Digital Forensics Case Study: Metadata Analysis of Financial Fraud

Verified

Added on 2023/01/16

AI Summary

This project report presents a digital forensics case study investigating a financial fraud scenario within MCME Industries. The report outlines the use of forensic tools, including Autopsy, TrID, and EnCase, to analyze a computer hard drive image. The investigation involved data carving techniques, signature analysis, and the examination of deleted files. The study explores the relationships between individuals and companies involved, highlighting the importance of metadata analysis in uncovering potential wrongdoing. The report concludes with findings and suggestions for future investigation, emphasizing the significance of digital forensics in modern data-centric environments. References from various academic journals are also included to support the research.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

DIGITAL
FORENSIC

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

ABSTRACT
• This report conducted during the assignment.
The assignment we will work on a case study,
we will work digital case study software, that
help gather evidence and deliver facts .Any
questions or concerns pertaining to the
acquisition of the evidence can be found in
his/her report.

INTRODUCTION
• In this project we will work on forensic tools . These
tools are Autospy and TrID for case analysis. In this
report we work on case study of a company financial
fraud The report kicks off with a brief description of
what this technique of digital forensics is all about
and why is it required in modern data-centric and
digital era. Further, it other evidences could be used
to inspect and examine a reported wrongdoing.
•

CASE STUDY ANALYSIS AND FINDINGS
• Case Brief
• Case Study Summary
• Mcme Industries’ Monika is being investigated
under the fear that he may be offering
proprietary company information to a
competitor in exchange for a job.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

COMPUTER AND FORENSIC TOOL STATISTICS
• The computer was removed from its position in MCME
Industries at 4/4/19 9:29:03 PM where it was carted out to
a nearby secure forensics facility. Once settled at the
forensics lab the hard drive was imaged to begin the
research and testing. The image of the hard drive was
tested using the program EnCase Forensic Edition Version
4.17b by Guidance Software. This program has been
proven in the court of law to provide valid and accurate
results when scanning and analyzing a system. We use
TrID and autopsy software for forensic digital analysis

INVESTIGATION
For this case study we use Autopsy software . The
autopsy software uses two images for compare
; these are store before and after case study. The step
are given bellow
Autopsy software is provide gui interface .
Data Carving techniques.
We Import two dd image files extracted from bz2 files to
Autopsy and run ‘Ingest Module’‘PhotoRec Carver.'.

INVESTIGATION TOOLS

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CONTINUE…

CONTINUE

CONTINUE
• My next step was to run a signature analysis to see if
any files were still hidden that I may have overlooked
because their extensions were modified. Running a
signature analysis will take the proper signature that
a file should be and see if it matches up against the
extension that it actually is. If there is a mismatch it
will be labeled as so and Encase will tell me what
extension it should be. Running a signature analysis
has me selecting the complete image and doing a
Search (the same Search as done prior). T

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CONTINUE
• The only option that should be selected is Verify
File Signatures and to have the results saved to
a bookmark called Signature Mismatch. A few
files stuck out from the others:
• The signature analysis we use Trid software
that will work on files
• The screenshot for given case study

TRID SOFTWARR
TrID is an utility designed to identify file types from their
binary signatures. While there are similar utilities with hard
coded logic, TrID has no fixed rules. Instead, it's extensible
and can be trained to recognize new formats in a fast and
automatic way.
TrID uses a database of definitions which describe recurring
patterns for supported file types. TrID software is download
by given link we download window base Trid software that is
form of zip we unzip the software when we try to run this
software we got the message no definition need
Screen shot

TRID SOFTWARE

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CONTINUE
• After this message we update the trid running by python
script and download tridfs folder and unzip the folder .
• Now trID is now ready
• We download from university link unzipped folder and
unzip that we found 6 files
• This software is easy to use and installation process . For
the installation purpose we just download and unzip that
• We given the command
• trID file name

CONTINUE

ANALYSIS
• By running the script NTFS INFO2 Record
Finder and selecting to only read INFO2 files
only and saving it to the bookmark Recovered
NTFS Info2 Records I came up with only one file
deleted from the My Documents folder of
MONIKA relating to Anjali. It did not seem to be
of any value to this case.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CONCLUSION AND FUTURE WORK
• This report has pointed out pieces of information
relating to the case of Monika from MCME
Industries and his relations with the companies
Shalin and Anjali. It is now up to the judge
reading this report to determine if this information
is of any value to the case. It is important to state
that there was no evidence present that B. Conrad
from Shalin contacted Monika or that the printed
files ever left the officer.

CONTINUE
• It is interesting though that the printing spools and
project files were altered after printing. The printing spool
files are often not touched except by the operating system
so it is obvious that they were targeted. Determining any
further information on this cause is up to be conducted by
a crime scene investigator and falls out of my jurisdiction.
The autopsy software ,EnCase and TrId software we used
as a case analysis therefore we knew these are the best
tools for forensic tools for analysis that is very help for our
case study .The future scope is we will use online analysis
therefore digital fraud on company would be reduce.

REFERENCES
• References
• Agarwal, A., Gupta, M., Gupta, S. & Gupta, S. 2011, "Systematic digital forensic
investigation model", International Journal of Computer Science and Security
(IJCSS), vol. 5, no. 1, pp. 118-131.
• Alharbi, S., Weber-Jahnke, J. & Traore, I. 2011, "The proactive and reactive digital
forensics investigation process: A systematic literature review" in Information
Security and Assurance Springer, , pp. 87-100.
• Ayers, D. 2009, "A second generation computer forensic analysis system", digital
investigation, vol. 6, pp. S34-S42.
• Beebe, N.L. & Clark, J.G. 2005, "A hierarchical, objectives-based framework for the
digital investigations process", Digital Investigation, vol. 2, no. 2, pp. 147-167.
• Ieong, R.S. 2006, "FORZA–Digital forensics investigation framework that
incorporate legal issues", digital investigation, vol. 3, pp. 29-36.