowed to carry Usb drive to their workplace (Reilly et al., 2011). Further
examining the Usb drive using the above tools will give an evidence as to what data is in the file.
As of now the Usb drive cannot be used as evidence of any crime but with further examination
can actually give more evidence on the same.
Analysis Conducted
Relevant programs examined on the Web-Server
Web-email
Wireshark
Bulk Extractor
Summary
Preliminarily finding shows a likely data stealing or suspicious practices thru the images
produced by the company’s manager that makes him, suspicious that the contracted employee,
Bob Aspen might have conducted himself in a way that can be related to cybercrime (Wang et
al., 2012). The images that he produced were captured through Autopsy Browsers and Sleuth
Kits to do evaluation Linux Ext3 and Ext2 file structure. With Autopsy for closing the Website
browser before one start to evaluate the system copy the GCFI-LX.00n (n representing numbers
from 1 to 5), therefore the image files captured through the manager, associates Bob Aspen’s
work folder to the proof folder, the folder branded the operating area for Autopsy (Solomon,
2011). Investigation results are kept in the Examination evidence locker (autopsy folder).
Also, the Usb found on the lock can be linked to the above activities especially if the
employees are not allowed to carry Usb drive to their workplace (Reilly et al., 2011). Further
examining the Usb drive using the above tools will give an evidence as to what data is in the file.
As of now the Usb drive cannot be used as evidence of any crime but with further examination
can actually give more evidence on the same.
Analysis Conducted
Relevant programs examined on the Web-Server
Web-email
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DIGITAL FORENSIC REPORT 5
This is any email user actualized as a web software running on a web server. Cases of
webmail application are SquirrelMail and Roundcube. Cases of webmail providers are Yahoo!
Mail, Gmail, AOL Mail, and Outlook.com/Hotmail.com. Most webmail providers additionally
offer email access by a computer email user utilizing standard email protocols, while numerous
web access suppliers give a webmail user as a feature of the email service incorporated into their
network access bundle (Nelson et al., 2014).
Likewise, with every web software, webmail's fundamental gain due to the utilization of
a computer email user is the capacity to transmit as well as get emails wherever from a website
browser (Maras, 2011). The major disadvantage it ought to be linked to Internet while utilizing
the electronic message apps. Other application additionally exist to incorporate portions of
webmail operations into an operating system. For the webemail application which are accessed
via HTTP that is considered unsecure can be read by the third party who can access the transfer
of data, for example over the WI-FI connections (Luttgens et al., 2014). However, this may be
prevented by linking the webmail service via HTTPS for it encrypts connection. Both the Gmail
and Yahoo! Mail necessitates that all the webmail connection be HTTPS whereas Gmail has
supported it since it launching Yahoo! Mail added this option in 2013.
The EPROM and EEPROM program of the Usb Drive
The devices the use Read only memory are considered a special case in a usual system
processes the memory only reads however it does not change (Lin et al., 2012). These memories
are non-volatile, this implies that the information stored is retained when only powered. Usb
drives uses the EPROM and EEPROM technologies. EEPROM cells comprises of one, one-and-
a-half, or two transistors, EPROM and ROM are cells is made up of one transistor. Transistor
This is any email user actualized as a web software running on a web server. Cases of
webmail application are SquirrelMail and Roundcube. Cases of webmail providers are Yahoo!
Mail, Gmail, AOL Mail, and Outlook.com/Hotmail.com. Most webmail providers additionally
offer email access by a computer email user utilizing standard email protocols, while numerous
web access suppliers give a webmail user as a feature of the email service incorporated into their
network access bundle (Nelson et al., 2014).
Likewise, with every web software, webmail's fundamental gain due to the utilization of
a computer email user is the capacity to transmit as well as get emails wherever from a website
browser (Maras, 2011). The major disadvantage it ought to be linked to Internet while utilizing
the electronic message apps. Other application additionally exist to incorporate portions of
webmail operations into an operating system. For the webemail application which are accessed
via HTTP that is considered unsecure can be read by the third party who can access the transfer
of data, for example over the WI-FI connections (Luttgens et al., 2014). However, this may be
prevented by linking the webmail service via HTTPS for it encrypts connection. Both the Gmail
and Yahoo! Mail necessitates that all the webmail connection be HTTPS whereas Gmail has
supported it since it launching Yahoo! Mail added this option in 2013.
