Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave

Prepare a report on the following sections. You can use your own USB, create/delete files and perform computer forensics.
Steps:

1. On your USB drive create a word file named your Student ID, where the file should contain your name,studentID, mobile number, address and some other personal information.
The file should also contain the following sentence: “I have enrolled for MN613 Computer Forensic.” followed by your full name and the the date when you registered for this unit.
2. On the same drive create an excel file named “StudentID.xls”, where the First column should be filled with your units name that you had at MIT last semester and the second column should be filled with your marks with those units.
3. Store your current Photo on USB drive as JPG format or any other image format.
4. Take a screenshot of your Windows Explorer window showing the content of the USB’s folder hosting the three files. Include this screenshot in your final report! Now delete those files, and then take another screenshot of the respective folder’s content (after the two files have been deleted). Include this screenshot in your final report.

Data Acquisition

Computer forensics have one goal, that is, to provide solid evidence and answers to legal and investigative questions regarding computer crimes [1]. It is important to conduct a complete forensic investigation to ensure that innocent parties are not convicted. Digital forensic investigation is a complex field and it is recommended that an experienced and knowledgeable analyst carries out the investigation [3]. In this context, the report will give details on how to recover and analyze files that were deleted from a USB drive. It gives detailed steps of what was done and the results.

Data Acquisition

Data acquisition in computer forensics is the process of obtaining data from digital media and disks in order to gather evidence [8]. Computer forensic tools stores evidence in the format of an image file. Image acquisition involves obtaining a bit-stream copy (sometimes referred to as bit to bit copy) of the original disk. While carrying out forensic investigation it is highly discouraged to use the original drive image [5]. It is recommended that any investigator makes a copy of the original image and use it as the working image.

This is because if one uses the original image and it gets corrupted or destroyed then the entire investigation process will be affected. For this case, the investigator will make a bit by bit drive image. When acquiring the drive image, there are four aspects that any analyst should keep in mind, they include integrity, order of volatility, completeness, and data repeatability [13]. In order to have the best bit to it drive image copy, it is necessary to use similar devices or write blocking of USB. Additionally, possibly make several copies of the data. During data acquisition it is important to keep track of the steps followed [4].

After creating the three files in the USB drive (a word document with personal details, an excel file with units done the previous semester, and student’s image) and deleting them, the next process was to acquire the USB image in order to conduct an analysis on it [9]. First, ProDiscover Basic program was downloaded and installed on the computer. After installation, launch the program and a pop u windows will pop up as shown in figure 1. Input the project number, project file name, and a short description of what the project is about.

After keying in all the necessary information, click on ‘open’ to proceed. Another window like the one shown on figure 2 will be shown. On the left menu click on ‘Capture & Add Image’ in order to create an image from the USB drive.

ProDiscover Basic Program

On clicking on ‘capture & add image’ a window will pop up and will require the user to key in the necessary details about the image as shown in figure 3. On the source drive label, select the USB drive that you want to create the image from, on destination label choose the folder that you want the image to be store (these details must be entered). Additionally, you can add your name, image number, and a brief description about the image then click on ‘ok’ to create the image.

Upon completion, a pop up will come up ‘Image capture complete. Please check file for any errors’ as shown in figure 5. Click on ‘ok’ to remove the pop up and check on the log file located in the destination folder selected to store the image. Go through the log file to check for any errors.

Now, it is important to make a copy of the acquire image in order to be safe in case the image being worked on is modified or corrupted.  The image created with ProDiscover has the extension eve [11]. It is important to use write protection method or hardware write clocker device before obtaining an image using ProDiscover Basic [10]. The log file stores any list of errors that may have been encultured during image acquisition and a unique inventory file.

Data Recovery

After data acquisition, it is necessary to analyze the acquired image and recover the deleted files [12]. ProDiscover Basic has the feature that makes it easy to recover any deleted files from the USB drive.

The first step is to launch the ProDiscover Program. A pop-up window will come up like the one in figure 1. However, in this case you will click on ‘open project’ and browse to where the project file was saved as shown in figure 6 and click on ‘open’.

On clicking open another window will be displayed as shown in figure 7. Navigate to the menu on the left and click on ‘images’ in the ‘content view’ folder.

On clicking on the image file, a list of the files and folders that were deleted from the USB drive will be displayed. Scroll to find the files that matches the ones that you had created earlier. For this case there were three files, one-word file named 123456, an excel file named 123456, and a portrait image with the name Edu 20141019_182214. All these files can be seen on the list as shown in figure 8 below.

Data Recovery

In order to recover the files, right click on the appropriate file and select ‘copy file’. On clicking this, a windows explorer window will pop up prompting the user to select where to copy the file [12]. Choose the USB drive and click ‘ok’ and the file will be recovered and save on the USB drive as shown in figure 9 below.

The process was repeated for the remaining two files. On opening the USB drive once again, all the three files would have been recovered as shown in figure 10 below.

