Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave

1. What evidence exists to suggest Farayi has been counterfeiting ISIC cards?

2. Is there any evidence to suggest that Farayi knew his actions were illegal?

Objective of the Investigation

The main objective of this project is to retrieve a forensic image of the USB data storage device.  Farayi is suspected of selling counterfeit International Student Identity Cards to people who are not entitled to claim the discounts this card brings. An undercover sting operation was setup to catch Farayi in the act of selling his counterfeit goods. Farayi attempted to sell a counterfeit ISIC card to an undercover officer who was part of the sting operation. After being arrested and questioned at the local police station, Farayi provided a USB data stick to be further examined. Under questioning Farayi has stated that all the evidence that can be found is on this USB data stick. This USB storage device has been processed by a forensic imaging technician and the forensic image has been obtained. So I have to recover the forensic image of the USB data storage device. Then the copied Data in USB will be determined. The investigation will be carried out to determine that the hidden data in USB, the reasons and facts behind the theft.

This analysis using two main tool to retrieve a forensic image of the USB data storage device.

  • Autopsy
  • WinMD5

Data recovery is might be helpful for examination in a wide range of ways. A few Data stay introduce even after Data erasure or USB repartitioning (Gogolin et al., 2013). Also, there are numerous alternatives for offenders with specialized know how to shroud Data, for the most part utilizing a USB supervisor, stenography, encryption and so forth. Discovering, recuperation and remaking of concealed Data can be an extremely tedious and dreary process, however sometimes it might create prove that will split the case. So as to completely see how and why Data stay on a plate, one ought to find out about the idea of putting away Data on a USB.  A USB part is a unit of settled size characterized when record framework is made (generally 512 bits). More seasoned hard USBs may have some 'squandered' storage room outwardly tracks, as intelligently each track is partitioned into break even with number of divisions.  It is conceivable sometimes to shroud Data in the space between areas on the bigger outside tracks. This is known as the division hole. A few Data recuperation administrations might have the capacity to find and recover Data that is covered up in this hole. Erased records and slack space When a working framework composes a document to USB, it dispenses a specific number of segments. The quantity of areas designated relies upon the restrictions of the working framework and setup choices made by the framework overseer. The areas allotted and their area on the plate are recorded in a registry table for later access. At the point when the record is erased, the space initially dispensed to it is essentially set apart as unallocated. The genuine Data stays on the USB (Larson, 2014).

Data Recovery and Hidden Data in USB

User needs to create the case file to open the provided the DD image file. The below screenshots is shows the new case creations. First, enter the case name as Unit09 and browser the base directory. Then click Next button to enter the optional information.

Here, we will select the data sources to add the data sources for created case file. So, select the unallocated space image file and click the next button to proceed the adding the data sources. It is shown below (Pollitt and Shenoi, 2010).

After, browse the data source path to select the DD image file. It is shown below.

Then, configure the DD image file to ingest modules and click the next button. It is shown below.

Finally, added the data sources. Then, the Autopsy tool will be analysed the DD image file to click the Ok button.

Here, the below screenshots is used to displayed the successful analysed of DD image file.

But, the DD image file does not have the MD5 hash number. So, it needs to identify by using the WinMD5 tool. First, user needs to download the install the WinMD5 tool. After, open the tool. Then, browse the DD image file. This process is shown below.

Then, the WinMS5 tool provides the MD5 hash values for provided DD image file. It is shown below.

Here, we will perform the initial survey of the evidence. First, user needs to create the keywords list to discover the relevant digital evidence on the DD image file. List of keywords are shown below (Ray and Shenoi, 2011). 

No

Keyword

Justification for Inclusion

1

ISIC

Farayi is suspected of counterfeiting ISIC cards

2

B. Smart

This is identified as Student Name that student was studied in University of Economics.

3

Unallocated Blocks

There are 6 unallocated blocks are here.

4

Office documents

Here three office documents are presented.

5

Photos

6 photos are presented.

6

Deleted Files

Thirteen files are detected.