The EPROM and EEPROM program of the Usb Drive
The devices the use Read only memory are considered a special case in a usual system
processes the memory only reads however it does not change (Lin et al., 2012). These memories
are non-volatile, this implies that the information stored is retained when only powered. Usb
drives uses the EPROM and EEPROM technologies. EEPROM cells comprises of one, one-and-
a-half, or two transistors, EPROM and ROM are cells is made up of one transistor. Transistor
DIGITAL FORENSIC REPORT 6
threshold voltage determines whether it is “0” or “1”. Voltage of the cell is placed on the gate
during the read cycle (Gupta et al., 2012). Contingent on the coded threshold voltage, the
transistor can or cannot move the current. This current or lack of current is transformed by the
sense amplifier into 0 or 1.
Electrically Erasable Programmable ROM (EEPROM) provides users with excellent
performance and capabilities. Just a single external source of power is requisite due to the high
energy voltage for erase/program is produced internally. Erase and Write procedures are
executed on byte to byte basis (Guo et al., 2012). Ultraviolet Erasable Programmable Read Only
Memory (EPROM) is a distinct sort of electrically programmed ROM, however it is erasable
when under ultraviolent light.
Encryption
Encryption refers to a process for altering data on computers in a way that it ends up
muddled (Baier & Breitinger, 2011). In this situation, regardless of whether somebody might
access a computer containing specific data on it, they likely will not be in a position to use the
information except when they have confounded expensive applications or the initial information
key. Encryption utilizes three techniques.
Hashing: this approach generates a distinct, fixed-stretch signatures for messages or data set.
Each "hash" is distinctive to a particular mail, thus trivial adjustments to the messages make it
easy to track. After data is encoded through hashing method, it can never be decoded or reversed
(Bennett, 2012).
threshold voltage determines whether it is “0” or “1”. Voltage of the cell is placed on the gate
during the read cycle (Gupta et al., 2012). Contingent on the coded threshold voltage, the
transistor can or cannot move the current. This current or lack of current is transformed by the
sense amplifier into 0 or 1.
Electrically Erasable Programmable ROM (EEPROM) provides users with excellent
performance and capabilities. Just a single external source of power is requisite due to the high
energy voltage for erase/program is produced internally. Erase and Write procedures are
executed on byte to byte basis (Guo et al., 2012). Ultraviolet Erasable Programmable Read Only
Memory (EPROM) is a distinct sort of electrically programmed ROM, however it is erasable
when under ultraviolent light.
Encryption
Encryption refers to a process for altering data on computers in a way that it ends up
muddled (Baier & Breitinger, 2011). In this situation, regardless of whether somebody might
access a computer containing specific data on it, they likely will not be in a position to use the
information except when they have confounded expensive applications or the initial information
key. Encryption utilizes three techniques.
Hashing: this approach generates a distinct, fixed-stretch signatures for messages or data set.
Each "hash" is distinctive to a particular mail, thus trivial adjustments to the messages make it
easy to track. After data is encoded through hashing method, it can never be decoded or reversed
(Bennett, 2012).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DIGITAL FORENSIC REPORT 7
Symmetric methods: The encryption is known by the name private-key cryptography, as well is
referred by this name for the keys employed to decode as well as encoding messages should
remain safe, as anybody gaining access to it might decrypt the data (Bennett, 2012).
Asymmetric methods: Different from symmetric method, it is referred to as public-key
cryptography and it is not pretty comparable to the two other methods for it utilizes two keys for
encoding or decoding (it might perhaps be more secure thusly (Conklin et al., 2015).
Graphic image analysis
Image forensics passive techniques are contingent on the fact that different processing
stages during image acquisition, post-processing and storage processes leave identifying traces of
those processes offering a unique fingerprint to trail the history of the image (Casey, 2011).
Various forensic purposes uses these fingerprints from the source identification to tampering
detection.
These stages causes imperfections to the final image outputs. The relics or imperfections
are different from one gadget to another as well as form a distinct fingerprints that may be
applied to follow the source gadgets and the justifying detection (Conklin et al., 2015). The
imperfections are caused since to device inperfections like chromatic aberrations, CFA
interpolation, distortion, sensor imperfections and other processing stages like lossy
compression. Artifacts and distortion presence in these artifacts gives clue about image’s
integrity and originality.
