In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you.
You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can
think of.
This assessment task covers data validation, e-discovery, steganography,reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks
to assess your ability to:determine the legal and ethical considerations for investigating and prosecuting digital crimes analyse data on storage media and various file systems collect electronic evidence without compromising the original data; evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; prepare and defend reports on the results of an investigation
Here, the scrambled bits will be recovered by using Winhex digital forensics tool. This tools is used for data recovery and it gives the effective data recovery for digital forensics analysis. The recovery of scrambled bit follows the below steps to recovery the scrambled bits.
First user needs to open the Winhex forensic Tool. It is shown below (Advances in Digital Forensics 9, 2016).
Then, choose “Start center” for opening the scrambled bits. To select start center click on the tools option and choose, Start center. Once the scrambled bits opens. This process is represented in the below figure.
Browse scrambled bits by selecting the text file. Then, click on Open, to open a text file. This shows the text file’s scrambled bits and looks as shown in the below figure (Altheide & Carvey, 2011).Then, execute the scrambled bits and it is displays the text (Barrett & Kipper, 2010).Once execution is finished and it shows the message stating “Congratulations! You have successfully unscrambled bits in this file”. This process looks as displayed in the following image.
The crime scenes comprising of digital media which contains fraud cases to homicides. This happens due to the presence of advanced technologies, where financial fraud is the most commonly committed crime. This crime includes to send fake cheques, creating fake identity cards, stealing and selling the fake identity cards like bank cards, driving licence and so on. The digital forensics practitioners must have wide perspective and case understanding on they work, because this will help them to have a narrow scope of their investigation.
The aim of this project is to provide a digital forensic report, for ABC organizations. This organization has found loss of suspicious data. This data is very important for the organization. So, it needs to recover and create a report based on digital forensics data recovery process and tools. ABC organization will be examining the possible rational property that is stolen by Bob Aspen, who is currently working as a contract worker, at ABC. Exclusive marketing process and investigation has been completed by ABC organization, related to customer services. It was arranged by LLC Company, which is sells superior bicycles. In the work area, the chief of ABC organization found an USB drive, which was handed to Bob aspen. This leads to decide whether the USB drive was used for extracting some data, from the web server executive (Gogolin, Ciaramitaro, Emerick, Otting & Pavlov, 2013).
Scope
The scope of this project is to create digital forensic report, for ABC organization, which has lost some suspicious data. Thus, it wants the data to be recovered, with the use of effective data recovery method. For this case, a set of three forensic tools are being utilized such as image steganography, pro discover and Winhex. Image steganography tool is utilized for recovering the text that is hidden in the images present on the USB. Pro discover tool is utilized for recovering all the data from the hard drive. Winhex forensic tool is utilized for recovering the images that are corrupted and present in the hard drive. All these tolls will be studied and analysed (Ray & Shenoi, 2011).
Scope
System Requirement
- OS : Windows Professional
- RAM : 4GB
- Hard Disk : 500 GB
- Processor : Intel(R) Core i7-2630QM CPU
- System type : 64 bit or 32 bit
The below mentioned forensics tools are used by ABC organization, for recovering the suspicious data from the USB drive:
- Winhex Tool
- Image Steganography Tool
- Pro Discover Tool
Winhex forensics tool is extremely useful for the departments like, data recovery department, low level information altering as well as for PC crime scene investigation (AG, 2018). Winhex forensics tool is utilized for recovering and altering the accompanying perspectives such as, computer flash, ROM, floppy etc. In this way, for any organization Winhex device provides proficient and powerful data recovery process and it is used by various organizations. Winhex forensics tool contains various highlights, for example:
- Winhex forensics tool comprises of scripting and programming interfaces.
- Encode records
- It supports document of any size.
- It makes hashes and checksums.
- Wipe drives
- It ensures to join and split the records.
- It provides program support, in a wide range.
- It imports the whole lot of clasp board positions.
- It edits information structures, by utilizing formats.
- It compares and dissects the records.
- It additionally contains printing, moment window exchanging as well as irregular number generator.
- It converts between Intel hex and ASCII, by pairing.
- It utilizes the different data recovery systems.
