Digital Forensics Report: Analyzing Disk Image for HMRC Investigation
VerifiedAdded on 2023/04/25
|47
|2845
|269
Report
AI Summary
This forensic computing report details the analysis of a provided disk image file using Autopsy and ProDiscover, focusing on identifying incriminating evidence related to a potential bomb threat sent via email. The analysis covers various aspects, including email evidence, web browser activity, and file system contents, with a comparison of the effectiveness of both tools in uncovering relevant data. The report outlines the steps taken during the investigation, such as keyword searches and timeline analysis, and presents findings related to potential tax fraud committed by Mr. Larry Bevois. The comprehensive analysis aims to provide a clear understanding of the digital evidence and its implications, with appendices including evidence listings and timelines. Desklib is a valuable resource for students seeking similar solved assignments and study tools.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Forensic Computing
Student Name: *****
Student ID: ******
Submission Date: ******
Executive Summary
Student Name: *****
Student ID: ******
Submission Date: ******
Executive Summary
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Main objective of this project is to analysis the provided forensics disk image file, to identify and
justify the incriminating evidence, by using two forensics tools such as Autopsy and
ProDiscover. The offender seems to be attempt to use email, to send a bomb threat to interface
with the national oil exposition. It seems that it undertook during Robert Bonner’s email account
from his personal computer located at his residence on 18/10/2013. You have to play out a
legitimate digital forensic analysis by utilizing these two apparatuses, implying that you are
expected to demonstrate exculpatory proof to be revealed in the analysis. Consider performing
two complete digital analysis on the provided case file, and later talk aboutthe different tools
utilized, after looking at its effectiveness.
justify the incriminating evidence, by using two forensics tools such as Autopsy and
ProDiscover. The offender seems to be attempt to use email, to send a bomb threat to interface
with the national oil exposition. It seems that it undertook during Robert Bonner’s email account
from his personal computer located at his residence on 18/10/2013. You have to play out a
legitimate digital forensic analysis by utilizing these two apparatuses, implying that you are
expected to demonstrate exculpatory proof to be revealed in the analysis. Consider performing
two complete digital analysis on the provided case file, and later talk aboutthe different tools
utilized, after looking at its effectiveness.
Table of Contents
1 Introduction..............................................................................................................................1
1.1 Background Description.................................................................................................1
1.2 Objectives of the Project.................................................................................................1
2 Overall Tool Features Comparison..........................................................................................1
2.1 Autopsy............................................................................................................................1
2.2 Pro discover.....................................................................................................................3
3 Locate Phase Product Comparison..........................................................................................4
3.1 Autopsy............................................................................................................................4
3.2 ProDiscover......................................................................................................................9
4 Select or Search Phase Product Comparison.........................................................................11
4.1 Autopsy..........................................................................................................................11
4.2 ProDiscover....................................................................................................................15
5 Analyzeand Validate Phase Product Comparison.................................................................17
5.1 Autopsy..........................................................................................................................17
5.2 ProDiscover....................................................................................................................26
6 Summary and Conclusion......................................................................................................33
6.1 Summary of Autopsy strengths and weaknesses........................................................34
6.2 Summary of Pro Discover strengths and weaknesses................................................34
References......................................................................................................................................34
Appendix........................................................................................................................................35
1. Evidence Listing................................................................................................................35
Autopsy.................................................................................................................................35
ProDiscover..........................................................................................................................39
2. Evidence Timeline.............................................................................................................41
Autopsy.................................................................................................................................41
1 Introduction..............................................................................................................................1
1.1 Background Description.................................................................................................1
