...Digital forensics is the process of uncovering and interpreting electronic data for use in a court of law. In The main goal of the process is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying and validating the digital information which will be admissible in a court of law. To collect the document is has to follow certain guidelines. United States v. Gourde (2006) and United States v. Zeigler (2007) are both great examples of cases to investigate the case. The primary goal of this document is to demonstrate the importance of digital forensic in solving criminal investigation. In the following paragraph two criminal cases are studied and analyzed. In United States v. Gourde,...
Words: 980 - Pages: 4
...of misuse of company property due to that staff bragging about gaining access to privileged information to his colleagues that he should have otherwise not have gotten access to. The issue first came to the attention of Mr. Ali, the Enterprise Systems Administrator of TT Bank who had investigated silently to discover the identity of the staff and that the person was a member of the Loans Department and his name was Mr. Mike. What became particularly disturbing was that Mike worked in the Loans Department and should not have any access whatsoever to any Human Resources (HR) department files. The Enterprise System Administrator decided that the case should be investigated properly and hired a computer forensic expert from the APIIT FORENSIC LABOROTARY. Upon arrival, the forensic investigator was issued full...
Words: 1635 - Pages: 7
...Laboratory Notes Laboratory Number: 1 Examiner Name: Date & Time Activity 2-2-2015 1:03pm 1:19pm 1:21pm 1:22pm 1:23pm 1:24pm 1:25pm 1:26pm 1:28 All steps performed on linux mint-17 32-bit, kernel 3.13.0-37 generic Tools used: dd (coreutils) 8.21, sha1sum (GNU coreutils) 8.21, xxd version 1.10, Eye of mate Image Viewer 1.8.1, Script version 2.20.1 Received the USB device from officer Linda Mood of the USSS Cyber forensics Team in an antistatic bag with tamper resistant tape. Her initials were written over the tape. I removed the USB flash drive from the bag. It was a 2GB black and green retractable Sony flash drive with the serial number of D33021. Using the mount command I confirmed that the USB had not mounted. Command: mount Using the date command I showed when I began the forensic work on the USB device. Sun Feb 1 13:21:34 EST 2015 Command: date Using the command fdisk I looked to see what the size of the device was and how much data was on the USB. It was shown to have 1MB or 1474560 bytes of information. Command: sudo fdisk -l Using the hash command sha1sum on the device I obtained the hash for the USB. 32b9fcb741aab43a4f80393d3df67c32c726924f /dev/sdb Command: sudo sha1sum /dev/sdb Using dd I was able to image the information from the USB device to another file named Ailes.case01.dd. Command: Sudo dd if=/dev/sdb of=Ailes/case01.dd bs=8192 ...
Words: 1068 - Pages: 5
...Digital Forensics: Uganda’s Preparedness Dennis Tusiime Rwatooro 2014-M142-2002 Dept of Computer Science Abstract — The more our lives continue to depend on digital communication networks and media to perform daily activities such as communication, access to information and critical services such as health, financial transactions, entertainment, and public utilities like electricity, the more we get exposed to security risks. These security risks include breach of confidentiality of communication and transactions, violation of personal privacy, crime and fraud, disruption of services, and distribution of inappropriate content, among others. The goal of digital security is to research into and develop mechanisms to address these security risks. In this paper we briefly survey some of the emerging issues in digital security. The literature shows that while some domains in digital security have remained unchanged over a long time, for example cryptography, new areas have emerged including steganography. Keywords – digital forensic techniques, volatitle data extraction, digital image forensics, malware investigations, email security, symmetric key cryptography, asymmetric key cryptography, public key cryptography. Introduction Forensic science is defined as the application of the sciences as it pertains to legal matters or problems (Gialamas, 2000). One of the branches/fields of forensic science, namely criminalistics, is the profession and scientific discipline oriented...