Symmetric methods: The encryption is known by the name private-key cryptography, as well is
referred by this name for the keys employed to decode as well as encoding messages should
remain safe, as anybody gaining access to it might decrypt the data (Bennett, 2012).
Asymmetric methods: Different from symmetric method, it is referred to as public-key
cryptography and it is not pretty comparable to the two other methods for it utilizes two keys for
encoding or decoding (it might perhaps be more secure thusly (Conklin et al., 2015).
Graphic image analysis
Image forensics passive techniques are contingent on the fact that different processing
stages during image acquisition, post-processing and storage processes leave identifying traces of
those processes offering a unique fingerprint to trail the history of the image (Casey, 2011).
Various forensic purposes uses these fingerprints from the source identification to tampering
detection.
These stages causes imperfections to the final image outputs. The relics or imperfections
are different from one gadget to another as well as form a distinct fingerprints that may be
applied to follow the source gadgets and the justifying detection (Conklin et al., 2015). The
imperfections are caused since to device inperfections like chromatic aberrations, CFA
interpolation, distortion, sensor imperfections and other processing stages like lossy
compression. Artifacts and distortion presence in these artifacts gives clue about image’s
integrity and originality.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DIGITAL FORENSIC REPORT 8
Findings
One approach to conceal allotments is to make a segment and after that utilization a disk
editor, for example, Norton DiskEdit, to erase any reference to it physically. To get to the erased
segment, clients can alter the partitioning table and re-make the connections, and afterward, the
concealed segment returns when the drive is restarted. Another approach to conceal sections with
disk partitioning utilities, like; System Commander, Partitioning Magic, Linux GRUB (Grand
Unified Bootloader) or GDisk that gives startup menus where one can select an operating
system. The framework as per point contempt any other bootable partition. To circumvent the
system, one must make sure he/she account all space in the drive when he is evaluating proof
drives. Break down all drive segments containing spaces which can never be denoted with the
aim that one can select if they have extra evidence (Conklin et al., 2015). Users might use
programming skills of assembling language to determine the way of creating a low-level
encoding program that advance requests of the parallel data, causing the altered information
become indistinguishable when gotten with text editors or detail word processors. This software
adjusts bits for all bytes in a document. To safeguard a folder containing implicating or sensitive
data, these suspects execute an assembly program (called macro) on the document for scrambling
the bits. In order to reach the folder, they execute a new program that regenerates diversified bits
to unique request. Part of these applications are yet applied today and might make it difficult for
any examiner to dissect information found on a hard drive.
Wireshark, being a network analyzing tool formerly referred to as Ethereal, effectively
captures packets and display them using a format, which can easily be read by human (Conklin
et al., 2015). Wireshark comprises color-coding, filters, as well as other structures that allows
one to dig deeper into the network traffic, then inspect packets separately. Wireshark capturing
Findings
One approach to conceal allotments is to make a segment and after that utilization a disk
editor, for example, Norton DiskEdit, to erase any reference to it physically. To get to the erased
segment, clients can alter the partitioning table and re-make the connections, and afterward, the
concealed segment returns when the drive is restarted. Another approach to conceal sections with
disk partitioning utilities, like; System Commander, Partitioning Magic, Linux GRUB (Grand
Unified Bootloader) or GDisk that gives startup menus where one can select an operating
system. The framework as per point contempt any other bootable partition. To circumvent the
system, one must make sure he/she account all space in the drive when he is evaluating proof
drives. Break down all drive segments containing spaces which can never be denoted with the
aim that one can select if they have extra evidence (Conklin et al., 2015). Users might use
programming skills of assembling language to determine the way of creating a low-level
encoding program that advance requests of the parallel data, causing the altered information
become indistinguishable when gotten with text editors or detail word processors. This software
adjusts bits for all bytes in a document. To safeguard a folder containing implicating or sensitive
data, these suspects execute an assembly program (called macro) on the document for scrambling
the bits. In order to reach the folder, they execute a new program that regenerates diversified bits
to unique request. Part of these applications are yet applied today and might make it difficult for
any examiner to dissect information found on a hard drive.
