Order Now
Uncategorized

Using Prodiscover For Computer Forensic Investigation – Tasks, Tools, And Techniques

8 min read
Posted on 
April 11th, 2025
Home Uncategorized Using Prodiscover For Computer Forensic Investigation - Tasks, Tools, And Techniques

Installation of the digital forensics tools

The digital forensic tools are the software that are used to test the network activity and correction of the any evidence that can be presented before the law .

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

However it helps to identify, preserve, recover, analyze and present facts and opinions regarding any digital information that can be presented during the prosecution period.

These tools are used for the following uses[1]:

  1. To image the Data
  2. To recover  Data
  3. To instill the integrity in Data
  4. To extract Data
  5. Conduct the Forensics  analysis
  6. To Monitor the events.

Below are my two installed forensic tools.

  1. Nmap tool
  2. Wireshark tool

The digital forensic tools are very vital in the research period and they  are very resourceful and the selection of the best tool should consider some of the following factors[2]:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper
  1. Flexibility:The digital forensic tools are required too be flexible such that they can be used to research on any event being network ,hard drives or external disks in order to get evidence.
  2. Reliability:The digital forensic tools are needed to be always available to handle any type of incidence ,therefore a good tool is supposed to be reliable.
  3. Future expandability :Any digital forensic tool is required to be expandable and it can host many events at any given time and also it can be added more updates in the near future for more functionality.
  4. Ease of use:The Ease of use digital forensic tools are required to be easy to handle and mostly should be having the Graphical interfaces to enable users to play with them.
  5. Cost of use:To select the digital forensic tools to use the users require to check on the possible charges and cost that can be incurred during the investigation process.

The  2 forensic techniques.

The  investigation in the field of the forensic auditing requires on e to use some processes and a number of phases.

However there are some techniques that are  required to be used to conduct forensic audit which includes the following :

  1. Cross-drive analysis

This is the techniques that based on correlation of  information that comes from many storage disks ,however it is used in analysis of some social media and does the detections of nay anomalies.

  1. Live analysis

This is a technique that is carried out by examining the computers operating systems using the system admin tool or systadmin in order to obtain any required evidence. This is mainly used in case there are some encryption in the data files and it is done by getting the disk image before the computer is shut.

  1. Deleted files

This is a technique used by the digital forensic analysts to recover some of the file that could have been deleted, the forensic tool therefore has inbuilt tools that are used to discover any deleted file.

This is enabled by the operating systems since most of them do not delete completely the files and hence the investigating team is able to do reconstruction from the disks sector through files curving .

There are two major tools that I installed in my computer in order to carry out the demonstration of the forensic audit, these are the Nmap tool and the Wireshark tool.

The below is the illustration of how each works in the process of doing the forensic investigation.

The Nmap is also called Network Mapped  which is a tool that is basically used to scan a network and to detect any hosts ,it is used when there are many steps in penetration tests[3]. However the Nmap is used for several functions which includes:

  1. To Discover hosts: This is detection of the live hosts in the networks to on the network
  2. To discover the ports: this is detection of any opened port in hosts.
  3. To discover service: This is used in discovery of the application software and the ports the it uses.
  4. The detection of the operating systems, hardware addresses, and the software versions used by the hosts.
  5. Detection of the vulnerabilities and security loop  holes.

The Nmap is able to do several scanning which includes the TCP,FIN and UDP as discussed below.

  1. TCP SYN Scan (-sS)

This is a technique used that is referred to as Half open scanning since the there no complete hands shake in the TCP processes where the NMap just sends the SYN packet to destination without creating any session.

Below is the syntax used.

# nmap -sS 192.168.1.1

  1. TCP connect() scan (-sT)

This is technique used when the SYN is not optional and there is completed TCP handshake as shown below.

# nmap -sT 192.168.1.1

  1. UDP Scan (-sU)

This  is a technique to identify nay UDP port that is open in the targeted host machine ,where no SYN packet is sent  since the main target is the UDP port ,and after the scanning the UDP waits the response as shown below:

How to identify digital forensics tools

# nmap -sU 192.168.1.1

  1. FIN Scan (-sF)

The TCP SYN don’t give best solution since there is installed firewalls since the SYN packet is blecked by the target machines firewall and thus FIN is used since only the flag is sent and no TCP handshake is required to complete the process[4].

The Wireshark is the second network tool it was originally known as the Ethereal, however it captures data packet in real times and convert them to human readable formats.

It is made of  data filter, color coding to enable analysis of those packets. The following are the steps of the activities done by the wireshark tool which includes.

  1. The capturing of  packets
  2. The filtering of  packets
  3. The inspecting of  packets
  4. The capturing of  packets

This is the first thing done after the installation of the wireshark where it is opened and the name of the network is double clicked in the capturing interface of the application as shown in figure below.

Then the packets will start to display in real time after the interface is clicked as shown below.

  1. The filtering of  packets

This is where the phoning home is sent in order to terminate any network running application to enable fine scan in the network.

Then the filter is applied typing the target host in the filter box and start by clicking enter button ,for instance in case one uses the dns the only filter will be the DNS packets which will be visible as in the figure below where filtering will be auto completed by the wireshark[5].

However one can be able to display the filters as in the figure below by selecting  the menu  Analyze > Display Filters .

  1. The inspecting of  packets

This is the third  part where the  packets found are inspected by selecting and clicking to get more details as shown below.

Then the filters are created from above by right clicking of the on the details option and then applying filters as shown below.

Therefore due to those strong features in wireshark it is widely used by various professionals while debugging the implemented networks protocols, examination of network security ,and inspection of internal networks protocols.

The digital forensic is one of the best activities that are meant to be employed to the various organization while researching for a certain evidence  of any crime .

This is done by use of the various tools that  mainly helps to do data  imaging ,extraction ,recovering and  testing of the various events that took place .

While selecting the tool to use the investigators are advised to check on the flexibility, reliability and ability to expand in future in order to deliver the best results.

During the process of forensic audit the investigator is required to use the best tool to obtain the result however the following are some of the recommendations for better results and handling of any reported crime:

  1. The respondents should send alert message very fast as possible immediately they find suspicious events.
  2. The investigation team should take least time possible to address the scene and start documenting the problem.
  3. Then the auditors should be deployed in order to start analyzing the events and come up with the final report for the execution and possible remedies fro such even not to happen in future.

References

[1] W .Tommie ,Fraud Auditing and Forensic Accounting. New York:Wiley,2013.

[2]  S.Mark ,Auditing Cases: An Interactive Learning Approach. North Carolina: Pearson,2015.

[3] D.Larry, Forensic and Investigative Accounting. New York:CCH Inc,2015.

[4] N.Mark ,Forensic Analytics: Methods and Techniques for Forensic Accounting Investigations. Kharkiv, Ukraine :South-Western College Pub,2013.

[5] W.Tommie ,Fraud Auditing and Forensic Accounting., Kharkiv, Ukraine:South-Western College Pub,2014.

Order an Essay Now & Get These Features For Free:

Turnitin Report

Formatting

Title Page

Citation

Outline

Place an Order
Calculate the price
Pages (275 words)
$0.00
Course Scholars
Company
Legal
How Our Service is Used:
Course Scholars essays are NOT intended to be forwarded as finalized work as it is only strictly meant to be used for research and study purposes. Course Scholars does not endorse or condone any type of plagiarism.
Subscribe
No Spam
© 2025 Course Scholars. All rights reserved.
Course Scholars will be listed as ‘Course Scholars’ on your bank statement.

Order your essay today and save 15% with the discount code GINGER

Order Now