Words: 7291 - Pages: 30
...CCSI 410 Forensic Lab Report 1) Investigator’s Name: 2) Date of Investigation: August 2, 2014 3) Lab Number and Title: Lab 4 Keyword Searches 4) Summary of Findings: I did the steps required to fulfill my report. I found there is enough evidence to continue the investigation due to the search results. 5) Details of Investigation 1. 11.45 pm – Turned on suspect computer 2. 11: 47 pm – Entered lab environment 3. 11: 49 pm – Determined keyword list 4. 11:59 pm – Added the floppy image 5. Augest 3rd 12:05 am – Added keywords to the search utility 6. 12:09 am – Initial look at .emi files and addressbook.csv complete 7. 12:11 am – Search using keywords 8. 12:15 am – Completed report 6) Please type the answers to the questions found throughout the lab here. 1. Bid rigging is well rigging a bid so that a certain firm will win the bid. http://www.ftc.gov/tips-advice/competition-guidance/guide-antitrust-laws/dealings-competitors/bid-rigging Bid Rotation is when bidding is predetermined which firm is going to win and the other firms involved in the process get something out of it as well so basically a win-win situation for all involved parties. Bid suppression is where firms can enter the bid but choose to not do so in order to let another firm win. Bid cover is when the firms making the bid knows their bid will be rejected so that another firm will the bid. 2. There are many words and phrases...
Words: 579 - Pages: 3
...INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | Project 1 - CCJS 321 Digital Forensics For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Makestuff Company, assigned to the company’s Incident Response Team. In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause. Mr. Andfirum tells you that at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.” Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor). In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years. Mr. Andfirum provides you a copy of the source code to use in your investigation. Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in...
Words: 1700 - Pages: 7
...HOW DIGITAL FORENSICS WAS USED TO IDENTIFY RADER (Student’s Name) (Professor’s Name) (Course Title) (Date of Submission) Introduction Dennis Lynn Rader’s case remains the longest case to be handled ever taking almost 30 years. His case was opened when he handed in a computer floppy to the police. Careful forensics carried out on the floppy revealed a document that had been edited by someone by the name Dennis in computers at the Christ Lutheran Church. This led to physical location of the suspect. To nail down the suspect as the BTN killer, DNA tests were carried out on Rader’s daughter, Kerri Rader and it was found to be matching. Comparing this to the DNA tests from the murder cases BTN killer emerged to be Rader. This was enough evidence to convict Rader for 10 murder cases. Digital evidence uncovered from the floppy disk Immediately Rader sent a floppy to the police containing Microsoft word document, the floppy was handed over to the computer forensic experts at the FBI for examinations. Inside the floppy was a file called “Test A.RTF.” The contents of the file read “This is a test. See 3x5 Card for details on communication with me in the newspaper.” The message referred to the card that was inside the same box that had the floppy. The officers further recovered a word document that had been deleted on the drive. Careful examination on the properties of the retrieved document showed that the document which had been modified on February 10th 2005 and had...
Words: 724 - Pages: 3
...Welcome to Homicide Forensic Science is a fundamental component of the justice system. Forensic scientists use scientific techniques and knowledge to assist law enforcement in investigations and solving crimes. They collect and analyze numerous types of evidence, including blood, body fluids; DNA; and human tissue. Forensic scientists assist the decision makers by showing the prosecutor if the issue has merit before it reaches the courtroom thereby reducing the number of cases having to be heard. Their decisions are based on scientific investigations and not circumstantial evidence or unreliable witnesses. Forensic scientists can restore faith in the judicial system with the use of science and technology for facts in criminal and civil investigations. The legal system is established on the belief that the legal process results in justice for all. History of forensic science The history of Forensic science or the applying of scientific principles to legal questions has a lengthy and interesting history. The first recorded autopsy was reported in 44 B.C was on Julius Caesar, where the Roman physician, Antistius proclaimed that he had 23 wounds on his body but only one was fatal. In 1248, a Chinese book entitled “His Duan Yu” (meaning The Washing Away of Wrongs) explaining how to tell apart a drowning from a strangulation. This was also the first recorded use of medicine to assist in solving crimes. In 1590, the first microscope was developed. In 1775, Karl...
