BN309 Computer Forensics

Question:

The Computer Forensics For the Banking and Enterprises is described.

Answer to Question: BN309 Computer Forensics

Introduction

Digital Forensics may be used for the investigation of criminal cases.

Different cases require different investigations.

It could vary depending on the evidence.

This digital forensic tech has been a significant tool in both law enforcement, and the scientific community.

It can solve all types of cases, including those involving police and prosecution.

The following are three methods for digital forensics research in education.

They are educational methodologies and educational materials.

The education methods includes policy makers, law enforcements, community, as well as higher education.

The education materials include case studies, reports, textbooks and other resources (Turedi&Han, 2013).

The educational environments can be described as physical, virtual and remote access environments. (Careers In Forensic Science, 2010).

Three forensics tools will also be discussed in this report.

FTK Imager Autopsy and OS Forensics (Yusoff), are three of the available forensics tools.

The given image will be evaluated.

The offense contents will also be displayed.

The illegal contents or their ownership will be identified.

It will be possible to determine the purpose of accessing and owning illegal content (clown contents) (“Mac OS Forensics Part 4”, 2018.

It will reveal how many files are contained within the specified amount.

With screenshots, the installed software will be described in detail for the forensic investigation on clown content.

The Autopsy will provide the timeline and a running sheet.

Required Resources

Forensic tools and forensic images are two of the most critical resources needed for forensic investigations.

Below is a list of the forensic instruments used in investigation.

FTK Imager

FTK imaging is the digital forensics tool.

Access data developed it.

This software is used in the investigation of forensic pictures.

It can also be referred to as the disk image tool.

This tool deals primarily with digital forensics.

It can be used to preview data and create images.

FTK imaging tool is used for creating a copy computer data.

It will be very similar to the 2015 version (“Classical Image Encryption And Decryption”).

The tool was very specific.

It is used to analyze email, file and password cracking.

BlackBag Technologies, Inc., 2018″).

The events are handled by multi-core software.

IT is used in developing a shared database of cases.

It can also place files in the safe zone (Armknecht & Dewald 2015.

FTK imaging tool is responsible for data persistence.

It obtains the images and then performs the operation.

FTK imager “Enhancement OF BETTER Image Detection by Encryption AND Decryption Techniques” (2018) will be used to mount the image.

It could create many different file types.

The FTK imager can be used to list all events.

The FTK imager had many features.

These are all listed below.

It can also create forensic photos of folders, hard drives and files.

FTK Imager will let you see the zip files and local hard drives.

It would also be possible to view the contents regarding the forensic photos stored on the local computer (Tabona 2018).

This forensic tool will mount the forensic file.

The windows explorer can be used to preview the mount images.

The forensic images can extract the files and folders.

It can also restore deleted files (Tudorachi, 2014).

FTK imager creates hash files that are used to generate forensic images.

There are two main functions of the FTK imager.

National Initiative for Cybersecurity Careers and Studies, 2018).

This tool has some of its major capabilities (Brinson Robinson & Rogers 2006.

They include email analysis and file encryption, data carving, visualization, OCR, data visualization, web viewer and Cerberus.

Email analysis states that this tool is used for analysing emails and heading analysis for IP addresses (“Minnesota Detectives Crack the Case with Digital Forensics” 2018, 2018.

This is why the forensic tools manager is a good choice for digital forensics.

Next, the installation steps will also be explained (“Infectious Malware Analysis and Protective Measures”, 2015).

It is used to store the application data.

It offered the possibility to change the path of the destination folder (Casey & Wu, 2012).

The destination folder will hold the program files and backups files (Zhao Zong, Wu, 2014).OS Forensics

The operating system can be described as the interface between the hardware or software.

As the term operating system forensics is used to describe the process of gathering useful data from the operating software that is connected with the mobile device or computer, it is also referred to as “operating system forensics”.

To gather the evidence, information must be collected (Casey (2013)

Computer investigations can be recovered by analysing the file system and operating systems.