1.2 Objectives of the Project.................................................................................................1
2 Overall Tool Features Comparison..........................................................................................1
2.1 Autopsy............................................................................................................................1
2.2 Pro discover.....................................................................................................................3
3 Locate Phase Product Comparison..........................................................................................4
3.1 Autopsy............................................................................................................................4
3.2 ProDiscover......................................................................................................................9
4 Select or Search Phase Product Comparison.........................................................................11
4.1 Autopsy..........................................................................................................................11
4.2 ProDiscover....................................................................................................................15
5 Analyzeand Validate Phase Product Comparison.................................................................17
5.1 Autopsy..........................................................................................................................17
5.2 ProDiscover....................................................................................................................26
6 Summary and Conclusion......................................................................................................33
6.1 Summary of Autopsy strengths and weaknesses........................................................34
6.2 Summary of Pro Discover strengths and weaknesses................................................34
References......................................................................................................................................34
Appendix........................................................................................................................................35
1. Evidence Listing................................................................................................................35
Autopsy.................................................................................................................................35
ProDiscover..........................................................................................................................39
2. Evidence Timeline.............................................................................................................41
Autopsy.................................................................................................................................41
1 Introduction
1.1 Background Description
The HMRC (Her Majesty's Revenue and Customs) has been leading an analysis concerning
Mr. Larry Bevois who is an organization chief of XUZ Circuits Ltd. Generally, the HMRC
suspect Mr. Bevois has been intentionally captivated in tax avoidance, by guiding a portion of
his organization pay to an off shore financial balance in Belize. HMRC have sensible conviction
that the maintained strategic distance is more prominent than £75,000 and at first offered Mr.
Bevois the chance to co-work in the investigation and dodge criminal approvals; in any case,
HMRC trusts Mr. Bevois has been unscrupulous in his announcements amid the COP9
investigation and has now propelled a criminal investigation. The seizure of Mr. Bevois financial
balances in the UK has been uncertain and they have now looked to, and acquired, images of Mr.
Bevois PC. At the season of seizure, Mr. Bevois PC was exchanged, thus a memory catch was
additionally taken. HMRC requires proof that it may demonstrate that Mr. Bevois has submitted
assessment extortion and that he has acted with the purpose to submit the charge
misrepresentation. Explore both of the images and present your discoveries in an answer to be
provided to the HMRC.
1.2 Objectives of the Project
This project’s main objective includes analyzing the provided forensics disk image file, to
identify and justify the incriminating evidence, by using two forensics tools such as Autopsy and
ProDiscover. The offender seems to be attempt to use email, to send a bomb threat to interface
with the national oil exposition. It seems that it undertook during Robert Bonner’s email account
from his personal computer located at his residence on 18/10/2013. You have to play out a
legitimate digital forensic analysis by utilizing these two apparatuses, implying that you are
expected to demonstrate exculpatory proof to be revealed in the analysis. Consider performing
two complete digital analysis on the provided case file, and later talk about the different tools
utilized, after looking at its effectiveness (Gladyshev& Rogers, 2012).
1
1.1 Background Description
The HMRC (Her Majesty's Revenue and Customs) has been leading an analysis concerning
Mr. Larry Bevois who is an organization chief of XUZ Circuits Ltd. Generally, the HMRC
suspect Mr. Bevois has been intentionally captivated in tax avoidance, by guiding a portion of
his organization pay to an off shore financial balance in Belize. HMRC have sensible conviction
that the maintained strategic distance is more prominent than £75,000 and at first offered Mr.
Bevois the chance to co-work in the investigation and dodge criminal approvals; in any case,
HMRC trusts Mr. Bevois has been unscrupulous in his announcements amid the COP9
investigation and has now propelled a criminal investigation. The seizure of Mr. Bevois financial
balances in the UK has been uncertain and they have now looked to, and acquired, images of Mr.
Bevois PC. At the season of seizure, Mr. Bevois PC was exchanged, thus a memory catch was
additionally taken. HMRC requires proof that it may demonstrate that Mr. Bevois has submitted
assessment extortion and that he has acted with the purpose to submit the charge
misrepresentation. Explore both of the images and present your discoveries in an answer to be
provided to the HMRC.
