Resources of Investigation
The digital forensic which is used for the various purposes such as recovering the data, investigating the data from the digital devices. The most widely recognized is to help or invalidate a theory under the steady gaze of criminal or common courts. Criminal cases include the supposed infringing upon of laws that are characterized by enactment and that are upheld by the cops and arraigned by the state, for example, this feature is included in things like theft and strike against the individual persons (Carracedo, 2007). Common cases then again manage securing the rights and property of people and however may likewise be worried about legally binding question between business substances where a type of computerized crime scene investigation alluded to as electronic disclosure might be included (Cohen, 2012). These are the different uses and procedures of the digital forensics and using this we can able to avoid these issues. In this case study, the forensic image of the hard drive will be investigated (Goos, Alberink & Ruifrok, 2006). The investigation will be completed with the help of tools which are used in computer forensics. The intention, owner of the content, software will be investigated and found.
The investigation needs the following resources. They are victim or suspect, the system from where the illegal content is accessed, forensic image of the system hard drive and the forensic tools. The forensic tools are explained in below (Mahmood, Talabani & Baban, 2015).
FTK Imager is a tool and it is mainly used for evidence (acquiring the data). It is an imaging tool and also used for preview the data. There are different features of FTK imager tool and this tool will do the following things like creating the forensic images, preview the files as well as folders, content previewing, exporting purposes, recovering the deleted files, creates file hashes and generating the hash reports (Norell et al., 2014). FTK imager will also create the copies of the original data without any changes for creating the original evidence (“13. Fachtagung — FTK — Fertigungstechnologie Kleben Klebtechnik trifft automobilen Leichtbau”, 2013). A forensic toolkit is a software which mainly used for scanning the drives for finding the contents in the various locations of the hard disk (Novozámský & Šorel, 2018). For example, this tool will look for various information such as deleted emails, images, audios, videos as well as any other file formats. This process is done in the FTK imager by saving an image file in the hard disk and then scanning the drive using the image file and then recycle the data in the drive (Saini & Kaur, 2016).
The features of FTK imaging tool are:
- Forensic image creation
The FTK imaging tool will create forensic images in local disks such as compact disks, and other USB devices (Cain, Brazelton & Dye, 2016).
- Previewing folders and files
This FTK imaging tool can able to view the contents in the files as well as folders.
- Exporting
This tool is export the forensic images from the files and folders.
- Create file hashes
FTK imaging tool will create the file hashes using the hash functions and this is done by means of MD5 and SHA algorithms. Where MD is message digest and SHA is the short form of the secure hash algorithm (Yammen & Muneesawang, 2013).
FTK Imager
There are different steps are there in the FTK Imager. They are Adding the evidence item and in this step, we can able to add our own evidence using this “Add evidence item” option and we can select our own image file by browsing the image from our files or folders. But the selected file must be a virtual drive image (“Algorithm Based security System for Banknotes”, 2018). Once the file is selected then it open in the FTK imager tool and the evidence of the file is also created.
It is a software which is a forensics oriented tool kit and also an open source digital forensics software which has many features in terms of effectiveness, performance, and efficiency (Hamilton, 2015). This tool very fast in hard drive investigation and investigate the different problems and gives solution to those problems according to the user needs (Su, Bouridane & Crookes, 2006). It is a GUI which displays the results according to the search made by the user (Nasirahmadi, Hensel, Edwards & Sturm, 2016). Autopsy finds and analyze the different kind of files such as file allocation table (FAT), archives such as zip files and JAR files etc. this tools is used in the sleuth kit and this tool is also used for analyzing the forensic data in the mobile devices as well as the computers. This tool is mainly used in these devices to find and analyze the devices completely to check whether is there any kind of files are present in the drives or not (Šafá?, 2009).