7

Curved Files

Curved files are contains the images and documents

8

Octet-Stream application

MIME type using the 4 Octet stream applications.

9

MS word application

MIME type using the 2 MS word files

10

JPEG MIME Type images

MIME type has the 6 JPEG images.

Creation on keyword list on autopsy
To create the keyword list by click the keyword list and choose the manage lists. It is display the below information. 

Here, we will click the New list to enter the keywords lists. It is shown below 

Once the new list is entered, after enter the new keywords to enter the justification of created keyword list. After, choose the substring match and click the Ok button. 

Finally, we are successfully created the keywords lists and justification of keywords. It is shown below. 

Then, search the information on image files by using the keyword list. Here, we will search the ISIC on keyword search. It is displayed the ISIC related information. 

After, run the ingest modules by click the tool and choose the run ingest modules. It is shown below. 

To run the ingest modules on Keyword search by select configure ingest modules as keyword search and click Finish to run the ingest modules. It is shown below. 

Creating a New Case File and Running Ingest Modules

After search the DD images information by using the keyword search like Unallocated. This process is display the following information. It is shown below.

Here, we will the provided DD image file information. Choose the data sources. It is shown below.

After, right click on data sources and click the properties. It is display the information about the data sources.

The final stage of initial survey is to identify the all the files are relevant to the investigation or not. This process is shown below.  

Here, we will ensure the correct documentation is maintained or used. So, check the correct document related to word documents and images. The provided image has three word document. The First word document file is contains the file size is 20480 and Internal ID is 15.

It is shown below.

Name

/img_thumbdrive.dd/$CarvedFiles/f0032856.doc

Type

Carved

MIME Type

application/msword

Size

20480

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

b647513040a16cdb89c8129e2701a418

Hash Lookup Results

UNKNOWN

Internal ID

15

 The second word document is contains the 58368 file size and internal ID is 20. It is shown below. 

Name

/img_thumbdrive.dd/$CarvedFiles/f0033536.doc

Type

Carved

MIME Type

application/msword

Size

58368

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

1c7d265db34df1c4bdc1c4a1aa5dbb9c

Hash Lookup Results

UNKNOWN

Internal ID

20

The third word document is contains the 11477 files and internal ID is 9. It is shown below. 

Name

/img_thumbdrive.dd/$CarvedFiles/f0032784.docx

Type

Carved

MIME Type

application/vnd.openxmlformats-officedocument.wordprocessingml.document

Size

11477

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

5c3e42532148999c2dba97e1c6c2969b

Hash Lookup Results

UNKNOWN

Internal ID

9

The provided DD image file has six images. This is analysed below. 

Name

/img_thumbdrive.dd/$CarvedFiles/f0032824.jpg

Type

Carved

MIME Type

image/jpeg

Size

3819

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

2c4fba4695ade7cfd32aeef20b450714

Hash Lookup Results

UNKNOWN

Internal ID

12

Name

/img_thumbdrive.dd/$CarvedFiles/f0032832.jpg

Type

Carved

MIME Type

image/jpeg

Size

5494

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

6341ec879b38dcefe4e15fb809187d99

Hash Lookup Results

UNKNOWN

Internal ID

13

Name

/img_thumbdrive.dd/$CarvedFiles/f0032904.jpg

Type

Carved

MIME Type

image/jpeg

Size

132307

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

bd503a73949adf698d37e6a20979c193

Hash Lookup Results

UNKNOWN

Internal ID

17

Here, we will interpret and locate the relevant digital evidence. So, look at keyboard list results. It is shown below. 

Click the ISIC images file is shows the following image (Sammons, 2015). 

This scan is used to seem entirely relevant to an investigation into counterfeit ISIC cards. Next, we are going to add a bookmark. To add a bookmark by right click on the results and select the tag files to click the book mark.

Similarly examining the counterfeit ISIC cards. It is shown below.

Also search the ISIC counterfeit cards by using the keyword search. It is shown the below.

Then, open the images file to open in external viewer.

It is shown below. 