1.2 Objectives of the Project
This project’s main objective includes analyzing the provided forensics disk image file, to
identify and justify the incriminating evidence, by using two forensics tools such as Autopsy and
ProDiscover. The offender seems to be attempt to use email, to send a bomb threat to interface
with the national oil exposition. It seems that it undertook during Robert Bonner’s email account
from his personal computer located at his residence on 18/10/2013. You have to play out a
legitimate digital forensic analysis by utilizing these two apparatuses, implying that you are
expected to demonstrate exculpatory proof to be revealed in the analysis. Consider performing
two complete digital analysis on the provided case file, and later talk about the different tools
utilized, after looking at its effectiveness (Gladyshev& Rogers, 2012).
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2 Overall Tool Features Comparison
2.1 Autopsy
Autopsy refers to an advanced legal sciences stage and it is a graphical interface for the
Sleuth Kit® and other computerized crime scene investigation devices. Autopsy is used by law
requirement, corporate inspectors and military for researching what activity took place in the
Personal Computer. It is even possible to use it for recouping the photographs from the memory
card of the camera.
Investigation Features
The following is the rundown of Autopsy highlights.
• Multi-User Cases: Collaborate with individual inspectors on expansive cases.
• Hash Set Filtering: Filter out realized great records utilizing NSRL and banner
realized terrible documents utilizing custom hash sets in Hash Keeper, md5sum, and
EnCase groups.
• Timeline Analysis: In the graphical interface, it shows the framework occasions for
helping to distinguish the movement.
• Keyword Search: The extraction of text and file sought modules empower to discover
the records which notice the explicit terms and discover the normal articulation
designs.
• Web Artifacts: Extracts web action from basic programs to help distinguish client
movement.
• Tags: Tag records with discretionary label names, for example, 'bookmark' or
'suspicious', and include remarks.
• Registry Analysis: Uses Reg Ripper to distinguish the records and USB devices.
• Thumbnail watcher: Displays thumbnail of images to help quickly view the images.
• Email Analysis: Parses MBOX design messages, for example, Thunderbird (Gogolin,
2013).
Analysis Modes
• A dead Analysis happens when a committed investigation framework is utilized to
analyze the information from a presume framework. For this situation, Autopsy along
with The Sleuth Kit are kept running in a confided condition, commonly in the lab.
2
2.1 Autopsy
Autopsy refers to an advanced legal sciences stage and it is a graphical interface for the
Sleuth Kit® and other computerized crime scene investigation devices. Autopsy is used by law
requirement, corporate inspectors and military for researching what activity took place in the
Personal Computer. It is even possible to use it for recouping the photographs from the memory
card of the camera.
Investigation Features
The following is the rundown of Autopsy highlights.
• Multi-User Cases: Collaborate with individual inspectors on expansive cases.
• Hash Set Filtering: Filter out realized great records utilizing NSRL and banner
realized terrible documents utilizing custom hash sets in Hash Keeper, md5sum, and
EnCase groups.
• Timeline Analysis: In the graphical interface, it shows the framework occasions for
helping to distinguish the movement.
• Keyword Search: The extraction of text and file sought modules empower to discover
the records which notice the explicit terms and discover the normal articulation
designs.
• Web Artifacts: Extracts web action from basic programs to help distinguish client
movement.
• Tags: Tag records with discretionary label names, for example, 'bookmark' or
'suspicious', and include remarks.
• Registry Analysis: Uses Reg Ripper to distinguish the records and USB devices.
• Thumbnail watcher: Displays thumbnail of images to help quickly view the images.
• Email Analysis: Parses MBOX design messages, for example, Thunderbird (Gogolin,
2013).
Analysis Modes
• A dead Analysis happens when a committed investigation framework is utilized to
analyze the information from a presume framework. For this situation, Autopsy along
with The Sleuth Kit are kept running in a confided condition, commonly in the lab.
