Free Essay

Forensics

In: Computers and Technology

Submitted By gorivishal
Words 937
Pages 4
Name: Nupur Vijay Gholap
Weekly Solutions Template

Hands on project 4-4:
Answer:

Case Project 4-5
Answer:
To acquire the data from the source file following methods can be used: 1. Disk-to-Image files: FKT Imager can be used to disk-to-image files from other proprietary formats. We need not segment the data as entire 2 GB can be stored directly. FKT runs on the windows and needs write blocking device. FKT can read AccessData, Expert Witness, SafeBack, SMART and raw format files, CD and DVD files.
Proprietary format tools run an option to compress or not compress image files of a source drive, to save space on the target drive. Hashing helps check the integrity of the data. Various tools can integrate metadata into the image file
But there exits an inability to share an image between different vendors’ computer forensics analysis tools. Like ILook imaging tool IXimager produces IDIF, IRBF, and IEIF but can be read only by ILook. Proprietary format tools produce a segmented file of 650 MB. Maximum file size per segment can be 2 GB.

2. Disk-to-disk copy: UNIX/Linux dd command does disk-to-disk copy. dd command is very easy and effective in a Linux machine. But for that we need equal or larger space in the target disk to copy full image from the source disk.
Raw formatting is a technique in which we use dd command to generate image files which are split into smaller segments and are exact bit-by-bit replica of the original disk. These are sequential flat files of the source drive. Hardware and software duplicators are available for disk to disk copy. Hard duplicators like Logicube Talon,etc and software duplicators like SafeBack, EnCase, etc.
Raw format is faster data transfers and has the ability to disregard minor data read errors. Versatility is a big deal as the output because many forensics tools can read the raw format, making it a universal acquisition format for most tools. It needs equal storage space as compression option is unavailable. Freeware versions, sometimes might not collect marginal (bad) sectors on the source drive, meaning they have a little threshold of retry reads on frail media spots on suspect drive. Many acquisition tools also provide a validation check by using Cyclic Redundancy Check (CRC-32), Message Digest 5 (MD5), and Secure Hash Algorithm (SHA-1 or newer) hashing functions. Separate file is created containing the hash value. FTK Imager and ProDiscover are couple of tools which can be used.

3. Logical disk to disk/sparse acquisition :
It’s used to collect specific files from the suspect drive, as the evidence files. This method is used when the time is limited and we don’t need to copy entire drive of suspect.
Example: Suppose in a case there is row over certain illicit email by the suspect. His only email needs to be checked rather than entire file. It saves time and target disk space. Software like EPICS can be used for the same. It can copy Outlook .pst or .ost files

Hands on project 5-5

Answer

Case study 5-4
Answer
To investigate the case following steps should be followed: 1. I will need to issue the search warrant against Mr. Zane first. Or since it’s a private institute, I will need permission of the highest authority here. 2. I need following things to carry out the search-
Small Computer toolkit
Large capacity storage
USB cable
Write-blockers
3. Then I will ask the highest authority of the institution to avoid the use of Mr. Zane’s system by anyone. Also let the system be in the state it is, if its off, leave it off, if it on, leave it on. 4. While investigating the office of Mr. Zane, him being unaware of the investigation, I would first click pictures of the office to place the stuff back as it first was after investigation. 5. I will then boot my forensic workstation to Windows and go to AccessData. 6. I will connect the system to the target drive and use FTK with write-blocker to copy the data to the target drive. 7. I will use CD or DVD on MM tapes to store the acquitted data. 8. It is necessary to know that it is difficult to retrieve entire data if Mr. Zane has deleted the data as the RAM can overwrite when other programs are run. 9. Also when FTK is booted on Windows, it runs on the same RAM of source data and there are high chances of programs over-writing the deleted files. Hence it’s difficult to maintain integrity of data.

* Lab Answers
2.1
1. d – The MFT is not updated until all the remnants have been overwritten by the new data.
2. a – Recovering files that have been deleted but not overwritten.
3. d - 7
4. b – The MFT is updated to indicate free space when the files are deleted.
5. b – Writing 0s and 1s to the file remnant locations

2.3
1. a - .dd
2. c – CD or DVD
3. c - .eve images to ISO
4. d - .dd
5. a – Forensics investigators should be familiar with more than one forensic analysis tools because they can maintain the chain of custody.

2.4
1. d - .eve
2. b – is not optimized to search large volume of data
3. a – be small enough to fit on a floppy disk as a portable imaging tool
4. a – MD5
5. b – Because the file hash verified that the “chain of custody” has been maintained during the imaging process.…...