Here, the file system provides the data roadmap concerning the hard disk.

It is also used for analyzing the storage of the hard disk.

It will depend on the operating system.

This could be FAT (exFAT), Ext2fs or exFAT.

The file system offers several methods for recovering data and files.

These are data hiding and data carving.

The operating system forensics then turns to memory forensics.

It’s used to combine virtual memory with Linux memory and memory extraction.

It also contributes to the web surfing artifacts (Petrisor 2012.

It could be either email or messaging artifacts.

It can be any operating system, such as windows, Linux or Mac, IOS or android (Imager.3.4 and AccessData Group, 2018, respectively).

The operating system forensics exam involves five main steps.

The first one is the development and implementation of policies (Mudge, 2007, p.

The second is the analysis of evidence.

The third is the acquisition and evaluation of evidence.

The fourth category is evidence exam.

The second is documenting, and reporting.

This forensic tool can be used for suspicious files, events with hash matching, and emails analysis (Casey – 2015).

It offers advanced file indexing and scripting (Ochiai Yamakawa Fukushima Yamada & Hayashi 2000).

These are used to extract forensic information from computers.

This also facilitates data management (Rhee Riley Lin Jiang Jiang & Xu 2014.

This tool uses the file size and time to locate the files faster (James (2018)

Outlook allows you to search for email archives.

It could also be used for recovering files (Cho Kim Park & Gil 2015.

This tool would gather system information.

The OS forensic tool could detect hidden files.

OS forensic tools also have some special features.

These features are listed below.

First, verify that the matching files match.

This could be done using secure hashing algorithms (Morrison & Petrisor (2004)).

It is possible to identify the difference through the creation of drive signatures.

Next is the timeline viewer which displays the system events in a visual manner.

The file viewer was also available.

The file viewer allows you to view images and streams.

The raw disk viewer can be used to navigate the volumes’ raw disk files (Petrisor (2007)).

The registry files allow you to access files related to windows.

It included the email viewer.

It displays the messages directly in the archive.

Next, the web browser lets you browse and capture online content.

SQLite browser makes it possible to examine SQL database files.

Plist viewer is able to view Plist files.

Pre fetch viewer will analyze the frequency, time and location of applications (Pattnaik und Jana, 2005).Installation Of OS Forensics

Below is the procedure for installing operating system forensics. (Ebert (2012)

The steps are listed below and the results can be viewed through the screenshots.

Autopsy

Autopsy is a free digital forensic tool. It is used primarily for forensic investigation.

This tool is used for sorting and identifying pieces of forensic evidence.

It included the collection command lines and a library (Platt, 2008.

These features allow for the analysis and parsing forensic data.

It has a graphical user interface.

This makes it easy to access the tool.

The tool can be used to view the files system images.

Blog”, 2018).

This platform is free and open-source. The user can verify that the data was captured and that it is transparent.

It is fast and easy to download this tool (Ricciuti (2007)

Autopsy software can identify website artifacts and keyword searches.

It can provide real-time streaming results.

This tool allows users to reverse track searches.

The tool is not able create the disk images.

For analysis of the disk image, it is necessary to first prepare the case.

It was divided into two different analysis modes for autopsy.

They are called live analysis and dead analysis.

The dead analysis allows you to assess the data from the suspect system.

You can search the evidence using some of these methods.

These techniques are listed below (“SANS Digital Forensics & Incident Response Blog

First is file listing.

This is used for analyzing files and directories with name and deleted files.

Next, file content.

It can be displayed in raw or hex formats.

This tool is used for preventing file damage (Shaaban (2016)

These databases can be used to identify files.

The files can also be sorted to identify the file type.

This operation is based upon the internal signatures.

This tool will extract the thumbnails.

The file extension can be used to compare with the regular file format.

Autopsy tools will generate a timeline based upon the events (Skulkin & Courcier n.d.).

It would be beneficial to identify the exact location of files (“Starting a New Digital Forensic Investiation Case in Autopsy 4” 2018).

It will include information regarding the evidence.