2
• A live investigation takes place when the presume framework is currently examined
when it runs. For such situation, in an untrusted domain, the autopsy along with The
Sleuth Kit are kept running from the CD. This is often utilized amid episode reaction
while the occurrence is being affirmed. After it is affirmed, the framework can be
procured and a dead investigation is performed.
Case Management
• Case Management: The investigations are sorted out based on cases, where it could at
least have a single host. Every single host is settled to contain its respective time zone
setting and clock skew with the goal that the occasions showed are equivalent to what
the initial client might have viewed. Each host could at least have a single record
framework images, for investigation.
• Event Sequencer: The time-based situations could be added from the document
movement or the IDS and the firewall logs. Autopsy sorts out the situations with the
goal which the arrangement of situation’s occurrence could be decided more
effectively.
• Image Integrity: The image integrity is critical for guaranteeing that the records aren’t
adjusted during the analysis. Of course, the autopsy analysis, will generate MD5
value for every single record which is imported or created. Any record’s
trustworthiness, which Autopsy utilizes could be approved as and when required.
2.2 Pro discover
ProDiscover Forensic is a ground breaking Personal Computer security tool which
empowers the experts of Personal Computers to identify a large amount information from the
Personal Computer’s circle and also it ensures proof and makes effective evidentiary reports, to
use the procedures that are legitimate (Sammons, 2015). This product highlights the PC legal
sciences with instruments for complete occurrence reaction. It includes all the essential IT
measurable capacities full plate imaging, record metadata data, hash-keeping and a capacity to
discover the shrouded information, just as assemble information on circles from the complete
system. Each one highlights are incorporated with one principle interface that is very task
proficient with all the usefulness in one spot. The program performed well under our tests. If the
interface format becomes comfortable, it is observed that it was an integral asset ready to
completely image both the plate on our crime scene investigation test circle and a plate on a PC
3
when it runs. For such situation, in an untrusted domain, the autopsy along with The
Sleuth Kit are kept running from the CD. This is often utilized amid episode reaction
while the occurrence is being affirmed. After it is affirmed, the framework can be
procured and a dead investigation is performed.
Case Management
• Case Management: The investigations are sorted out based on cases, where it could at
least have a single host. Every single host is settled to contain its respective time zone
setting and clock skew with the goal that the occasions showed are equivalent to what
the initial client might have viewed. Each host could at least have a single record
framework images, for investigation.
• Event Sequencer: The time-based situations could be added from the document
movement or the IDS and the firewall logs. Autopsy sorts out the situations with the
goal which the arrangement of situation’s occurrence could be decided more
effectively.
• Image Integrity: The image integrity is critical for guaranteeing that the records aren’t
adjusted during the analysis. Of course, the autopsy analysis, will generate MD5
value for every single record which is imported or created. Any record’s
trustworthiness, which Autopsy utilizes could be approved as and when required.
2.2 Pro discover
ProDiscover Forensic is a ground breaking Personal Computer security tool which
empowers the experts of Personal Computers to identify a large amount information from the
Personal Computer’s circle and also it ensures proof and makes effective evidentiary reports, to
use the procedures that are legitimate (Sammons, 2015). This product highlights the PC legal
sciences with instruments for complete occurrence reaction. It includes all the essential IT
measurable capacities full plate imaging, record metadata data, hash-keeping and a capacity to
discover the shrouded information, just as assemble information on circles from the complete
system. Each one highlights are incorporated with one principle interface that is very task
proficient with all the usefulness in one spot. The program performed well under our tests. If the
interface format becomes comfortable, it is observed that it was an integral asset ready to
completely image both the plate on our crime scene investigation test circle and a plate on a PC
3
on our system. Additionally, it was discovered to be highly productive, quick and had precise
imaging. The remote specialists have less impression. The documentation is wide spread and
provides clear program highlight’s clarifications. Innovation Pathways provides top to bottom
support on the site, along with how it contacts help from the email and telephone, just as the
online gathering (Ray & Shenoi, 2011).