Similar Documents

Free Essay

Forensic

...Restoration of Obliterated Marks in Forensic Science Practice and Investigations R. Kuppuswamy Forensic Science Programme, School of Health Sciences, Universiti Sains Malaysia Malaysia 1. Introduction 1.1 The problem A problem of common occurrence in forensic science is the restoration of obliterated serial numbers on the chassis and engine of stolen motor vehicles, firearms, jewellery, valuable tools, and machinery (Nickols, 1956; Wolfer & Lee, 1960; Jackson, 1962; Cunliffe & Piazaa, 1980; De Forest & Gaensslen, 1983; Schaefer, 1987; O’Hara & O’Hara, 1994; Moenssens et al (1995); Heard, 1997; Petterd, 2000; Lyle, 2004; Katterwe, 2006; Seigel, 2007; Mozayani & Noziglia, 2006; Jackson et al (2008); Levin, 2010). Serial numbers or other markings, which are unique to that particular item, are usually marked on the above metal surfaces during the manufacturing process. Criminals alter or obliterate these identification marks during thefts or other illegal uses in order to prevent their identity. On many occasions a fraudulent number would be introduced after removing the original one. In abandoned vehicles all serial numbers are verified in order to detect alterations in the identity of the vehicle (Svensson et al, 1981). Sometimes the serial numbers on firearms are removed more professionally making it hard to distinguish whether the numbers are original or not (Shoshani et al, 2001). Restoration of the original obliterated numbers provides important forensic evidence in......

Words: 10345 - Pages: 42

Free Essay

Forensic

...Subspecialties of forensic psychologySubspecialties of forensic psychologySubspecialties of forensic psychology Forensic psychology is defined as the application of psychological knowledge to the legal system (Bartol & Bartol, 2012: 6). The concept of forensic psychology can be misunderstood, because the definition does not explain much. The easiest way to explain forensic psychology is to break it down into its subspecialties and describe where psychological knowledge can be applied. There are five subspecialties of forensic psychology, namely police psychology, psychology of crime and delinquency, victimology and victim services, legal psychology and correctional psychology. I will discuss legal psychology and correctional psychology. · Legal psychology Legal psychology is the study of human behavior relevant to the law. This subspecialty of forensic psychology consists of those theories that describe, explain and predict human behavior by reference to the law. Bartol & Bartol (2012) described that early in a case when attorneys are preparing for a trial and gathering information psychologist can be called in to testify. Main roles of a forensic psychologist in the USA includes, acting as a consultant to law enforcement, acting as trial consultants (jury selection, case preparation and pre-trial publicity), presenting psychology to appeal courts, doing forensic assessment and acting as an expert witness (insanity defense, competence to stand trial, sentencing, eyewitness...

Words: 1988 - Pages: 8

Free Essay

Forensic

...Forensic Psychology Abstract: U.S. Supreme Court Rules in Kumho Tire Co. v. Carmichael Case (No. 97—1709. Argued December 7, 1998–Decided March 23, 1999) On March 23, the U.S. Supreme Court ruled in Kumho Tire Co. v. Carmichael, No. 97-1709, that all types of expert evidence are subject to the relevance and reliability ‘gatekeeping’ function that the Supreme Court had articulated with respect to scientific evidence in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993). The Court further held that trial judges have substantial discretion or ‘considerable leeway’ to determine how to evaluate relevance and reliability and to make a determination on whether to admit the expert evidence. While this decision will make it more difficult when judges are hostile to the type of expert testimony being offered by plaintiffs, there were some helpful aspects to the Court’s opinion that lawyers for plaintiffs should know and emphasize: • The Court rejected arguments that all, or even one, of the four Daubert factors (testing, peer review, error rates, and scientific acceptability) must be satisfied for the testimony to be admissible, noting that even in scientific evidence cases the Daubert factors ‘do not all necessarily apply’; • The Court endorsed the idea that expert testimony from reliable fields of study that conforms with the standards used in that discipline should be admissible (In doing so, the Court was......