The timeline includes information like modified time, access times.

Next is keyword searching.

To make a key search about the files system, you will need to use the ASCII string.

It will either be performed on a fully-allocated or unallocated system.

The most important function of the autopsy software is the analysis Meta data.

Meta data is the information that is stored in files and directories.

This tool allows the user to see the Meta data.

It is also useful to recover files that have been deleted.

This allows you to examine the directory and file paths.

The autopsy tool will then be used for data unit analysis.

This tool will allow you to analyse the contents of each data unit.

The autopsy tool allows you to view the image files.

It also contains information such as the disk layout and activity time.

These information are used for data recovery.

Bell (2018). The autopsy software provides many functions related to case management.

Conclusion

In this report, there are three forensics instruments.

FTK Imaging, Autopsy, and OS (Operating system) Forensics are all used.

These three tools are used for the analysis of the given forensic photo.

The offense content is clearly presented.

It is possible to determine who the owner of the forensic photo or illegal content is.

The intent to access the illegal content or own it (clown content), is revealed.

The number and size of the files within the given forensic quantity is determined.

With screenshots, the installed software to conduct forensic investigation on clown content is detailed.

The Autopsy also includes the timeline and running sheet.

Refer toAlmarri, S., & Sant, P. (2014).

Optimised malware detection in digital forensics. International Journal Of Network Security & Its Applications, 6(1), 01-15. doi: 10.5121/ijnsa.2014.6101Anastasi, J. (2003).

The new forensics. Hoboken, N.J.: John Wiley & Sons.Armknecht, F., & Dewald, A. (2015). Privacy-preserving email forensics. Digital Investigation, 14, S127-S136. doi: 10.1016/j.diin.2015.05.003Awasthi, S., Pratap, A., & Srivastava, R. (2017).

Framework for Visual Cryptographic based Encryption and Decryption. International Journal Of Computer Applications, 163(3), 17-20. doi: 10.5120/ijca2017913485Brinson, A., Robinson, A., & Rogers, M. (2006).

A cyberforensics ontotology: A new approach to cyber forensics research. Digital Investigation, 3, 37-43. doi: 10.1016/j.diin.2006.06.008Carbone, F. (2014).

FTK is used for computer forensics. Birmingham, United Kingdom: Packt Pub.Carlton, G. (2008).

An Evaluation on Windows-Based Computer Forensics Application Software Runned on a Macintosh.

Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2008.1045Carlton, G., & Worthley, R. (2010).

Identifying Computer Forensics Specialist: A Study to Determine the Characteristics of Forensic Examiners.

Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2010.1069Casey, E. (2012).

Digital forensics and cloud computing. Digital Investigation, 9(2), 69-70. doi: 10.1016/j.diin.2012.11.001Casey, E. (2013). Triage in digital forensics. Digital Investigation, 10(2), 85-86. doi: 10.1016/j.diin.2013.08.001Casey, E. (2015). Smart home forensics. Digital Investigation, 13, A1-A2. doi: 10.1016/j.diin.2015.05.017

Casey E. Handbook on digital forensics.Cho, S., Kim, D., Park, J., & Gil, K. (2015).

An online water monitoring method as a water security tool: A feasibility view. Environmental Forensics, 16(3), 231-241. doi: 10.1080/15275922.2015.1059390

Classical Image Encryption/Decryption (2015). International Journal Of Science And Research (IJSR), 4(11), 607-612. doi: 10.21275/v4i11.sub159282Dendroecology: A Key Forensic Age-Dating Tool. (2005). Environmental Forensics, 6(1), 3-4. doi: 10.1080/15275920590913813

Easttom C. System forensics, investigation, response.Ebert, J. (2012).

Book Review: Mastering Windows Network Forensics and Investigation.

Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2012.1136

Enhancement Of Better Image Detection by Using Encryption AND Decryption Technologies. (2018). International Journal Of Recent Trends In Engineering And Research, 375-382. doi: 10.23883/ijrter.conf.20171225.057.4wpxmFichera, J., & Bolt, S. (2013).