This product has great value for the practically identical products which are undeniably
progressively costly. The highlights of a completely able system based PC legal sciences
instrument, combined with capacity for accumulating the proof remotely makes it superb value.
This product is rated as our best purchase in the PC legal science’s product class.
3 Locate Phase Product Comparison
3.1 Autopsy
Open Autopsy tool. Create a new case to click the new case.
Enter the case name as Forensics_Case. Further, to save the disk image file, browse the
directory and the button called, Next must be selected.
4
imaging. The remote specialists have less impression. The documentation is wide spread and
provides clear program highlight’s clarifications. Innovation Pathways provides top to bottom
support on the site, along with how it contacts help from the email and telephone, just as the
online gathering (Ray & Shenoi, 2011).
This product has great value for the practically identical products which are undeniably
progressively costly. The highlights of a completely able system based PC legal sciences
instrument, combined with capacity for accumulating the proof remotely makes it superb value.
This product is rated as our best purchase in the PC legal science’s product class.
3 Locate Phase Product Comparison
3.1 Autopsy
Open Autopsy tool. Create a new case to click the new case.
Enter the case name as Forensics_Case. Further, to save the disk image file, browse the
directory and the button called, Next must be selected.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Here, enter the optional information where the case number is 001. Next, the button called, finish
must be selected for creating the autopsy case file.
5
must be selected for creating the autopsy case file.
5
Later, add the data source to click the Disk image and select the button called, Finish.
Then, browse the provided case file which is 2014 case file and select the button called, Open.
6
Then, browse the provided case file which is 2014 case file and select the button called, Open.
6
Next, configure the ingest modules.
7
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Finally, for adding the data source, press the finish button.
At last, the provided case file was successfully added. It is demonstrated in the below figure.
8
At last, the provided case file was successfully added. It is demonstrated in the below figure.
8
The provided case file has three volumes and it is illustrated below.
3.2 ProDiscover
In ProDiscover, open the ProDiscover tool. Next, the provided image file appears, then
click on add image. It is illustrated below.
9
3.2 ProDiscover
In ProDiscover, open the ProDiscover tool. Next, the provided image file appears, then
click on add image. It is illustrated below.
9
The provided case file shows the below information.
10
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4 Select or Search Phase Product Comparison
In this phase, the search phase is analyzed on both the Autopsy and ProDiscover tool. These are
demonstrated below.
4.1 Autopsy
In Autopsy, click the keyword lists to choose the managed keyword list. Next, click on the
new keyword list to enter the Luvabai9945. It is illustrated below.
11
In this phase, the search phase is analyzed on both the Autopsy and ProDiscover tool. These are
demonstrated below.
4.1 Autopsy
In Autopsy, click the keyword lists to choose the managed keyword list. Next, click on the
new keyword list to enter the Luvabai9945. It is illustrated below.
11
Later, add the keywords by clicking on the new keywords.
12
12
Enter the keyword as luvabai9945 and choose the substring match as keyword type.
Then, press the button named, OK.
13
Then, press the button named, OK.
13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Once, in the keyword list all the keywords are added, search the keyword as Jo in the keyword
search. It produces the below results.
14
search. It produces the below results.
14
4.2 ProDiscover
In ProDiscover, Click the search tool to click on the content search.
Next, choose select all matches, and enter the search patterns as Jo. Then, also choose the
Disk image files. Finally, click on the OK button.
15
In ProDiscover, Click the search tool to click on the content search.
Next, choose select all matches, and enter the search patterns as Jo. Then, also choose the
Disk image files. Finally, click on the OK button.
15
It searches the matching words.
Finally, it shows the Jo related files. It is demonstrated below.
16
Finally, it shows the Jo related files. It is demonstrated below.