Then, examine the file to again the new keyword lists because it is very useful for a digital investigation. The creation of keyword lists is displayed in below. 

The keyword lists are shown below. 

After, search the keyword like sheetal on keyword search. The sheetal is one of the customers. It is shown below. 

Finally, all the evidence is located on a USB drive and investigated files are copied or created on the the USB drive by a computer. So, this computer needs to investigate and it may reveal the lots of more useful evidence. It is used to provide the ability to reconstruct the activities that caused these files to exist.

Here, we will locate the relevant digital evidence to suggest Farayi has been counterfeiting ISIC cards. So, look at keyboard list results. It is shown below.

Click the ISIC images file is shows the following image (Sammons, 2015).

This scan is used to seem entirely relevant to an investigation into counterfeit ISIC cards.

Here, we will suggest that Farayi knew his actions were illegal. So, check the document related to word documents and images. It is shown below. 

Name

/img_thumbdrive.dd/$CarvedFiles/f0032856.doc

Type

Carved

MIME Type

application/msword

Size

20480

File Name Allocation

Unallocated

Metadata Allocation

Unallocated

Modified

0000-00-00 00:00:00

Accessed

0000-00-00 00:00:00

Created

0000-00-00 00:00:00

Changed

0000-00-00 00:00:00

MD5

b647513040a16cdb89c8129e2701a418

Hash Lookup Results

UNKNOWN

Internal ID

15

Is there any evidence to suggest the names of his customers?

Sheetal

Named in the letter as a customer of the counterfeiter

Counterfeiter

Named as the author of the letter (payment.docx)

£12.50

The price of a counterfeit ISIC card

B. Smart

Named in the letter as a customer of the counterfeiter

Conclusion

The main objective of this project is to retrieve a forensic image of the USB data storage device. According to the given case, the USB storage device has been processed by a forensic imaging technician and the forensic image has been obtained. So I had to recover the forensic image of the USB data storage device. Then the copied Data in USB is determined. The investigations are carried out to determine that the hidden data in USB, the reasons and facts behind the theft.

References

Gogolin, G., Ciaramitaro, B., Emerick, G., Otting, J. and Pavlov, V. (2013). Digital forensics explained. Boca Raton: CRC Press, Taylor & Francis Group.

Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Journal of Digital Forensics, Security and Law.

Pollitt, M. and Shenoi, S. (2010). Advances in digital forensics. New York: Springer/International Federation for Information Processing.

Ray, I. and Shenoi, S. (2011). Advances in digital forensics IV. New York: Springer.

Sammons, J. (2015). The basics of digital forensics. Amsterdam: Syngress Media.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2020). Investigation Into Counterfeit ISIC Cards - Digital Forensics Essay.. Retrieved from https://myassignmenthelp.com/free-samples/co4514-digital-forensic-technology/documentation-phase.html.

"Investigation Into Counterfeit ISIC Cards - Digital Forensics Essay.." My Assignment Help, 2020, https://myassignmenthelp.com/free-samples/co4514-digital-forensic-technology/documentation-phase.html.

My Assignment Help (2020) Investigation Into Counterfeit ISIC Cards - Digital Forensics Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/co4514-digital-forensic-technology/documentation-phase.html
[Accessed 22 December 2024].

My Assignment Help. 'Investigation Into Counterfeit ISIC Cards - Digital Forensics Essay.' (My Assignment Help, 2020) <https://myassignmenthelp.com/free-samples/co4514-digital-forensic-technology/documentation-phase.html> accessed 22 December 2024.

My Assignment Help. Investigation Into Counterfeit ISIC Cards - Digital Forensics Essay. [Internet]. My Assignment Help. 2020 [cited 22 December 2024]. Available from: https://myassignmenthelp.com/free-samples/co4514-digital-forensic-technology/documentation-phase.html.

Get instant help from 5000+ experts for
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing: Proofread your work by experts and improve grade at Lowest cost

loader
250 words
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Plagiarism checker
Verify originality of an essay
essay
Generate unique essays in a jiffy
Plagiarism checker
Cite sources with ease
support
close