Free Essay

Forensic Project

In:

Submitted By devack12
Words 1241
Pages 5
March 6, 2015
March 6, 2015

Final Project
Cybercrime Forensics
Final Project
Cybercrime Forensics

Part 1: Review Packet Capture For this investigation, we have decided to use NetWitness Investigator to examine the packets captured from the computers in question. NetWitness Investigator is a software used to examine packets and list login information, transferred data, and IP addresses used, among others. For the purpose of this investigation, we are primarily concerned with the FTP (File Transfer Protocol) sessions and the file names they contained. We can use this information to identify the persons responsible for the data leak at Corporation Tech’s network. First, we created a new collection in NetWitness. We titled the collection Final Project for the purposes of this investigation. We then imported packets from the captured packets file titled ftpcapture.pcap. Once NetWitness imported the files, we were able to view information such as the login information and files transferred. Below is the information we collected. Source IP | Destination IP | Protocol | Username | Password | Files | 172.16.177.132 | 172.16.177.157 | FTP (21) | badguy | you will never guess this !! | badnotes1.txt | 172.16.177.132 | 172.16.177.157 | FTP (21) | badguy | you will never guess this !! | badnotes2.txt |

These files were transmitted on July 31, 2010 at 1:08:58 AM and totaled to 5.71KB, which is shown below in the following screen captures.

After our investigation of the FTP files in question, we investigated the remaining packet capture but did not identify anything further that could be considered questionable. The primary communication was between the IP addresses 172.16.177.132 and 172.16.177.157. Another attempt to login was made from the same IP addresses at the same time as the file transfer was performed using the credentials of anonymous as the username and mozilla@example.com was the password.

Part 2: Examine Forensic Image
The Paraben P2 Commander tool is a digital investigation tool which can be used for computer examination and analysis. It also has advanced features like Data Triage analysis, Xbox analysis, and pornography detection, along with file sorting to also include reporting and a case audit trail that gives investigators everything they needs to present what they find in a trustworthy and reputable way.
An image of the workstation computer was used and data was analyzed on a workstation computer which shows some possible illegal activity. The image of the workstation was created and then loaded into the P2 commander tool. Once the files were sorted and indexed, a Skype chat log was found between two individuals discussing the transfer of money from one to the other using credit cards for shopping in Germany. While the information found in the logs does not necessarily prove any persons are guilty of anything, it is information that is still highly suspicious to be found on a workstation computer. The reason for this is highly suspicious is because it seems some sort of transaction took place between the two individuals messaging. The chat log mentions keywords and phrases such as “go back to Germany and have blast with your friends!!”; “no thank you for shopping!”; “ok, well. Nice doing business with”; “the blue, the red is just for credit”; “what account did you transfer, the blue or red account?” and “did you get the money transferred?”. These phrases and keywords are more than enough reason to investigate further. The log was stored in a SQLite format and although it is a little scrambled with random characters, it is still possible to see that some sort of financial transaction had taken place on a workstation computer during business hours. An outgoing email was also found saying the following: “Here is the conversation if had with the suspect. He has no idea I'm undercover.....I will forward you more information as I have it….. Here is more information.......He has connections that get him credit card numbers, I still don't know any names he's very careful not to mention names.....standby until further contact...../Ron..” It would seem some sort of undercover investigation was already taking place by an individual named Ron.

