Digital Forensics Investigation: The Case of 'Clowning About Again'
VerifiedAdded on 2023/06/03
|26
|5199
|356
Case Study
AI Summary
This document presents a digital forensic investigation case study, "Clowning About Again," focusing on alleged illegal access, ownership, or distribution of digital content related to clowns in Western Australia. The case involves a suspect, Clark, who denies accessing clown content on a work computer that was forensically acquired using FTK Imager after a witness reported seeing such activity. A junior investigator's initial logical acquisition and subsequent wiping of the original hard drive complicate the investigation. The analysis involves extracting case files, utilizing forensic tools like Autopsy to identify deleted files, email addresses, and keywords, and examining various data files (182.7z.002 to 182.7z.014) to uncover evidence related to the alleged offense. The goal is to determine if Clark accessed the clown content, despite his denial and claim of malware infection. Desklib provides the necessary AI based study tools for students to understand similar assignments.
Table of Contents
1 Project’s Scope..................................................................................................................2
2 Presentation of Offence related content..........................................................................2
3 Case file Identification......................................................................................................3
4 Goals of the case file........................................................................................................12
5 Quantity of the Files.......................................................................................................17
6 Software Installed...........................................................................................................23
References...............................................................................................................................24
1
1 Project’s Scope..................................................................................................................2
2 Presentation of Offence related content..........................................................................2
3 Case file Identification......................................................................................................3
4 Goals of the case file........................................................................................................12
5 Quantity of the Files.......................................................................................................17
6 Software Installed...........................................................................................................23
References...............................................................................................................................24
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1 Project’s Scope
The primary target of the following project refers to carry digital forensic investigation
of the forensic images. To conduct this investigation an effective tools is necessary. The
Western Australia states have not given the access of digital content related to clown, due to
illegal access, or for owning and distributing the digital content related to the clowns. To
access the digital content of the clown the malware is used and the following investigation
also requires digital content’s investigation which is related to the clowns. It was claimed that
the law enforcement is created where the witness asserts to access the clown related data
inside the organization’s workplace. But, there are certain actions, where specific content of
the clown is accessed without being in the organization’s workplace. The observation shows
that the original hard drive is wiped out by the junior digital forensics investigator and the he
has performed a good job with sound forensic investigation knowledge. Here, Clart is
assumed to be the suspect, who accessed the clown content. Yet, it is not confirmed that the
laptop belongs to Clark. It is required that the investigator evaluate the laptop’s forensic
image. It is stated by Clark that the malware infected the laptop, which allowed the potential
content to appear on it.
2 Presentation of Offence related content
The offence related content’s presented must be provided by the user. Here, the
allegations refer to creating the law enforcement, as claimed by the witness claims to access
the clowns related data inside the organization’s workplace. But, certain content of the clown
are accessed without being in the workplace of the organization. Moreover, the junior digital
investigator receive the forensics image of the laptop which has content of the clown that has
performed logical acquisitions. From the system, the original hard drive is wiped out by the
junior digital forensics investigator and the he has performed a good job with sound forensic
investigation knowledge (Boddington, 2016). Thus, being a senior digital forensic
investigator, I have to seize the laptop with the orders of the court and conduct better
investigation.
7 Zip Extraction
The give case file is extracted here, for which 7 zip must be utilized by the user.
The above screenshots determine the process of extracting the files. As soon as the extraction
process completes, the user is suggested to look for the autospy software tool and download,
to install on the system, for getting help related to digital forensics investigation. This is a
2
The primary target of the following project refers to carry digital forensic investigation
of the forensic images. To conduct this investigation an effective tools is necessary. The
Western Australia states have not given the access of digital content related to clown, due to
illegal access, or for owning and distributing the digital content related to the clowns. To
access the digital content of the clown the malware is used and the following investigation
also requires digital content’s investigation which is related to the clowns. It was claimed that
the law enforcement is created where the witness asserts to access the clown related data
inside the organization’s workplace. But, there are certain actions, where specific content of
the clown is accessed without being in the organization’s workplace. The observation shows
that the original hard drive is wiped out by the junior digital forensics investigator and the he
has performed a good job with sound forensic investigation knowledge. Here, Clart is
assumed to be the suspect, who accessed the clown content. Yet, it is not confirmed that the
laptop belongs to Clark. It is required that the investigator evaluate the laptop’s forensic
image. It is stated by Clark that the malware infected the laptop, which allowed the potential
content to appear on it.