Autopsy tool is considered as the game changer in the digital forensic software tools. It creates new milestones in the digital forensic pieces of evidence analyzing the process. The most important thing this software is completely free (IB, 2017). Even though the developers of this software developed this software tool by adding as many features as possible. Unlike other software tools this software tool not created for the commercial purposes. The main motto of this tool is to provide the high quality digital forensic environment to the investigators as relatively lower price than other software tools. Even though this software consists of the high level platform integrity than some other commercial software tools. This software runs all the major operating systems commonly used (MJ, 2016). It also supports all type of file formats for analyzing. Normally the analyzing the drive take hours but this tool has the powerful search engine. It can capable of analyzing the same thing within some minutes (B.Arun & S.K.Prashanth, 2012). Because this tool analyze the files by finding the keywords identified from the drive. This tool uses the multiple ingest modules for effectively use the multicores. This process increases the speed of analysis to the unbelievable range (Morgan et al., 2017). This tool has the most effective system which avoids the analysis of unallocated space to reduce the analysis time to the considerable amount. The ingest modules provides the results when it found. So that the researcher doesn’t need to wait for completion of the entire examination process. Most of the activities involved in the process of analysis are automated in this software tool. So that the researcher no need to concentrate on silly things during the examination process (Teixeira J, 2017). Because of the automation process the accuracy of the results are also too high than the traditional process. It is highly beneficial for the investigators. Even we can use this software tool for the recovery process also. This software can effectively recover the deleted files from the system (Thali et al., 2003).
Autopsy
There are different kinds of features are there in the autopsy tool. They are Unicode string extraction, email analysis, registry analysis, keyword search, file type detection, media playback, robust file system analysis, timeline analysis etc. using this different features the evidence is easily identified and analyzed in the autopsy tool (“Fusion Algorithm Based Security System with Multiple Sensors”, 2017). This tool also analyzes the different input formats. The different input formats analysis in the autopsy tool are disk image analysis, local drive analysis, and local folder or file analysis etc. (Geradts & Bijhold, 2002).
Apart from the general feature, the autopsy tool has other features such as reporting. In this reporting feature, the different report and those investigations were created and this information is retrieved by the investigator after the configuration (“Multi Security System Based On Honeypot Using Kerberos Algorithm”, 2018).
OSForensics is a tool which allows us to identifying the different sort of files. The main theme of this OSForensics is to find and identify whether any suspicious files are there in drive. It also identifies the different activities such as hash matching, binary data finding and other analysis in emails and other memory locations (Jáuregui-Lobera & Bola?os R?os, 2011). The latest version of the OSForensics is version and this version there are different features and when compared with the previous versions this version has a lot of features like the analysis is very faster and the analysis is done in various platforms. The various platforms are disk imaging, database files, operating systems, work benches etc. (Qi & Li, 2014)
The different features of OSForensics are finding the files in a short period of time, email archive search is also possible, easy to recover the deleted images as well as other files, password recovery is also possible, discovering the files even in the hidden areas, collecting the system information, uncovering the recent activities etc. these are the different features of the OSForensics. Among these features, the main feature of the OSForensics, discovering the forensic evidence in a short period of time is the main feature (Raja, 2018).
Same as FTK imaging tool and autopsy there are the variety of features are there in the OSForensics. The different features of the OSForensics include memory viewer and dumper, hash set management, drive imaging, registry viewer, file name searching, mismatched file search, detecting the recent activities, restoring the deleted files, file encrypting features etc. (S & D, 2017)
After the creation for the collection of hash tables for storing purpose then the hash set management is possible in the OSForensics (Zafar, 2000).
It is the important feature and using this feature the restoring operations are easy and this feature mainly used in the OSForensics to recover the deleted file (Malakiene & Gogelis, 2007).
This OS forensics has uses different encrypting algorithms and hence the security features in this tool are very high. Message digest algorithm and secured hash algorithm are the different algorithms which are used in the OSForensics (Verolme & Mieremet, 2017).
It is the main feature in the OSForensics tool and using this tool the easy searching is possible. The File name searching is the feature and using this search the different file formats were identified. The different file formats include the image, audio, video etc.
Features of Autopsy
Autopsy installation process stars with the process of downloading the autopsy software from their site. They provide this tool for zero cost. From their site any one can able to download this tool. Here the latest autopsy tool is downloaded. After that we need to open the file destination. Then we need to click the autopsy setup file. By this activity the user can able to see the run as administrator option. This option need to be pressed (Wen & Yu, 2003). Then the installation wizard for installing the Autopsy software will open. The user can able to install this software by simply following the installation wizard. First the user required to select the appropriate installation location for this software. After selecting the installation location the user needs to click on the install button (“A Review of: “Computer Evidence: Collection & Preservation. By C. L. T. Brown””, 2006). Then we can able to the installation progress wizard. It shows the installation progress details. This process takes some time to complete. After that the user can able to see the start page of the autopsy software tool. All the different steps are represented as an image for better understanding of the overall installation process.