Words: 395 - Pages: 2

Free Essay

Forensic Accounting

...AN OVERVIEW OF FORENSIC ACCOUNTING IN MALAYSIA Mohd Sarif Ibrahim and Mazni Abdullah Department of Financial Accounting & Auditing Faculty of Business and Accountancy, University of Malaya 50603 Kuala Lumpur, Malaysia sarif51@um.edu.my, mazni@um.edu.my ABSTRACT Forensic accounting may not be a new field in accounting. However it becomes so important recently and has been an interest to various stakeholders, from the government, investors, and practitioners to regulatory bodies. Corporate failures like the often cited Enron and WorldCom cases have placed forensic accounting into the limelight. The objective of this study is to present the views of practitioners regarding forensic accounting and its current development in Malaysia. For the purpose of this study, practitioners from the big and medium accounting firms and regulatory bodies in Malaysia were interviewed regarding the subject matter and unstructured interviews were used in the study. Keyword: Forensic Accounting, Auditing and Investigation. INTRODUCTION Corporate financial scandals like the often cited Enron and WorldCom cases of the last few years is a wake-up call to the accounting profession and has rejuvenated the interest in forensic accounting. Increasing government regulations and pressures from other stakeholders has made businesses acutely aware of the consequences of employees’ misdeeds and inadequate internal controls. Companies are now beginning to be more determined than ever to......

Words: 2977 - Pages: 12

Premium Essay

Forensic

...medical examiners use similar phrases. Most people enjoy watching CSI, Criminal minds, and Law and Order. If you haven’t guessed by now, I am totally interested in crime scenes and how people die. A forensic pathologist is a great profession that requires hard work, dedication, and flexibility. A Forensic Pathologist is a person who examines the bodies of people who died suddenly, unexpectedly, or violently. They are in charge of determining a person death. A medical examiner perform autopsy and trace evidence from the body for further information. This profession works hand and hand with criminal law. As a medical examiner, you are responsible for finding the exact cause of death. “I wanted to be a forensic scientist for a long time. It's like putting the pieces of a puzzle together. Solving mysteries seemed like it would be fun, scary and exciting all at the same time.” Forensic Pathologist performs a full death investigation. As a coroner, evaluates crime scene evidence. There is a large vocabulary that forensic pathologist must learn. The terminology that medical examiners use is totally different from everyday language. They use medical terms that doctors use for body parts. Education is very important no matter what career path you choose. For a forensic pathologist, you will need plenty of education you must go to high school and college; you must also make good grades. In high school, you should strive to keep a B average. Asking your......

Words: 1117 - Pages: 5

Premium Essay

Forensic Pathology

...A forensic pathologist (which is known to most people as a medical examiner), is heavily involved in the criminal justice system and medical system. The medical examiner's main job is to conduct an autopsy on the victim of any unnatural form of death. Their primary task in potential criminal cases is to find the cause of death and confirm if it was homicidal, suicidal, or an accident. The cause of death is what police investigators use as their lead to track down potential suspects. Some work in local parts of government, hospitals, medicals schools, and in private practice which would contract their service to other government agencies. They perform autopsies, write out autopsy reports, look over victim's medical records, and interview the victim's next of kin. They also have to be trained in the legal system and to be able to testify in court cases involving death or injury (“Forensic Pathology,” 2009). Most forensic pathologist start as a resident, then after residency they awarded the title medical examiner. They can continue working to deputy chief medical examiner and the top position chief medical examiner. It takes between 13 to 15 years of education to become a forensic pathologist. This includes your bachelor degree and medical course requirements, followed by four years of medical school, and four years practicing forensic pathology as a resident. Once all of this is completed, you are required to accomplish a one year fellowship. The last and final step to be a......

Words: 659 - Pages: 3

Free Essay

Forensic

...antigen found on the surface of red blood cells 85% of human population is Rh+ Anibodies are Y-shaped proteins secreted by white blood cells that attach to foreign antigens to destroy them. If you have blood type A, you have Antigens on your red blood cells, and B antibodies in your blood plasma. Those B antibodies will clump if mixed with B antigens. Genotype I(b) I(b) Phenotype Blood type B Heterozygous I(a) I (i) Homozygous I(a) I(a) Chapter 10 Serology is used to describe a broad scope of laboratory tests that use specific antigen and serum antibody reactions The concept of specific antigen-antibody reactions has been applied to immunology techniques for the reaction of drugs of abuse in blood and urine. Forensics of Blood The determination of blood is best made by means of a preliminary color test. A-B-O vs. DNA Seminal stains- sexual contact Blood spatter analyst at crime sense Transfer of blood Arterial spurting----splash of blood---dribble down on the wall Blood drip onto blood---surface Violence of event (energy) Very energetic event-----gun shots Falling drop of blood Spherical------ hit at an angle Multiple blood droplets---plot backwards---point of convergence=source of blood...