Wireshark, being a network analyzing tool formerly referred to as Ethereal, effectively
captures packets and display them using a format, which can easily be read by human (Conklin
et al., 2015). Wireshark comprises color-coding, filters, as well as other structures that allows
one to dig deeper into the network traffic, then inspect packets separately. Wireshark capturing
DIGITAL FORENSIC REPORT 9
packets, filtering them, as well as inspecting them. Applying Wireshark for inspecting distrustful
programs’ network traffic, study the flow of network traffic, or even troubleshoot network issues.
E-mail forensics is the studying of content as well as source of e-mails as evidences of
recognizing actual sources of messages, time/data of transmission, comprehensive record of the
e-mail transaction, and the intention of the person who send. This study includes investigation of
port scanning, metadata, as well as keyword search for production ascription and e-mail cons
recognition. Metadata within the electronic messages as a controlling information (envelopes and
headers having headers within the messages, body contain information about the course through
which emails traversed or the despatcher. Some may be muddled to hide identity of the sender.
A comprehensive analysis of the headers as well as their association is done during header
analysis. In this analysis, copies of server logs and conveyed e-mails are examined to detect
source of any e-mail text. E-mails removed from clients (receivers or senders) whose retrieval is
impossible might be demanded from servers (ISP or Proxy) since majority of them keep copies
of e-mails immediately after they are delivered. In addition, logs preserved by servers might be
examined to find the addresses of the PC in charge of making the electronic message transaction
(Colombini & Colella, 2011). Nevertheless, servers keep the copies of server logs and e-mail
only for short periods while some might never co-operate with people investigating.
Conclusion
In this paper, a realistic website compromise was looked at, demonstrating that a great
deal of information can be gathered only from network analysis. Based on the artifacts captured,
it was shown how the command and control channel could be analyzed, leading to its decryption.
This lead to identifying the actions taken by the attacker, and degree that the system was
packets, filtering them, as well as inspecting them. Applying Wireshark for inspecting distrustful
programs’ network traffic, study the flow of network traffic, or even troubleshoot network issues.
E-mail forensics is the studying of content as well as source of e-mails as evidences of
recognizing actual sources of messages, time/data of transmission, comprehensive record of the
e-mail transaction, and the intention of the person who send. This study includes investigation of
port scanning, metadata, as well as keyword search for production ascription and e-mail cons
recognition. Metadata within the electronic messages as a controlling information (envelopes and
headers having headers within the messages, body contain information about the course through
which emails traversed or the despatcher. Some may be muddled to hide identity of the sender.
A comprehensive analysis of the headers as well as their association is done during header
analysis. In this analysis, copies of server logs and conveyed e-mails are examined to detect
source of any e-mail text. E-mails removed from clients (receivers or senders) whose retrieval is
impossible might be demanded from servers (ISP or Proxy) since majority of them keep copies
of e-mails immediately after they are delivered. In addition, logs preserved by servers might be
examined to find the addresses of the PC in charge of making the electronic message transaction
(Colombini & Colella, 2011). Nevertheless, servers keep the copies of server logs and e-mail
only for short periods while some might never co-operate with people investigating.
Conclusion
In this paper, a realistic website compromise was looked at, demonstrating that a great
deal of information can be gathered only from network analysis. Based on the artifacts captured,
it was shown how the command and control channel could be analyzed, leading to its decryption.
This lead to identifying the actions taken by the attacker, and degree that the system was
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
DIGITAL FORENSIC REPORT 10
compromised. Using known and controlled scenarios are a great way for an analyst to improve
their skills, or to focus on a specific set of tools. By continually identifying weaknesses in skills
and isolating scenarios around them, you will be able to focus on measured improvement.
References
Baier, H., & Breitinger, F. (2011, May). Security aspects of piecewise hashing in computer
forensics. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth
International Conference on (pp. 21-36). IEEE.
Bennett, D. (2012). The challenges facing computer forensics investigators in obtaining
information from mobile devices for use in criminal investigations. Information Security
Journal: A Global Perspective, 21(3), 159-168.
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the
internet. Academic press.
compromised. Using known and controlled scenarios are a great way for an analyst to improve
their skills, or to focus on a specific set of tools. By continually identifying weaknesses in skills
and isolating scenarios around them, you will be able to focus on measured improvement.
References
Baier, H., & Breitinger, F. (2011, May). Security aspects of piecewise hashing in computer
forensics. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth
International Conference on (pp. 21-36). IEEE.
Bennett, D. (2012). The challenges facing computer forensics investigators in obtaining
information from mobile devices for use in criminal investigations. Information Security
Journal: A Global Perspective, 21(3), 159-168.