- It divides and brings together the even and odd words as well as the bytes.
- It contains plate proof-reader for the floppy circles, shrewd media, CD-ROM, floppy circles, hard circles and so on.
- It divides and connects the documents.
- Disk cloning
- It examines and takes a look at the records.
- Recapture data.
- Steganography
The steganography tools for the most part contains different software, which is utilized for hiding the unknown content from the Images document, HTML record and from different documents. In this case, the Image steganography device is used for concealing the unknown content from the Image document. Image steganography tool is additionally utilized for hiding the client data in an image document. Moreover, this tool can also hide the content records inside the picture document. Image steganography works by selecting the source, where you wish to hide the secret messages and then choose the records to conceal the privileged insights content (Sammons, 2015).
At long last, select the yield picture areas in light of the fact that these tools do the both encoding and decoding. The standard reason behind using steganography is that are hiding our secret message behind a standard archive. No one will assume the record. People will generally understand it as a traditional record and our secret message will be handed, without any suspicion. The archive utilized for covering the message will function normally and there won't be any assumption by just looking at the record. Various conditions exists, when there is any need of securing the record’s transmission. Software engineers are all near and constantly endeavour to double the correspondence, for getting the private data.
With the help of Steganography, it is possible to reduce the likelihood of data leakage. Not with standing whether the attacker picks up initiation on either our record or the email, the attacker won't comprehend where the private report might be in our records. There are diverse techniques to achieve steganography advances. Regardless, there is no need to perform coding for achieving this. Also for Steganography there are distinctive programming instruments. This item could disguise the riddle message behind the photo archive, HTML file, DOC record or any form of record.
Pro Discover Tool
The tool named Pro discover is regarded as the extremely powerful tool for computer security. Also it is utilized for giving the innovative appearance capability, then it is fast as well as adaptable. For any organization it can be helpful and has simple usage. It is intended to the NIST circle imaging tool and high quality is safeguarded by it. It can recuperate the erased records; progressively permit a see and inspects the slack space. In an organization it is adopted by a circle, in the segment level. It manages the security concerns of an organization.
System Requirements
It provides high quality. This tool can review each document, irrespective of whether the document is hidden or erased, without altering the information present in the disk. It underpins the VM product to run a catch a picture. It makes the bit stream duplicate of circle to be examined to guard unique proof. It keeps up the multi device similarity by composing and perusing the pictures. It has different highlights, for example,
- Integrated thumbnail illustrations
- Internet history
- Examine the sun Solaris UFS record
- Examine the Linux record frameworks
- Automated report age
- Event log document
- Integrated watcher to look at the records
- Search the whole circle
- Extracts the EXIF data
- Integrated and GUI interface work is utilized to guarantee the usability and snappy begin.
- Ensure high quality
- Utilize the client give and national Drug insight
- Prove the information trustworthiness
- Utilize the Perl contents
- Recovering the deleted image from the USB with the help of Winhex
Basically, the tool digital forensics is meant for recovering the lost and deleted data from the USB and the hard drive. Here, we will recovery the data for ABC organization because this organizations lost some suspicious data and it intends to recover it with the help of different data recovery tools. The Winhex tool is used for recovering the deleted images which were present in the USB. For ABC organization, this tool is utilized for proving the data recovery process’s effectiveness and efficiency. This tool is very useful tool for an ABC organization. The following images display the corrupted images and this image must be recovered with the help of Winhex forensics tool.
Here, we will recover the corrupted images, where the following steps are used:
Initially, the Winhex forensic tool must be opened by the user.
Click on Tools option, for selecting the Open disk option.
Later, select the location of the deleted corrupted image file, as represented in the below image.
Then, in the USB from the deleted location select the corrupted images.
Next, Winhex forensic tool displays the data that was deleted.
The below represented image shows the corrupted images.
Then, prepare the hard drive by clicking on Tools option, and then choose disk initialize option. This process is utilized for displaying the properties of the image that is improved. This tool is also utilized for freeing up the space of the hard drive so that recovered images of the USB are saved. It is as displayed below.