Words: 269 - Pages: 2

Premium Essay

Forensic

...Forensic Pathology In the many months I’ve researched Forensic Pathology, I’ve found so many roads that I have to take in order to get there. I have been pursuing this dream since my freshmen year. I found so many interesting, shocking, and yet some upsetting things. I realized that not everything is positive when it comes to choosing your career. When actually seeing, physically what Forensic Pathology really is, you’ll be shocked about it. Since reading about it and actually doing the job, it’s so different it never crossed my mind that it would be so much work. There are many steps to becoming a Forensic Pathologist. The education for it takes many years, but yet it is possible. A forensic pathologist (which is known to most people as a medical examiner), is heavily involved in the criminal justice system and medical system. The medical examiner's main job is to conduct an autopsy on the victim of any unnatural form of death. Their primary task in potential criminal cases is to find the cause of death and confirm if it was homicidal, suicidal, or an accident. They perform autopsies, write out autopsy reports, look over victim's medical records, and interview the victim's next of kin. They also have to be trained in the legal system and to be able to testify in court cases involving death or injury (“Forensic Pathology,” 2009). Most forensic pathologist start as a resident, then after residency they awarded the title medical examiner. They can continue working to......

Words: 363 - Pages: 2

Premium Essay

Forensics

...this research paper was to analyze three anti-forensic techniques for potential methods of mitigating their impact on a forensic investigation. Existing research in digital forensics and anti-forensics was used to determine how altered metadata, encryption, and deletion impact the three most prominent operating systems. The common file systems for these operating systems were analyzed to determine if file system analysis could be used to mitigate the impact of the associated anti-forensic technique. The countermeasures identified in this research can be used by investigators to reduce the impact of anti-forensic techniques on an investigation. Also, the results could be used as a basis for additional research. File system analysis can be used to detect and mitigate the impact of the three methods of anti-forensics researched under the right circumstances. Some areas of anti-forensics and file systems have been relatively well-researched. However continued research is necessary to keep pace with changes in file systems as well as anti-forensic techniques. Keywords: Cybersecurity, Albert Orbinati, Windows, Linux, Macintosh, file table. MITIGATING THE IMPACT OF ANTI-FORENSIC TECHNIQUES THROUGH FILE SYSTEM ANALYSIS by Gabriel A. Flynn A Capstone Project Submitted to the Faculty of Utica College August 2012 in Partial Fulfillment of the Requirements for the Degree of Master of Science Cybersecurity – Intelligence & Forensics © Copyright 2012 by Gabriel Flynn All......

Words: 11835 - Pages: 48

Premium Essay

Forensics

...TABLE OF CONTENTS Introduction 1 Purpose 1 Methodology 1 Organization_______________________________________________________________ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon...

Words: 1629 - Pages: 7

Free Essay

Forensics

...CCSI 410 Forensic Lab Report 1) Investigator’s Name: _Henry Broncano____ 2) Date of Investigation:__11-21-15 3) Lab Number and Title: _Week 4 Ilab____ 4) Summary of Findings When looking into week four of the ILabs I conducted the necessary steps requested. Do to the finding in the search of the floppy disk and its key search in the result of bob and manuel I believe there is enough to investigate. The findings show a solid lead to this case and deserve more of an evaluation. 5) Details of Investigation Saturday, 11/21/2015 1:00 PM: Determined Keyword List: Bid AND fraud*,Bid OR fraud* ,Acuerdo* AND agree*,Acuerdo* OR agree*,Bid* AND money,Bid* OR Money,Sub*,profit, stipulation, account ,contract. U.S. Department of Homeland Security, 03/22/05, 11/08/05* Estado Libre y Soberano de Chihuahua, Mexico, 04/19/05*, 07/14/05 U.S. Department of Housing and Urban Development, 01/31/05, 06/08/05* Ciudad Juarez, Mexico, 09/12/05 Laredo, TX, 02/10/05, 08/29/05, 10/04/05 Havens, New Mexico, 09/28/05*, 12/03/05 Tucson, Arizona, 02/28/05*, 05/27/05 Estado Libre y Soberano de Baja California, Mexico, 03/06/05 U.S. Immigration and Customs Enforcement, 01/05/05, 05/18/05 1:15 PM: Created Case File then added the provided floppy image file to begin my investigation. 1:20 PM: Added Keywords into the search 1:47 PM: was able to answer question 3. 2:19 PM: Setup of Case completed, and set Indexing......