Part 3: Create a Report of Findings The workstation host media was forensically captured and the image used for all subsequent evaluations. We found the text files badnotes1.txt and badnotes2.txt, which were stored on the accused’s hard drive and sent to another person. We obtained these text files using NetWitness and Paraben’s P2 Commander. We can verify the files have not been altered in any way by comparing the MD5 hash. Below are the text files that were transferred between suspects. The Skype conversation is detailed above in section 2.
Badnotes1.txt:
MD5: 8FF69E959D96E0D9F7D09F9B7C2FD7E0
“Notes:
remember to gather up all the users you collected with their passwords, this will be useful when trying to make the money transfer.
They will not know what hit them, we are going to be rich!!!
Have fun transfering all the money!”
Badnotes2.txt:
MD5: 1EBD8F793366682E9BA65EB9B9D22075
“Notes:
Remember to deposit the money on our account, i need to buy my new car. I'm so exited to see how much you can collect from the stolen credit cards.
I was able to collect 200,000+ credit card numbers, i hope you can print some cards so we can go shopping.
Also remember to delete this file after you read it, i don't want the ftp administrator to see them. cya!!” To acquire this evidence, we made an image of the suspect’s hard drive. We then used Paraben P2 Commander to analyze the hard drive. This program allowed us to view the hard drive image in the original NTFS file tree. We were then able to sort the files and analyze them. We also used NetWitness to view captured FTP traffic which showed us files that were transferred between the two suspects. These files were then analyzed and allowed us to draw some conclusions at this point. The two suspects were stealing credit card information and transferring money. They were planning on printing the stolen card numbers and using them to purchase miscellaneous goods. The Skype conversation, however, allows us to draw different conclusions. A person by the name of “Ron” was messaging someone else about the fact that the person supplying the credit card numbers did not know that he was “undercover.” It would appear as though this “Ron” was gathering information against the other person, attempting to acquire more solid evidence against them and find their contact with the credit card numbers. The workstations in question have the IP addresses of 172.16.177.132 and 172.16.177.157. Since these IP addresses are in the same subnet, we can safely conclude that the persons in question both work for the company. The person who received the text files (172.16.177.157) could be working for the other company, NetTech24x7, however, the files and conversation do not indicate any company property being transferred or stolen. The credit card data is definitely cause for concern, however, it appears that the data is coming from an outside source through other means. I feel that an investigation should definitely be conducted and the persons found guilty be charged with credit card fraud and identity theft. The evidence found would be enough to convict them of these charges. I do not feel that any data is being leaked to NetTech24x7, based on the evidence found and detailed above.

Similar Documents

Free Essay

Computer Forensics Analysis Project

...Computer Forensics I (FOR 240-81A) Project #3 Case Background The Suni Munshani v. Signal Lake Venture Fund II, LP, et al suit is about email tampering, perjury, and fraud. On December 18, 2000, Suni Munshani (Plaintiff) filed a suit against Signal Lake Venture Fund. Mr. Munshani claimed that he was entitled to warrants in excess of $25 million dollars from Signal Lake. In February 2001, Signal Lake Venture Fund II, LP, et al. (Defendant) became privy to the court filings in this case. Within the filings there was an email provided by Mr. Munshani from Hemant Trivedi, CEO of one of the portfolio companies, stating he was indeed entitled to the warrants. Mr. Trivedi denied any knowledge of the email, or any such communication with Mr. Munshani. In an effort to prove their innocence, Signal Lake hired a computer forensic group to conduct a private investigation. The investigation did not show any evidence of the supposed email provided to the court by Mr. Munshani. Mr. Trivedi filed an affidavit stating that the email was forged, while Mr. Munshani filed an affidavit stating the email was real. In March 2001, a computer forensics expert, Kenneth R. Shear, was appointed by the court to perform a forensic examination on the questioned message (the message provided by Mr. Munshani) and the comparative message (a second message from Mr. Trivedi found on Mr. Munshani’s computer). Mr. Shear worked for a company called Electronic Evidence Discovery, Inc. (EED). Mr. Shear’s forensic...

Words: 799 - Pages: 4

Premium Essay

Forencis Science Answer Sheet

...Name: Date: TRUE/FALSE Directions: Answer each of the following by indicating if the statement is TRUE or FALSE 1. The word forensics refers to the application of scientific knowledge to legal questions. TRUE 2. A fact is a statement or assertion of information that can be verified. TRUE 3. What we perceive about a person depends in part on their mannerisms and gestures. TRUE 4. Good observation skills come naturally to investigators. They do not need to be trained. FALSE 5. The first task of forensic scientists is to find, examine, and evaluate evidence from a crime scene. TRUE 6. The Innocence Project is an organization that seeks to get convicted killers out of prison. SKIP 7. Our emotional state influences our ability to see and hear what is happening around us. TRUE 8. If we remember seeing something happen, we can trust that is happened just as we think it did. FALSE 9. Through our senses of sight, taste, hearing, smell, and touch, we gather every single moment about what is around us. TRUE 10. Most wrongful convictions seem to be the result of faulty eye-witness testimony. TRUE MULTIPLE CHOICE Directions: Answer the following questions with the choice that best answers the question 1. One of the important tools of the forensic investigator is the ability to: (a) a. Observe, interpret and report observation clearly b. Observer assumptions clearly. c. Report assumptions...