Network intrusion analysis. Amsterdam: Elsevier.Fowler, J. (2017).

Dynamic malware analysis: Compression and compression of virtual-machine memory.

Journal Of Digital Forensics, Security And Law. doi: 10.15394/jdfsl.2017.1437Han, S., & Lee, S. (2009). Packed PE File Detection for Malware Forensics. The KIPS Transactions:Partc, 16C(5), 555-562. doi: 10.3745/kipstc.2009.16c.5.555

Protective Measures and Analysis of Infectious Malware (2015). International Journal Of Science And Research (IJSR), 4(12), 1101-1105. doi: 10.21275/v4i12.nov152133

Protective Measures and Analysis of Infectious Malware (2015). International Journal Of Science And Research (IJSR), 4(12), 1101-1105. doi: 10.21275/v4i12.nov152133

Institute for Career Research. (2010).

Forensic science careers. Chicago, IL.Ismail, I., Marsono, M., Khammas, B., & Nor, S. (2015).

To classify malware variants in network traffic by incorporating known malware signatures.

International Journal Of Network Management. 25(6): 471-489. doi. 10.1002/nem.1913Jules, K., & Lin, P. (2007).

Live monitoring of space research laboratory environments with trend and prediction analysis. Acta Astronautica, 61(1-6), 27-36. doi: 10.1016/j.actaastro.2007.01.028Kim, A., Kim, S., Park, W., & Lee, D. (2013).

Fraud and financial crime detection model based on malware forensics. Multimedia Tools And Applications, 68(2), 479-496. doi: 10.1007/s11042-013-1410-3Mahawer, D., & Nagaraju, A. (2013). Metamorphic malware detection using base malware identification approach.

Security And Communication Networks. 7(11), 1719-1733. doi. 10.1002/sec.869

Cloud Computing Infrastructures can detect malware. (2018). International Journal Of Recent Trends In Engineering And Research, 223-227. doi: 10.23883/ijrter.conf.20171201.044.wsqfbMattern, J. (2004). Forensics. San Diego, Calif.: Blackbirch Press.MJ, B. (2016).

A 5-year Forensic Autopsy Analysis on Elderly Death in the North of Portugal.

International Journal Of Forensic Sciences. doi: 10.23880/ijfsc-16000106Platt, R. (2008). Forensics. Boston, Mass: Kingfisher.Provataki, A., & Katos, V. (2013).

Differential malware forensics. Digital Investigation, 10(4), 311-322. doi: 10.1016/j.diin.2013.08.006Reilly, D. (2006).

Autopsy analysis. New Scientist, 192(2581), 24-25. doi: 10.1016/s0262-4079(06)61320-1Rhee, J., Riley, R., Lin, Z., Jiang, X., & Xu, D. (2014).

Data-Centric Os Kernel Malware Characterization. IEEE Transactions On Information Forensics And Security, 9(1), 72-87. doi: 10.1109/tifs.2013.2291964Ricciuti, E. (2007). Forensics.

Collins. New York.Sen, S., Aydogan, E., & Aysan, A. (2018).

The coevolution of mobile malware and anti-malware. IEEE Transactions On Information Forensics And Security, 13(10), 2563-2574. doi: 10.1109/tifs.2018.2824250Shaaban, A. (2016).

Practical Windows Forensics. Packt Publishing.Skulkin, O., & Courcier, S. Windows forensics cookbook.Stewart, G. (2007). Forensics. Detroit, Mich.: KidHaven Press.

Digital Forensics, a New Malware Analysis Method

Indian Journal Of Science And Technology (8(17). doi: 10.17485/ijst/2015/v8i17/77209

Evaluation results for digital data acquisition tools. (2014).Vacca, J., & Rudolph, K. (2011).

System forensics investigation and response. Sudbury, Mass. : Jones & Bartlett Learning.Zhong guo jian cha chu ban she. (2015). FTK shi zhan ying yong. Bei jing.