Once there is completion of disk initialization, the recovered file must be right clicked. In the Winhex recovery window, this will help in recovering the deleted corrupted images. Then, choose recovery and copy option. This process looks as displayed in the following image.Here, the output path must be browsed for saving the recovered file. This process looks as displayed in the following image.At last, the corrupted files are displayed. Moreover, it also recovers the corrupt file as a normal file. This process is represented in the below image.
From Image recovering the hidden text with the help of Steganography Tool
Here, we will use the stenography tool and it is commonly utilized for recovering the images and also the hidden text in it. The hidden text is easily recovered from the images in the USB. The ABC organization has lost some suspicious data and it intends to recover it. Thus, the steganography tool is used for recovering the hidden text. This process is represented in the below image.
Initially, open the steganography forensic tool. This displays the home page of stenography tool.
Then, begin the image steganography analysis by following these steps- Click on the images and choose Stenography analysis. This process is represented in the below image.
Next, the symmetric key must be entered by opening the image. This displays the hidden text that is present in the images. This process is represented in the below image.
Recovering the Files from the USB with the help of Pro Discover Tool
Here, we will use the Pro discover tool for providing ABC organization an effective and efficient data recovery process. This forensics tool is used to recovery all the data present in the USB and hard drive. Because, this tool is a powerful tool for computer security. It provides the scalable and reliable data from the USB drive. And, it easily enables the computer professionals to recovery the lost suspicious data. So, the ABC organization uses the Pro discover tool to recover the suspicious data. This tool discovers the lost data. To perform data recovery, follow the below steps:
The pro discover forensic tool must be opened.
Then, create new project.
This process is represented in the below image.
For completing the new project, the initial step is to enter the project number.
Next, press the OK button.
This will create a new project, as displayed below.Then, add the images for opening the lost data file location. This process is represented in the below image.
Further, it displays the information that was deleted and which was present in the drive. This process is represented in the below image. Next, right click on recovered files for choosing the copy a file. At last, the recovered files are saved by selecting the required file location.
Conclusion
For ABC organization, this project effectively created the digital forensic report. As this organization lost some suspicious data it intended recovering the data, with the help of suitable digital forensic tools. These tools are utilized for accomplishing effective data recovery. This case uses Winhex tool for recovering the corrupted images from the USB. It recovers all the files from the hard drive with the help of pro discover forensic tool. The image steganography tool is utilized for recovering the hidden text in the image from USB.
References
Altheide, C., & Carvey, H. (2011). Digital Forensics with Open Source Tools. [s.l.]: Elsevier professional.
Barrett, D., & Kipper, G. (2010). Virtualization and forensics. Amsterdam: Syngress/Elsevier.
Goel, S. (2010). Digital forensics and cyber crime. Berlin: Springer.
Gogolin, G., Ciaramitaro, B., Emerick, G., Otting, J., & Pavlov, V. (2013). Digital forensics explained. Boca Raton: CRC Press, Taylor & Francis Group.
Holt, T., Bossler, A., & Seigfried-Spellar, K. Cybercrime and digital forensics.
Pollitt, M., & Shenoi, S. (2010). Advances in digital forensics. New York: Springer/International Federation for Information Processing.
Ray, I., & Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.
Sammons, J. (2015). The basics of digital forensics. Amsterdam [u.a.]: Syngress Media.
Springer-Verlag New York Inc. (2016). Advances in Digital Forensics 9.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Data Recovery Using Winhex Forensic Tool In Digital Forensics Essay.. Retrieved from https://myassignmenthelp.com/free-samples/itc597-digital-forensics/below.html.
"Data Recovery Using Winhex Forensic Tool In Digital Forensics Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/itc597-digital-forensics/below.html.
My Assignment Help (2021) Data Recovery Using Winhex Forensic Tool In Digital Forensics Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/itc597-digital-forensics/below.html
[Accessed 19 August 2024].
My Assignment Help. 'Data Recovery Using Winhex Forensic Tool In Digital Forensics Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/itc597-digital-forensics/below.html> accessed 19 August 2024.
My Assignment Help. Data Recovery Using Winhex Forensic Tool In Digital Forensics Essay. [Internet]. My Assignment Help. 2021 [cited 19 August 2024]. Available from: https://myassignmenthelp.com/free-samples/itc597-digital-forensics/below.html.