Words: 1075 - Pages: 5

Premium Essay

Project 1 - Ccjs 321 Digital Forensics

...INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | Project 1 - CCJS 321 Digital Forensics For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Makestuff Company, assigned to the company’s Incident Response Team. In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause.  Mr. Andfirum tells you that at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.”  Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor).  In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years.  Mr. Andfirum provides you a copy of the source code to use in your investigation.  Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in...

Words: 1700 - Pages: 7

Premium Essay

Forensic Science Critique Essay

...The critics of forensic science from the readings all have backgrounds that would provide them with sufficient enough knowledge of the discipline to deliver meaningful criticisms. For example, Arvizu (2000) is a chemist, who has managed an analytical laboratory, and she is a quality consultant who has managed a laboratory evaluation program for a federal agency. She has also performed dozens of independent audits of laboratories. Other critics, Saks and Koehler (2008), have a background and professional degree in law, and teach students at universities through their expertise. The last critic found in the articles for the week, Giannelli (2007), is also a distinguished law professor at a university. The backgrounds of all the critics allow for them to use terminology relevant to the discipline, as well as to mention certain cases of faulty forensics, and to suggest certain steps for moving forward in a more reliable manner....

Words: 490 - Pages: 2

Premium Essay

Essay On Computer Forensics

...of computer forensic has taken as huge success to control those crimes which are committed using computers. The main task of computer forensic is to examining and collecting electronic data as evidence from a crime scene. The work of computer forensic is to recover the data which has been hacked or lost by the criminals using different system. The growing dependency on computer forensic has decreased the cybercrime and professionals have to understand the computer technology that is used in computer forensic. Introduction Forensic roots from a Latin word, “forensic” which...

Words: 870 - Pages: 4

Premium Essay

Essay On Crime Scene Investigation

...I choose to research the career path of Crime Scene Investigator. A CSI is usually a person who assists a police officer in investigations. CSIs are sometimes called Forensic Science Technicians. I decided to research this topic because I wanted to get a feel of the career path because it sparked my interest about year and I´ve been intriged ever since. It’s the career I’m thinking about going to school to do. Crime Scene Investigation is a career for me since it brings my interests in forensic science and police work. My desire is to develop in any skills necessary to be successful in this field of work; plus, it would provide a steady income in the distant future. Specialized CSIs will find a small clue that could lead them to a suspect. They use various types...

Words: 976 - Pages: 4

Premium Essay

How Has the Development of Fingerprinting Techniques in Forensics Increased the Succession Rate of Convicting Criminals from the Period of 1890-1950?

...techniques in forensics increased the succession rate of convicting criminals from the period of 1890-1950? Introduction The birth of forensic science within the use of the police force revolutionised how crime investigations were conducted, via the work of the forensic scientists, or also known as ‘forensic officers’. This work would consist of collecting evidence from a crime scene such as looking for fingerprints on either a suspected murder weapon used by the murder or on a touchable surface which is in the crime scene where the suspect laid their hand on. Furthermore this collectivisation of evidence from the crime scene could mean collecting; foreign fibres (unusual fibres that seem to look like that they do not belong their i.e. due to their different colour, type of fabric or thickness of the fibre.); retrieving bullets and firearms form the crime scene and any possible DNA samples that can be collected in the crime scene such as blood spatter on the walls of a room, where in this case the crime was committed. This evidence would then be sent to be analysed by more forensic scientists in different subdivisions to help led a path to a final suspect, thus leading the police to a quick and successful conviction of a criminal and bring justice to their crimes. Overall this revolution of the police force saw the birth of a new era of fighting crime throughout the whole of the country, as well as throughout the rest of the world. How the evolution of different forensic techniques...