16
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5 Analyzeand Validate Phase Product Comparison
In analyze the validation Phases, it is used to demonstrate the thorough coverage on file,
email, web browser and other types of evidence in the provided case file on both two tools. All
this is discussed and demonstrated below.
5.1 Autopsy
Email Evidence
The email evidence for the provided case file is illustrated below(Watson & Jones, 2013).
17
In analyze the validation Phases, it is used to demonstrate the thorough coverage on file,
email, web browser and other types of evidence in the provided case file on both two tools. All
this is discussed and demonstrated below.
5.1 Autopsy
Email Evidence
The email evidence for the provided case file is illustrated below(Watson & Jones, 2013).
17
18
Web Browser Evidence
The web browser evidence for the provided case file is illustrated below.
File Evidence
The file evidence for the provided case file is illustrated below.
19
The web browser evidence for the provided case file is illustrated below.
File Evidence
The file evidence for the provided case file is illustrated below.
19
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
For HTML File,
20
20
For Office File,
21
21
For PDF File,
For Plain Text File,
22
For Plain Text File,
22
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Other Evidence Types
The other types of evidence for the provided case file are illustrated below.
For JPG,
For Hidden Files,
23
The other types of evidence for the provided case file are illustrated below.
For JPG,
For Hidden Files,
23
For GIF,
For Video,
24
For Video,
24
For Music,
For Web History,
25
For Web History,
25
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5.2 ProDiscover
Email Evidence
The email evidence for the provided case file is illustrated below.
26
Email Evidence
The email evidence for the provided case file is illustrated below.
26
Web Browser Evidence
The web browser evidence for the provided case file is illustrated below.
27
The web browser evidence for the provided case file is illustrated below.
27
File Evidence
The file evidence for the provided case file is illustrated below.
For HTML file,
28
The file evidence for the provided case file is illustrated below.
For HTML file,
28
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
For Office file,
For PDF,
29
For PDF,
29
For Plain Text,
Other Evidence Types
The other types of evidence the provided case file is illustrated below.
For JPG,
30
Other Evidence Types
The other types of evidence the provided case file is illustrated below.
For JPG,
30
For Hidden Files,
For GIF,
31
For GIF,
31
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
For Video,
For Music,
32
For Music,
32
For Web History,
6 Summary and Conclusion
The provided forensics image file has 3,753,177 files. The provided case file has Jo’sfolder
which contains a great deal of erased records that are recuperated effectively. Jo’sfolder includes
a lot of images, documents, sound records, content documents, pdf records and largely more. All
this depends on the patent data, which is effectively recovered by utilizing autopsy and
ProDiscover forensics tools. This Project is effectively made as adigital forensicreport for the
provided case file, which is 2014 case files and it is dissected. The provided case file also has the
patent data for its customers. This analysis also identified the email evidence, web browser
evidence, file evidences and more. It successfully demonstrated the necessary results by using
both the forensics tools.
When compared with both the tools, the autopsy is the best tool because it easily justified all
the information and separately provided all the information. All the results are found in a solitary
tree. Thus, it is the best forensic tool compared to ProDiscover tool.
33
6 Summary and Conclusion
The provided forensics image file has 3,753,177 files. The provided case file has Jo’sfolder
which contains a great deal of erased records that are recuperated effectively. Jo’sfolder includes
a lot of images, documents, sound records, content documents, pdf records and largely more. All
this depends on the patent data, which is effectively recovered by utilizing autopsy and
ProDiscover forensics tools. This Project is effectively made as adigital forensicreport for the
provided case file, which is 2014 case files and it is dissected. The provided case file also has the
patent data for its customers. This analysis also identified the email evidence, web browser
evidence, file evidences and more. It successfully demonstrated the necessary results by using
both the forensics tools.
When compared with both the tools, the autopsy is the best tool because it easily justified all
the information and separately provided all the information. All the results are found in a solitary
tree. Thus, it is the best forensic tool compared to ProDiscover tool.