FTK DF Examination tool installation process begins with the process of downloading the setup file from the company’s official site. After that the user need to open the file destination. Then the user need to click on setup file to open the installation wizard. Then the installation wizard for installing the FTK DF Examination tool will open. Here the user required to select the appropriate installation location for this software (Bashir & Khan, 2013). After selecting the installation location the user needs to click on the install button. This installation process takes some minutes to complete. After that the user can able to see the home page of the FTK DF examination tool. All the different steps are represented as an image for better understanding (Ayers, 2009).
The forensic investigation of the given forensic image is done by using the installed forensic tools. This is explained below in detail. The forensic investigation using all tools which are installed is explained (Freeman, 2010).
Here the extracted details of the suspect’s system is illustrated as a pictures. In autopsy environment, digital forensic examiner can examine the hard disk image files. For that the examiner starts the image file extraction process (Guo & Slay, 2010). This process takes some time for completion. Then the autopsy results viewer shows the various things founded from the image files. These data stored in the suspect’s system. Autopsy tool also provides the feature for view about the deleted files. In autopsy results viewer the examiner can able to view the results simply by the assistance of the results tree (Jafari & Satti, 2015). The founded information for the examined image file is illustrated.
Autopsy also provides the feature to view the file directly. This is added advantage over other digital forensics software tools. In conventional method the examiner required to recreate the data by various processing. But in autopsy the examiner can see the files by simply clicking on it. Also the various details about the file also identified. Here the image file details are illustrated (Souvignet & Frinken, 2013). It contains the source file name, device model, and device make etc. It also provides the file size details.
Suspects’ disk contains the recent documents folder. In this folder there are 41 files are founded. Mostly all the files present in the suspect’s system are .ink files. .ink extension is used by the software named Corel draw. This software mainly used for editing the colors in the image files. So the suspect may use this software tool for design the clown outfit for him.
The intention of the project could be the analysis of given disk image. Then only the files and other images could be found (Malik, Y & S, 2016). By the analysis we can get the clown image. Also we could be known about the suspect.
Here totally 10 images are found regarding the clown. And one video file is found such as clown dancing.mp4. (Nasirahmadi, Hensel, Edwards & Sturm, 2016) And one pdf file is there regarding the clown such as a little night music send in the clowns.
Conclusion
The forensic image of the hard drive is investigated in this case study. The investigation is completed with the help of tools which are used in computer forensics. The intention of the committed crime of accessing and owning the clown content is explained. The owner of the content is investigated and found according to the conducted forensic investigation. The software what are installed in the forensic image of the hard drive is investigated and found.
References
Fachtagung — FTK — Fertigungstechnologie Kleben Klebtechnik trifft automobilen Leichtbau. (2013). Adhäsion KLEBEN & DICHTEN, 57(1-2), 12-12. doi: 10.1365/s35145-013-0170-6
A Review of: “Computer Evidence: Collection & Preservation. By C. L. T. Brown”. (2006). Journal Of Digital Forensic Practice, 1(1), 71-72. doi: 10.1080/15567280500541397
Algorithm Based security System for Banknotes. (2018). International Journal Of Recent Trends In Engineering And Research, 231-242. doi: 10.23883/ijrter.conf.20171225.036.xwarv