Words: 6139 - Pages: 25

Free Essay

Forensic Misconduct

...Forensic Misconduct: Dr. Pamela A. Fish Kirstin L. Daniels Professor Ian Rodway George Mason University Forensic Misconduct: Pamela A Fish Forensic science is defined as the practice of utilizing scientific methodologies to clarify judicial inquiries. The field of forensic science contains a broad range of disciplines and has become a vital aspect of criminal investigations. Some forensic disciplines are laboratory-based; while others are based on an analyst’s interpretation of observable patterns (Kourtsounis, 2009). According to the Innocence project’s website; in greater than fifty percent of wrongful convictions, the use of invalidated or improper forensic techniques played a role in cases; which were later overturned by DNA testing. Unlike other forensic methods, serology has been subjected to rigorous scientific testing to achieve validation. Even still, these methods can be inaccurately conducted or counterfactually conveyed during the trial (Innocence Project, 2012). Since the evidence presented during a trial can be the difference between freedom, and incarceration in many cases and death in some cases, misconduct in the forensic field is not tolerated. Some types of forensic misconduct include exaggeration of statistics, false testimony and laboratory fraud. Evidence offered by forensic scientists is often called “expert testimony”. Nevertheless, what is an expert? Is it someone who has gone to school and earned an undergraduate, graduate...

Words: 1626 - Pages: 7

Free Essay

Security Job Search

...000/Yr Title: Forensics Managing Specialist –Security JOB DESCRIPTION All Forensics Candidates are encouraged to apply. Jr. to Sr. level positions are available from 2 years to 10+ years experience. Salary based on experience. A Bachelor's Degree in Forensics or related is a plus. This is a full time perm position. Must be willing to travel nationwide. Our client’s computer forensics team is a comprehensive solution for global data collections and forensic analysis. They offer best-in-class security. From small to large matters, they provide easy to understand interpretations of findings and a single point of contact. The Managing Consultant utilizes state of the art techniques that enable the recovery and use of critical electronic evidence for litigation, investigations and other fact-finding exercises. The Computer Forensics Managing Consultant establishes whether evidence has been erased or modified; analyzes electronic content and patterns of Internet and e-mail usage; recovers deleted data; and assesses and explains metadata within recovered files. RESPONSIBILITIES Manage day to day activities for projects involving computer forensics, information security or rapid response data breach matters. Manage large data preservation and collection activities to ensure that accepted forensic protocols; create and maintain Chain of Custody; document the handling of evidence. Analyze log files from firewalls, web servers and computers. Conduct forensic analysis and write...

Words: 585 - Pages: 3

Premium Essay

Forensics In The Criminal Justice System

...The Importance of Criminalistics and Forensics in Criminal Justice System Olympia Hernandez CJ-312 Criminalistics March 20, 2015 Instructor Jorge Valenzuela Criminalistics and forensic science has grown both in scope and importance to the criminal justice system. There is no question that it has become instrumental in complementing and supporting traditional investigations. However, has it become more important than the traditional methods of investigating such as questioning eyewitnesses, interrogating suspects, and determining information from street informants? According to Mary Bernstein, Forensic science has surfaced as a critical tool in assigning guilt or establishing innocence in the criminal justice system. In...

Words: 1012 - Pages: 5

Free Essay

Mobile Forensics in Healthcare

...2009 Eighth International Conference on Mobile Business Mobile Forensics in Healthcare Connie Justice, Huanmei Wu Computer & Information Technology Purdue School of Engineering and Technology Indiana University Purdue University Indianapolis 799 W. Michigan St., ET 301 Indianapolis, IN 46202 {cjustice, hw9}@iupui.edu Abstract -- Mobile communication has been heavily applied in the current healthcare system for health information exchange. Patient information security has become a major concern, especially with the wide adoption of electronic medical records. Mobile Forensics has been utilized by law enforcement to systematically procure and preserve mobile evidence. However, the adoption of mobile forensics in the healthcare lags behind. The goal of our project is to examine the options and to provide recommendations for adoption and customization of mobile forensics in the healthcare field. An open-ended survey of local healthcare and related facilities around Indianapolis has been explored to examine the current status of Mobile Forensics in the healthcare field. The results have been evaluated using statistical analysis. A methodology is being proposed that would use mobile forensics procedures taking into account the regulatory measures that have to be instituted due to the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Keywords-mobile forensics, healthcare. Evelyn Walton Informatics Indiana University Purdue University Indianapolis 799 W. Michigan...