2 Presentation of Offence related content
The offence related content’s presented must be provided by the user. Here, the
allegations refer to creating the law enforcement, as claimed by the witness claims to access
the clowns related data inside the organization’s workplace. But, certain content of the clown
are accessed without being in the workplace of the organization. Moreover, the junior digital
investigator receive the forensics image of the laptop which has content of the clown that has
performed logical acquisitions. From the system, the original hard drive is wiped out by the
junior digital forensics investigator and the he has performed a good job with sound forensic
investigation knowledge (Boddington, 2016). Thus, being a senior digital forensic
investigator, I have to seize the laptop with the orders of the court and conduct better
investigation.
7 Zip Extraction
The give case file is extracted here, for which 7 zip must be utilized by the user.
The above screenshots determine the process of extracting the files. As soon as the extraction
process completes, the user is suggested to look for the autospy software tool and download,
to install on the system, for getting help related to digital forensics investigation. This is a
2
pretty cool and effective tool for investigation. When the installation completes, the tool must
be opened and then proceed by selecting new case, which actually creates a new case. The
step displayed below is a demonstration for this process (Carlton & Matsumoto, 2011).
Then, once the new case windows opens, it will have the following optional information to be
filled:
1. Case number
2. Examiner name
3. Contact details
4. Notes
The other details that has to be filled are, case name, case type and the base directory. Digital
forensics Case 01 is the name of the case, which is shown in the following screenshots to
demonstrate how this case is saved in the base directory. The directory has to be browsed first
to save it. It is suggested to select, single user as a case type, and then proceed by clicking the
Next button. Once all the necessary details are filled, enter the Finish button, which creates
the case file (Cohen, 2011). The following screenshots are the examples of what is explained
in the above paragraph. Adding the data source once the case file is created is necessary, as it
will comprise of raw bit data. Make sure to choose the unallocated disk image, as validated in
the below screenshot. Next proceed with browsing and selecting the forensic images files.
Continue by pressing the next button, as shown below. Then ensure the case file is configured
in the ingest modules and continue by entering on the Next button (Cohen, 2012). Make it
obvious to add the data sources, in the new case file. As mentioned earlier, adding the
provided forensic images is a must, to help figure out the case.
As, the user will be able to find the evidence for the digital forensic investigation (Computer
forensics, 2010).
3 Case file Identification
Here, the details of the forensics image from the case file is been found, with the help
of digital forensics analysis.
182.7z.002 Case File Identification
3
be opened and then proceed by selecting new case, which actually creates a new case. The
step displayed below is a demonstration for this process (Carlton & Matsumoto, 2011).
Then, once the new case windows opens, it will have the following optional information to be
filled:
1. Case number
2. Examiner name
3. Contact details
4. Notes
The other details that has to be filled are, case name, case type and the base directory. Digital
forensics Case 01 is the name of the case, which is shown in the following screenshots to
demonstrate how this case is saved in the base directory. The directory has to be browsed first
to save it. It is suggested to select, single user as a case type, and then proceed by clicking the
Next button. Once all the necessary details are filled, enter the Finish button, which creates
the case file (Cohen, 2011). The following screenshots are the examples of what is explained
in the above paragraph. Adding the data source once the case file is created is necessary, as it
will comprise of raw bit data. Make sure to choose the unallocated disk image, as validated in
the below screenshot. Next proceed with browsing and selecting the forensic images files.