Words: 2382 - Pages: 10
...000/Yr Title: Forensics Managing Specialist –Security JOB DESCRIPTION All Forensics Candidates are encouraged to apply. Jr. to Sr. level positions are available from 2 years to 10+ years experience. Salary based on experience. A Bachelor's Degree in Forensics or related is a plus. This is a full time perm position. Must be willing to travel nationwide. Our client’s computer forensics team is a comprehensive solution for global data collections and forensic analysis. They offer best-in-class security. From small to large matters, they provide easy to understand interpretations of findings and a single point of contact. The Managing Consultant utilizes state of the art techniques that enable the recovery and use of critical electronic evidence for litigation, investigations and other fact-finding exercises. The Computer Forensics Managing Consultant establishes whether evidence has been erased or modified; analyzes electronic content and patterns of Internet and e-mail usage; recovers deleted data; and assesses and explains metadata within recovered files. RESPONSIBILITIES Manage day to day activities for projects involving computer forensics, information security or rapid response data breach matters. Manage large data preservation and collection activities to ensure that accepted forensic protocols; create and maintain Chain of Custody; document the handling of evidence. Analyze log files from firewalls, web servers and computers. Conduct forensic analysis and write...
Words: 585 - Pages: 3
...Abstract: Rising era of computer and other technologies as internet and gadgets, explosively increase in number of cybercrime or other crimes using technologies. The growth of computer forensic has taken as huge success to control those crimes which are committed using computers. The main task of computer forensic is to examining and collecting electronic data as evidence from a crime scene. The work of computer forensic is to recover the data which has been hacked or lost by the criminals using different system. The growing dependency on computer forensic has decreased the cybercrime and professionals have to understand the computer technology that is used in computer forensic. Introduction Forensic roots from a Latin word, “forensic” which...
Words: 870 - Pages: 4
...Abstract A Cyber space is a virtual space that has become as important as real space for business, education and politics. The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in the India. The digital age has dramatically changed the scope of a crime by adding the electronic component and it comes a new form of science ≴Computer Forensic Science≵. Computer Forensic allows for the evidence of cyber crime to be admissible in court when prosecuting the cyber criminal. In most countries, existing laws are likely to be unenforceable against such crime. Cyber laws, as it stand today, gives rise to both positive & negative consequences. The main negative consequences is the digital soup so vague that many refer to it as the dark sides of technology and that cyber criminal currently have upper hand. The applicability and effectiveness of our existing laws need to be constantly reviewed to face the risk coming from the cyber world. In this paper we are going to firstly describe the computer forensic, cyber crimes, cyber laws of nation & technology challenges. Aim of this paper is to act as a catalyst to raise awareness regarding computer forensic which continues to grow as one of the most important branch of science and help in investigation of cyber crime which continues to grow as one of the most potent threats to the Internet and computer users of the cyber society of 21st century in India Introduction ...
Words: 2686 - Pages: 11
...International Journal of Digital Evidence Fall 2007, Volume 6, Issue 2 Computer Forensic Analysis in a Virtual Environment Derek Bem Ewa Huebner University of Western Sydney, Australia Abstract In this paper we discuss the potential role of virtual environments in the analysis phase of computer forensics investigations. General concepts of virtual environments and software tools are presented and discussed. Further we identify the limitations of virtual environments leading to the conclusion that this method can not be considered to be a replacement for conventional techniques of computer evidence collection and analysis. We propose a new approach where two environments, conventional and virtual, are used independently. Further we demonstrate that this approach can considerably shorten the time of the computer forensics investigation analysis phase and it also allows for better utilisation of less qualified personnel. Keywords: Computer Forensics, Virtual Machine, computer evidence. Introduction In this paper we examine the application of the VMWare (VMWare, 2007) virtual environment in the analysis phase of a computer forensics investigation. We show that the environment created by VMWare differs considerably from the original computer system, and because of that VMWare by itself is very unlikely to produce court admissible evidence. We propose a new approach when two environments, conventional and virtual, are used concurrently and independently. After the images...