Words: 4340 - Pages: 18

Free Essay

Computer Forensics Case Analysis

...Project 1 Case Analysis CCJS321 The two cases I have chosen to analyze for Project One is the Max Ray Butler aka “Iceman” cybercrime case and the Albert Gonzalez cybercrime case. I have chosen these two cases because they both had significant impact on the computer forensics field. Both of these cybercrimes are similar in nature because both deal in credit card and identity theft on the grandest scale. Max Ray Butler and Albert Gonzalez were brought to justice after many years of a cyber-forensic investigation that went through a network of multiple U.S. agencies; including the FBI, US Secret Service and US-CERT (United States Computer Emergency Readiness Team) a Department of Homeland Security who were all networked together at the National Computer Forensic Training Academy in Pittsburg, Pennsylvania. Both of these men were given the longest prison sentences ever handed out by a judge for computer crimes of their notoriety and magnitude. Finally, they both set a blue print for digital forensic investigators of the proper procedures to follow in order to capture future want-to-be crime lords. Max Butler aka “Iceman” was a white-hat hacker that went rogue. His story is that, “he was a good hacker hired by the government to test the security of one of their websites, while doing that job he installed a backdoor to their system that would allow him to come in later so he could make some fixes to the system on his own time. Well of course this second part of the...

Words: 1323 - Pages: 6

Premium Essay

Forensics Essay

...oday, the word "forensics" has become synonymous with crime and crime scene investigation. Immediately conjuring images of crime labs, ultra violet lights and high-tech computers, popular crimes shows like CSI have brought increased attention to the field of forensic science. They've also generated newfound interest in forensics careers. The term "forensic" comes from the Latin and means, simply, having to do with the law. Hence, any discipline that has any ties to the legal system is, in fact, forensic. This is why so many job titles within criminology, such as forensic psychologist, are preceded by the term. With regard to forensic science, the term is now commonly understood to refer to the application of scientific principles to questions...

Words: 1731 - Pages: 7

Premium Essay

Careers in Psychology Essay

...difference, and that's what I would like to spend the rest of my life doing. The field of psychology is divided into subfields each of which deal with a different area, and since working with and helping people is a good feeling for me, community and social services is an excellent job group. When going into the field of psychology, one is able to explore many different careers. I’m also interested in forensics. The field of forensic psychology has grown in the 21st century because courtrooms recognize the value of psychologist’s testimonies to help juries reach a clearer verdict. Like all fields in psychology, forensics has many perspectives, they can focus on law enforcement psychology, the psychology of litigation, correctional psychology, and forensic psychology (Nietzel, Bernstein, & Milich, 1998). The field of psychology is becoming more scientific, advances are being made to increase reliability. Just the thought of having a career in psychology is fascinating to me, I know sooner or later I am going to have to make the decision on which way Im going to go about it. Forensic psychologists handle legal matters, including mental state examinations of criminal defendants and...

Words: 1127 - Pages: 5

Free Essay

Blood Pattern Analysis

...Blood Spatter Pattern Analysis Kimberley Kanuch-Brown Everest University Abstract Given that blood spatter analysis is an emergent field, with rapidly occurring developments have significant probative implications for the court system, this project will seek to examine the multi-faceted elements of blood spatter analysis to provide an overview of the field’s different dimensions. Focusing on technical developments, analytical interpretation and court relevance, the project will propose that blood spatter’s analysis as a mainstream element of the CSI toolkit results from the combination of physical sciences and analytical rigor which lies at its core. Beginning with questions of technical and physical science, the project will examine the manner in which blood spatter analysis is increasingly capable of understanding how human usage of different weapons impacts the static nature of a given crime scene. Moving to questions of interpretation, the project will touch upon the manner in which information technology is improving the rigor and caliber of analysis, and thus leading to greater continuity and replicability in blood spatter analysis. Concluding, it will examine the manner in which the court system is now viewing blood spatter analysis with greater heft because of these developments. Blood Spatter Analysis and Science Beginning with questions of science, the work of Randall (2009) demonstrates how even the most esoteric of weapons can be analyzed using blood-spatter...

Words: 2999 - Pages: 12