Continue by pressing the next button, as shown below. Then ensure the case file is configured
in the ingest modules and continue by entering on the Next button (Cohen, 2012). Make it
obvious to add the data sources, in the new case file. As mentioned earlier, adding the
provided forensic images is a must, to help figure out the case.
As, the user will be able to find the evidence for the digital forensic investigation (Computer
forensics, 2010).
3 Case file Identification
Here, the details of the forensics image from the case file is been found, with the help
of digital forensics analysis.
182.7z.002 Case File Identification
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table (Flory,
2016).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The below table represents the details that are utilized for displaying the provided case file’s
outcome.
182.7z.003 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details (Gogolin, 2013).
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
4
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table (Flory,
2016).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The below table represents the details that are utilized for displaying the provided case file’s
outcome.
182.7z.003 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details (Gogolin, 2013).
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The case file’s deleted files’ details are represented in the below mentioned table (Hannay,
2011).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table (Larson, 2014).
182.7z.004 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Maras, 2015).
The result of the case file are represented in the below mentioned table (Meyer, 2014).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table (Philipp, Cowen &
Davis, 2010).
5
2011).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table (Larson, 2014).
182.7z.004 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Maras, 2015).
The result of the case file are represented in the below mentioned table (Meyer, 2014).
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table (Philipp, Cowen &
Davis, 2010).
5
182.7z.005 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Pollitt & Shenoi, 2010).
The case file’s deleted files’ details are represented in the below mentioned table.
The result of the case file are represented in the below mentioned table.
182.7z.006 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details (Ray & Shenoi, 2011).
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files (Sammons, 2015).
6
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Pollitt & Shenoi, 2010).
The case file’s deleted files’ details are represented in the below mentioned table.
The result of the case file are represented in the below mentioned table.
182.7z.006 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details (Ray & Shenoi, 2011).
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files (Sammons, 2015).
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The result of the case file are represented in the below mentioned table.
182.7z.007 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.008 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
7
182.7z.007 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.008 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.009 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.010 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
8
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.009 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.010 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
8
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing one file.
The result of the case file are represented in the below mentioned table.
182.7z.011 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table.
9
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing one file.
The result of the case file are represented in the below mentioned table.
182.7z.011 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
182.7z.012 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table.
182.7z.013 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
10
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing three files.
The result of the case file are represented in the below mentioned table.
182.7z.013 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.014 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.015 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
11
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
The single regular expression, email address and a single literal keyword search are present in
the case file where, as demonstrated in the following screenshot, the case file has the email
address key search containing two files.
The result of the case file are represented in the below mentioned table.
182.7z.014 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.015 Case File Identification
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table.
11
4 Goals of the case file
The accessed, utilized and the deleted files from the digital content must be utilized by
the investigation of the case. This is what the following section is all about, which is
represented with appropriate figures, to clearly understand the process to display the deleted
files’ information ("Basics of Computer Forensics", 2016).
182.7z.002 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table (Budowle,
2011).
182.7z.003 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Carlton & Worthley, 2010).
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.004 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details ("Digital Forensics - Elsevier", n.d.).
12
The accessed, utilized and the deleted files from the digital content must be utilized by
the investigation of the case. This is what the following section is all about, which is
represented with appropriate figures, to clearly understand the process to display the deleted
files’ information ("Basics of Computer Forensics", 2016).
182.7z.002 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file.
The case file’s deleted files’ details are represented in the below mentioned table (Budowle,
2011).
182.7z.003 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details.
The below mentioned screenshot reveals that there is one file that is deleted from the
provided case file (Carlton & Worthley, 2010).
The case file’s deleted files’ details are represented in the below mentioned table.
182.7z.004 Case File Indent
The below screenshot describes the step where the correct data file is selected to find
the case file details ("Digital Forensics - Elsevier", n.d.).
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 26
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.