33
6.1 Summary of Autopsy strengths and weaknesses
Simple to Use
Autopsy was mainly planned for being reflex from the enclosure. It contains simple
establishment and the wizards provides directions for every single progression. In the solitary
tree, the overall outcomes are shown.
Extensible
Autopsy was planned to be right from the commencement to the end stage, by using the
modules which contain it out of the case and the rest which be accessed by the outsiders. The
following provides the modules’ portions:
• Timeline Analysis –The advanced graphical occasion sighted interface.
• Multimedia – First, extract the EXIF from the images and then the recordings must ne
watched.
• Indicators of the compromise – It scans the Personal Computer by using STIX.
• Hash Filtering - Flag is known as the terrible document and disregard is great.
6.2 Summary of Pro Discover strengths and weaknesses
• ProDiscover can get to PCs over the system to empower media investigation,
image procurement and system conduct investigation.
• Different capacities incorporates the remote investigation of running procedures,
open records, open ports and benefits, and other system based capacities.
• ProDiscover IR is genuinely simple to utilize.
• Its unpredictability and granularity mean the client must have some
understanding of working with a program of this nature, yet we rapidly wound up
traveling through it with little inconvenience.
References
Gladyshev, P., & Rogers, M. (2012). Digital forensics and cyber crime. Berlin: Springer.
34
Simple to Use
Autopsy was mainly planned for being reflex from the enclosure. It contains simple
establishment and the wizards provides directions for every single progression. In the solitary
tree, the overall outcomes are shown.
Extensible
Autopsy was planned to be right from the commencement to the end stage, by using the
modules which contain it out of the case and the rest which be accessed by the outsiders. The
following provides the modules’ portions:
• Timeline Analysis –The advanced graphical occasion sighted interface.
• Multimedia – First, extract the EXIF from the images and then the recordings must ne
watched.
• Indicators of the compromise – It scans the Personal Computer by using STIX.
• Hash Filtering - Flag is known as the terrible document and disregard is great.
6.2 Summary of Pro Discover strengths and weaknesses
• ProDiscover can get to PCs over the system to empower media investigation,
image procurement and system conduct investigation.
• Different capacities incorporates the remote investigation of running procedures,
open records, open ports and benefits, and other system based capacities.
• ProDiscover IR is genuinely simple to utilize.
• Its unpredictability and granularity mean the client must have some
understanding of working with a program of this nature, yet we rapidly wound up
traveling through it with little inconvenience.
References
Gladyshev, P., & Rogers, M. (2012). Digital forensics and cyber crime. Berlin: Springer.
34
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Ray, I., &Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Sammons, J. (2015). Digital forensics. Waltham, MA: Syngress is an imprint of Elsevier.
Watson, D., & Jones, A. (2013). Digital forensics processing and procedures. Amsterdam:
Syngress.
Appendix
1. Evidence Listing
Autopsy
Artifact Type Count
EXIF Metadata 170
Encryption Detected 8
Extension Mismatch Detected 4
Operating System User Account 6
Recent Documents 14
Remote Drive 1
Web Bookmarks 124
Web Cookies 144
Web Downloads 6
Web History 3798
Web Search 22
35
Ray, I., &Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Sammons, J. (2015). Digital forensics. Waltham, MA: Syngress is an imprint of Elsevier.
Watson, D., & Jones, A. (2013). Digital forensics processing and procedures. Amsterdam:
Syngress.
Appendix
1. Evidence Listing
Autopsy
Artifact Type Count
EXIF Metadata 170
Encryption Detected 8
Extension Mismatch Detected 4
Operating System User Account 6
Recent Documents 14
Remote Drive 1
Web Bookmarks 124
Web Cookies 144
Web Downloads 6
Web History 3798
Web Search 22
35
36
37
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
38
ProDiscover
39
39
40
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2. Evidence Timeline
Autopsy
41
Autopsy
41
42
43
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
44
1 out of 47
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.