Ayers, D. (2009). A second generation computer forensic analysis system. Digital Investigation, 6, S34-S42. doi: 10.1016/j.diin.2009.06.013
B.Arun, B., & S.K.Prashanth, S. (2012). Cloud Computing Security Using Secret Sharing Algorithm. Paripex – Indian Journal Of Research, 2(3), 93-94. doi: 10.15373/22501991/mar2013/35
Bashir, M., & Khan, M. (2013). Triage in Live Digital Forensic Analysis. The International Journal Of Forensic Computer Science, 8(1), 35-44. doi: 10.5769/j201301005
Brungs, A., & Jamieson, R. (2010). Identification of Legal Issues for Computer Forensics. Journal Of Digital Forensic Practice, 3(2-4), 140-149. doi: 10.1080/15567281.2010.536740
Cain, M., Brazelton, J., & Dye, D. (2016). Identifying Errors in Forensic Autopsy Reports Using a Novel Web-Based Program. Academic Forensic Pathology, 6(1), 103-108. doi: 10.23907/2016.010
Carracedo, A. (2007). Applications in forensic science. Forensic Science International, 169, S22-S23. doi: 10.1016/j.forsciint.2007.04.135
Casey, E. (2007). Attacks against forensic analysis. Digital Investigation, 4(3-4), 105-106. doi: 10.1016/j.diin.2008.01.001
Cohen, F. (2012). The Science of Digital Forensics: Recovery of Data from Overwritten Areas of Magnetic Media. Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2012.1131
Dumbrigue, H., Dumbrigue, E., & Tanaka, M. (2018). Fabrication Method for a Mounting Jig and Cast Support for Mounting Complete Dentures. Journal Of Prosthodontics. doi: 10.1111/jopr.12971
Freeman, E. (2010). Computer Printouts as Legal Evidence. Journal Of Digital Forensic Practice, 3(2-4), 98-105. doi: 10.1080/15567281.2010.536730
Fusion Algorithm Based Security System with Multiple Sensors. (2017). Sensors And Materials, 1069. doi: 10.18494/sam.2017.1597
Geradts, Z., & Bijhold, J. (2002). Content Based Information Retrieval in Forensic Image Databases. Journal Of Forensic Sciences, 47(2), 15245J. doi: 10.1520/jfs15245j
Goos, M., Alberink, I., & Ruifrok, A. (2006). 2D/3D image (facial) comparison using camera matching. Forensic Science International, 163(1-2), 10-17. doi: 10.1016/j.forsciint.2005.11.004
Guo, Y., & Slay, J. (2010). Testing Forensic Copy Function of Computer Forensics Investigation Tools. Journal Of Digital Forensic Practice, 3(1), 46-61. doi: 10.1080/15567280903521392
Hamilton, L. (2015). Teaching the Forensic Autopsy. Academic Forensic Pathology, 5(2), 201-210. doi: 10.23907/2015.023
IB, W. (2017). Pulmonary Edema in Forensic Autopsy in a Developing Community. International Journal Of Forensic Sciences, 2(2). doi: 10.23880/ijfsc-16000125
Jafari, F., & Satti, R. (2015). Comparative Analysis of Digital Forensic Models. Journal Of Advances In Computer Networks, 3(1), 82-86. doi: 10.7763/jacn.2015.v3.146
Jáuregui-Lobera, I., &P. (2011). Body image and quality of life in a Spanish population. International Journal Of General Medicine, 63. doi: 10.2147/ijgm.s16201
Kaplan, R. (2008). Computer Forensics—What Is It Good For?. Journal Of Digital Forensic Practice, 2(2), 57-61. doi: 10.1080/15567280801958464
Lokhande, P., & Meshram, B. (2015). Digital Forensics Analysis for Data Theft. The International Journal Of Forensic Computer Science, 10(1), 29-51. doi: 10.5769/j201501004
Mahmood, M., Talabani, R., & Baban, M. (2015). Age estimation using lower permanent first molars on a panoramic radiograph: A digital image analysis. Journal Of Forensic Dental Sciences, 7(2), 158. doi: 10.4103/0975-1475.154597
Malakiene, D., & Gogelis, L. (2007). The identification of diatoms in the fluid from os clinoideus cavity in drowning cases. Forensic Science International, 169, S13. doi: 10.1016/j.forsciint.2007.04.186
Malik, A., Y, E., & S, S. (2016). Peningkatan Keterampilan Proses Sains Siswa melalui Context Based Learning. Jurnal Penelitian & Pengembangan Pendidikan Fisika, 2(1), 23-30. doi: 10.21009/1.02104
MJ, B. (2016). Elderly Suicide: A 5-Year Forensic Autopsy Analysis in the North of Portugal. International Journal Of Forensic Sciences, 1(1). doi: 10.23880/ijfsc-16000106