Words: 3983 - Pages: 16
...An Event-Based Digital Forensic Investigation Framework∗ Brian D. Carrier carrier@cerias.purdue.edu Eugene H. Spafford spaf@cerias.purdue.edu Center for Education and Research in Information Assurance and Security - CERIAS Purdue University West Lafayette, IN 47907 USA Abstract In this paper, we present a framework for digital forensics that includes an investigation process model based on physical crime scene procedures. In this model, each digital device is considered a digital crime scene, which is included in the physical crime scene where it is located. The investigation includes the preservation of the system, the search for digital evidence, and the reconstruction of digital events. The focus of the investigation is on the reconstruction of events using evidence so that hypotheses can be developed and tested. This paper also includes definitions and descriptions of the basic and core concepts that the framework uses. 1 Introduction Since the first Digital Forensic Research Workshop (DFRWS) in 2001 [Pal01], the need for a standard framework has been understood, yet there has been little progress on one that is generally accepted. A framework for digital forensics needs to be flexible enough so that it can support future technologies and different types of incidents. Therefore, it needs to be simple and abstract. On the other hand, if it is too simple and abstract then it is difficult to create tool requirements and test procedures for each phase. For this paper...
Words: 6869 - Pages: 28
...Abstract Mobile forensics involves recovering and retrieving digital evidence or data from mobile devices under forensically sound conditions utilizing established methods (Ayers, Brothers, & Jansen, 2013). The field of mobile forensics is complicated as the variety in providers, manufacturers, propriety technologies and formats are extensive. These challenges are coupled with the fast release and upgrades to mobile devices making a forensic investigator’s job more arduous in attempting to examine and analyze these devices for the purpose of recovering data and evidence (Martin, 2008). This white paper will focus on the challenges of mobile device technology, the methodology utilized in examining these devices to recover data which is crucial to security investigations; which includes the tools, techniques and procedures necessary for gathering data from various similar devices. This paper will also focus on the training and expense of acquiring efficient forensic investigators and, as well as impending approaches for addressing challenges. Introduction “The goal of mobile forensics is the practice of utilizing sound methodologies for the acquisition of data contained within the internal memory of a mobile device and associated media providing the ability to accurately report one’s findings” Mobile devices, contrary to popular belief, includes an array of devices not limited to cellular phones and smartphones, but also include table devices, mp3 players, digital cameras and...
Words: 1628 - Pages: 7
...reported her two year old granddaughter, Caylee Anthony missing to the authorities of Orange County in Orlando, Florida. During questioning, Casey Anthony, the mother of Caylee Anthony informed the authorities that her child hand been abducted by her nanny and that she had been searching for her unsuccessfully for a month (Alvarez, 2011). Throughout the initial investigation, detectives found a number of inconsistencies with Casey Anthony’s story which lead them to suspect she had a role in Caylee’s disappearance; this ultimately lead to charges being brought against her (Alvarez, 2011). This report will give a brief description of the background, charges and trial of Casey Anthony in the death of her daughter. It will also analyze the digital forensic evidence associated with the prosecution’s case. Investigation Details Casey Anthony stated to authorities that on the evening of June 9, 2008, after leaving work at Universal Studios she arrived at her nanny, Zenaida Fernandez’s, residence to find that both she and her daughter were gone. Casey Anthony informed detectives that she began a search of her own but was unable to locate her daughter (Alvarez, 2011). Upon further investigation, the detectives found that Casey Anthony’s statements were false. There was no record of a Zenaida Fernandez occupying an apartment at the complex Anthony listed. Additionally, she was unemployed and had not worked at Universal Studios for years; she was actually fired. Lastly, Anthony...
Words: 772 - Pages: 4