Words: 1191 - Pages: 5

Premium Essay

Forensic Accounting

...Forensic accounting is the specialty practice area of accountancy that describes engagements that result from actual or anticipated disputes or litigation. "Forensic" means "suitable for use in a court of law", and it is to that standard and potential outcome that forensic accountants generally have to work. Forensic accountants, also referred to as forensic auditors or investigative auditors, often have to give expert evidence at the eventual trial. There are several organizations worldwide that provide continuing education and certification for forensic accountants. There has been a growing need for this specialized field with recent company scandals that have occurred. Forensic accountants utilize an understanding of business information and financial reporting systems, accounting and auditing standards and procedures, evidence gathering and investigative techniques, and litigation processes and procedures to perform their work. The main goal of their engagements is to provide the answers to the how, where, what, why, and who committed the alleged allegations. They will use the same basic procedures for obtaining evidence of the crimes that they investigate. They will examine records and interview suspects to determine the answers to these questions. Forensic accountants are also increasingly playing more proactive risk reduction roles by designing and performing extended procedures as part of the statutory audit, acting as advisers to audit committees, fraud......

Words: 346 - Pages: 2

Premium Essay

Forensics

...In the article it was discussing all the different types of forensics there are. People think there is just one type of forensics, but there’s a wide range of all different types. I also picked this article because I think people should realize that forensics is a very hard field to go into. You really have to really have heart to be able to go into this field. Investigator’s really have to go into detail about every little thing. In the investigations you really cannot miss a single detail. The article also goes in depth about what sciences are required to take, and for that person to really know. To be in the field you really have to love what you do. Many people often misunderstand Forensic Science and believe it is much more capable than it really is. People typically think that what they watch on T.V. is 100% true. Actually what you see on T.V. is mainly false or over exaggerated in some way. Criminal Investigation is the largest and most known form of Forensic Science. More of the known areas that people know about Forensics are; Fingerprinting, DNA Identification, Fiber Samples, Computer Animation, etc. What people see on T.V. is that it takes about an hour for the people on the NCIS, or Law & Order to figure everything. Typically it takes months at a time, and most of the time aren’t even accurate concepts. This article relates to my life, because forensics is really all about a puzzle. I feel like my life is like a puzzle. But in a good way. This article......

Words: 314 - Pages: 2

Premium Essay

Forensics

...DNA is a molecule that contains the body’s genetic information. ”DNA typing is also known as DNA profiling and genetic fingerprinting. Forensic investigators use this method to identify the suspects involved in a criminal case(s). “Although 99.9% of human DNA sequences are the same in every person, enough of the DNA is different to distinguish one individual from another.” (Accessexcellence.org) A Mr. Alec Jefferys first documented the DNA typing procedure in 1984 at the University of Leicester in England. Inside ones DNA, we find what is called Short Tandem Repeats (STR). It is known why STR exist, but what is significant is that over 30 percent of human DNA is made up by these STR. “STRs are locations on the chromosome that contain short sequence elements that repeat themselves with in the DNA molecule.”(Saferstein, R pg.397) With Polymerase Chain Reaction or PCR technology, DNA research has made leaps and bounds. This method greatly enhances a single piece of DNA and makes thousands of copies of that particular DNA sequence. Another reason PCR is proven beneficial is that it moves shorter strands of DNA that are supposed to be more stable and less subjected to degradation, as oppose to the longer strand that break in bad environment atmospheres. Particularly PCR can enhance the STRs found in individuals blood and can be used to tell the difference between different individuals DNA, thereby proving a person innocent or guilty. In criminal investigations today DNA is used...

Words: 1256 - Pages: 6

Premium Essay

Forensic

...Forensic Toxicology     It was during the years of 1998 and 2001 that a very demure and innocent looking woman named Van le Thahn began her killing spree. Thahn was 49 years old  at the time and was from the city of Ho Chi Minh in Vietnam. Van le Thahn successfully poisoned 13 people with cyanide. Named the Vietnamese Black Widow, Van would intentionally place herself in situations that would allow her to interact with people who were rich and affluent. After gaining access to the circle, Van would befriend those that she thought would be easy targets and victims to her scheme. She would cook for her new found “friends” and provide drinks that contained cyanide which ultimately ended their lives. Van did not discriminate when it came to her targets in some cases. It is estimated that Van killed thirteen people during the years of her killing spree, among the thirteen people she killed included was her mother-in-law, brother-in-law, and two ex-husbands. It is speculated that the killing of the members of Van’s extended family was due to ongoing family problems. Van’s main goal for the selection of her targets and killing them was to take their most valuables items for her possession or sell them for the money. It is estimated that Van was able to steal more than twenty thousand US dollars from her victims. Because of the nature of these killings it made finding out that Van was the killer hard. It is without a doubt that had it not been for the expertise of a Forensic......

Words: 1979 - Pages: 8

The Four | Bodysuits & un pezzo | Mug WEBRip (240p, 360p)