Morgan, L., Johnson, M., Cornelison, J., Isaac, C., deJong, J., & Prahlow, J. (2017). Autopsy Fingerprint Technique Using Fingerprint Powder. Journal Of Forensic Sciences, 63(1), 262-265. doi: 10.1111/1556-4029.13532
Multi Security System Based On Honeypot Using Kerberos Algorithm. (2018). International Journal Of Modern Trends In Engineering & Research, 5(2), 169-172. doi: 10.21884/ijmter.2018.5055.fn4ji
Nasirahmadi, A., Hensel, O., Edwards, S., & Sturm, B. (2016). Automatic detection of mounting behaviours among pigs using image analysis. Computers And Electronics In Agriculture, 124, 295-302. doi: 10.1016/j.compag.2016.04.022
Norell, K., Läthén, K., Bergström, P., Rice, A., Natu, V., & O’Toole, A. (2014). The Effect of Image Quality and Forensic Expertise in Facial Image Comparisons. Journal Of Forensic Sciences, 60(2), 331-340. doi: 10.1111/1556-4029.12660
Norell, K., Läthén, K., Bergström, P., Rice, A., Natu, V., & O’Toole, A. (2014). The Effect of Image Quality and Forensic Expertise in Facial Image Comparisons. Journal Of Forensic Sciences, 60(2), 331-340. doi: 10.1111/1556-4029.12660
Novozámský, A., & Šorel, M. (2018). Detection of copy-move image modification using JPEG compression model. Forensic Science International, 283, 47-57. doi: 10.1016/j.forsciint.2017.11.031
Qi, P., & Li, L. (2014). A fault recovery-based scheduling algorithm for cloud service reliability. Security And Communication Networks, 8(5), 703-714. doi: 10.1002/sec.1017
Raja, K. (2018). Ffssa-Fiege Fiat Shamir Security Algorithm an Efficient Security Algorithm for Body Area Wireless Sensor Networks. Research In Medical & Engineering Sciences, 4(3). doi: 10.31031/rmes.2018.04.000587
S, S., & D, P. (2017). An enhanced optimization based algorithm for intrusion detection in SCADA network. Computers & Security, 70, 16-26. doi: 10.1016/j.cose.2017.04.012
Šafá?, M. (2009). Selected aspects of behaviour of FTK UP Olomouc students in relation to alcohol. T?lesná Kultura, 32(1), 7-22. doi: 10.5507/tk.2009.001
Saini, K., & Kaur, S. (2016). Forensic examination of computer-manipulated documents using image processing techniques. Egyptian Journal Of Forensic Sciences, 6(3), 317-322. doi: 10.1016/j.ejfs.2015.03.001
Souvignet, T., & Frinken, J. (2013). Differential Power Analysis as a digital forensic tool. Forensic Science International, 230(1-3), 127-136. doi: 10.1016/j.forsciint.2013.03.040
Su, H., Bouridane, A., & Crookes, D. (2006). Image quality measures for hierarchical decomposition of a shoeprint image. Forensic Science International, 163(1-2), 125-131. doi: 10.1016/j.forsciint.2005.11.031
Teixeira J, M. (2017). Forensic Psychiatric Autopsy: A Challenge Assessment. Austin Journal Of Forensic Science And Criminology, 4(2). doi: 10.26420/austinjforensicscicriminol.2017.1062
Thali, M., Yen, K., Schweitzer, W., Vock, P., Ozdoba, C., & Dirnhofer, R. (2003). Into the decomposed body—forensic digital autopsy using multislice-computed tomography. Forensic Science International, 134(2-3), 109-114. doi: 10.1016/s0379-0738(03)00137-3
Verolme, E., & Mieremet, A. (2017). Application of forensic image analysis in accident investigations. Forensic Science International, 278, 137-147. doi: 10.1016/j.forsciint.2017.06.039
Wen, C., & Yu, C. (2003). Fingerprint Pattern Restoration by Digital Image Processing Techniques. Journal Of Forensic Sciences, 48(5), 2002385. doi: 10.1520/jfs2002385
Yammen, S., & Muneesawang, P. (2013). Cartridge case image matching using effective correlation area based method. Forensic Science International, 229(1-3), 27-42. doi: 10.1016/j.forsciint.2013.03.015.
Zafar, N. (2000). Proprietary algorithm secures smart cards. Computer Fraud & Security, 2000(4), 5. doi: 10.1016/s1361-3723(00)04009-4
Zafar, N. (2000). Proprietary algorithm secures smart cards. Computer Fraud & Security, 2000(4), 5. doi: 10.1016/s1361-3723(00)04009-4
Zhang, J., Hu, H., Tong, M., & Li, Q. (2011). A Security Metric and Related Security Routing Algorithm Design Based on Trust Model. Journal Of Electronics & Information Technology, 30(1), 10-15. doi: 10.3724/sp.j.1146.2007.00726
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