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the
internet. Academic press.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
DIGITAL FORENSIC REPORT 11
Colombini, C., & Colella, A. (2011, August). Digital profiling: A computer forensics approach.
In International Conference on Availability, Reliability, and Security (pp. 330-343).
Springer, Berlin, Heidelberg.
Conklin, W. A., White, G., Cothren, C., Davis, R., & Williams, D. (2015). Principles of
computer security. McGraw-Hill Education Group.
Guo, H., Jin, B., & Shang, T. (2012, August). Forensic investigations in cloud environments.
In Computer Science and Information Processing (CSIP), 2012 International Conference
on (pp. 248-251). IEEE.
Gupta, R., Jain, A., & Singh, G. (2012). Combine use of steganography and visual cryptography
for secured data hiding in computer forensics. International Journal of Computer Science
and Information Technologies, 3(3), 4366-4370.
Lin, C. H., Lee, C. Y., & Wu, T. W. (2012). A cloud-aided RSA signature scheme for sealing
and storing the digital evidences in computer forensics. International journal of security
and its Applications, 6(2), 241-244.
Luttgens, J. T., Pepe, M., & Mandia, K. (2014). Incident response & computer forensics.
McGraw-Hill Education Group.
Maras, M. H. (2011). Computer forensics: Cybercriminals, laws, and evidence. Jones and
Bartlett Publishers, Inc..
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations.
Cengage Learning.
Colombini, C., & Colella, A. (2011, August). Digital profiling: A computer forensics approach.
In International Conference on Availability, Reliability, and Security (pp. 330-343).
Springer, Berlin, Heidelberg.
Conklin, W. A., White, G., Cothren, C., Davis, R., & Williams, D. (2015). Principles of
computer security. McGraw-Hill Education Group.
Guo, H., Jin, B., & Shang, T. (2012, August). Forensic investigations in cloud environments.
In Computer Science and Information Processing (CSIP), 2012 International Conference
on (pp. 248-251). IEEE.
Gupta, R., Jain, A., & Singh, G. (2012). Combine use of steganography and visual cryptography
for secured data hiding in computer forensics. International Journal of Computer Science
and Information Technologies, 3(3), 4366-4370.
Lin, C. H., Lee, C. Y., & Wu, T. W. (2012). A cloud-aided RSA signature scheme for sealing
and storing the digital evidences in computer forensics. International journal of security
and its Applications, 6(2), 241-244.
Luttgens, J. T., Pepe, M., & Mandia, K. (2014). Incident response & computer forensics.
McGraw-Hill Education Group.
Maras, M. H. (2011). Computer forensics: Cybercriminals, laws, and evidence. Jones and
Bartlett Publishers, Inc..
Nelson, B., Phillips, A., & Steuart, C. (2014). Guide to computer forensics and investigations.
Cengage Learning.
DIGITAL FORENSIC REPORT 12
Reilly, D., Wren, C., & Berry, T. (2011). Cloud computing: Pros and cons for computer forensic
investigations. International Journal Multimedia and Image Processing (IJMIP), 1(1),
26-34.
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer forensics
jumpstart. John Wiley & Sons.
Wang, D., Han, B., & Huang, M. (2012). Application of fuzzy c-means clustering algorithm
based on particle swarm optimization in computer forensics. Physics Procedia, 24, 1186-
1191.
Yusoff, Y., Ismail, R., & Hassan, Z. (2011). Common phases of computer forensics investigation
models. International Journal of Computer Science & Information Technology, 3(3), 17-
31.
Reilly, D., Wren, C., & Berry, T. (2011). Cloud computing: Pros and cons for computer forensic
investigations. International Journal Multimedia and Image Processing (IJMIP), 1(1),
26-34.
Solomon, M. G., Rudolph, K., Tittel, E., Broom, N., & Barrett, D. (2011). Computer forensics
jumpstart. John Wiley & Sons.
Wang, D., Han, B., & Huang, M. (2012). Application of fuzzy c-means clustering algorithm
based on particle swarm optimization in computer forensics. Physics Procedia, 24, 1186-
1191.
Yusoff, Y., Ismail, R., & Hassan, Z. (2011). Common phases of computer forensics investigation
models. International Journal of Computer Science & Information Technology, 3(3), 17-
31.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.