Data Analysis

It is important to analyze the recovered data if it contains any hidden files [6]. To conduct this, Hex Editor Neo software was used. This program will display will display file sectors in both ASCII and hexadecimal (where the program name originated). In this context, ‘content’ refers to the binary 0’s and 1’s used by the computer when saving information. The reason for carrying out this analysis is to establish the completeness and integrity of the files [7].

The figure 11 below shows a screenshot of the analysis conducted on the word document (123456.docx). Analysis showed that there were no hidden data in the files. To check for the hidden files, navigate to the bottom right of the program window and select the ‘file attributes’ tab then check on the check box ‘hidden’.

The same process was repeated for the excel file and image file and the results were similar; there were no hidden files as shown in figure 12 and 13 respectively.

Data Validation

In forensic analysis, data validation is the process of running a set of rules on data to ensure that the data is reliable, complete, and that it has not been altered [14]. The following are some of the data validation methods that can be used in an investigation process:

Format check- this validation technique checks if the data is in the correct format [15]. For instance, a format check was conducted on the excel file to find out if the unit column had its field in text format and the marks field number format. Also, this check was done on the portrait to find out if it was still a JPEG file. The results were positive and based on this validation method the files were valid and accurate.

Presence check- this method of validation seeks to check for the data availability in the respective fields. This technique can be used especially in excel files to ensure that the data entered was still there after recovery.

Data Analysis

Type Check- this validation technique is used to check for the correctness of data types in the various fields. For instance, if a field is set to number, the that field at no given time should accept text data.

Case Study II: Investing a Case

Accuracy, completeness, and integrity are three main principles that an investigator should keep in mind in order to successfully copy an image. The case being investigated involves a 2GB drive and the investigator is required to make a copy of it. The investigator will use either of the three methods below:

Create disk to image file- this is the most common and preferred method of copying data in forensic analysis. The investigator prefers to use ProDiscover Basic to make an image of the suspect drive. This program has an advantage of automating several acquisition functions [2]. If you compare the size of the computer disk and that of the USB drive, the disk is typically larger, therefore, the USB image can be contained without segmentation. The software is a forensic tool that is powerful and enable the investigator to extract every detail from the drive and ensures that the evidence is secure and reports generated are informative and relevant to be used in court of law. Creating a disk image using ProDiscover Basic ensures that the drive is copied accurately.

Create disk to disk copy- this method basically employs the normal principle of copying data from one disk to another. But in forensic analysis, one does not just copy and paste because during the normal copy and paste some crucial information may be lost in the process [10]. To ensure that every detail has been copied from the original disk to the new disk, the use of EaseUS ensure that every property associated with the drive is copied as it is. The software allows the investigator to safely and accurately copied to the new drive.

Create logical disk to disk or disk to data file- during investigation, the drive may have been damaged after acquisition and the investigator is provided with only the logical disk. The investigator in such cases is require to copy the logical disk to a physical disk while ensuring that every detailed property of the original drive is maintained [16]. R-Drive Image is the best program to perform such a task. It ensures bit to bit copying of the logical image to a new drive safely and accurately. ProDicover Basic can also be used to copy logical disk.

Conclusion

Computer forensic analysis in the recent years have grown and have aided in identifying computer-aided ad cyber-crimes. Governments, institutions, and businesses are finding it necessary to have a well-equipped incident response system so as to prevent and notify any misuse of the systems.  In computer forensics, the evidences can only be obtained once and thus it is essential that the information, evidence, and data be captured at the right time as required.

The increasing use of computers in today’s world have given rise to numerous computer related crimes such as fraud, hacking, impersonation among others, and it is only through computer forensics that solid evidence regarding such crimes can be obtained. Computer forensic domain will continue to grow in the coming decades because of the fast-evolving technology.

References

[1] E. Casey, "Digital Stratigraphy: Contextual Analysis of File System Traces in Forensic Science", Journal of Forensic Sciences, 2017.

[2] R. Chandel, "How to gather Forensics Investigation Evidence using ProDiscover Basic", Hacking Articles, 2015.

[4] D. Hayes, A practical guide to computer forensics investigations. Indianapolis, Indiana: Pearson, 2015.

[5] B. Nelson, A. Phillips and C. Steuart, Guide to Computer Forensics and Investigations. Mason, OH: Cengage Learning US, 2018.

[6] M. Maras, Computer Forensics. Sudbury: Jones & Bartlett Learning, LLC, 2014.

[7] Y. HU, B. LIU and Q. HE, "Survey on techniques of digital multimedia forensics", Journal of Computer Applications, vol. 30, no. 3, pp. 657-662, 2010.

[8] N. Wright, "DNS in Computer Forensics", Journal of Digital Forensics, Security and Law, 2012.

[9] E. Laykin, Investigative Computer Forensics. Chichester: Wiley, 2013.

[10] F. Jafari and R. Satti, "Comparative Analysis of Digital Forensic Models", Journal of Advances in Computer Networks, vol. 3, no. 1, pp. 82-86, 2015.

[11] B. ProDiscover, "ProDiscover Forensic Data Recovery", Networkdefensesolutions.com, 2018.

[12] R. Sadgune, "ProDiscover Incident Response, ProDiscover Forensics, ProDiscover", Hackforlab.com, 2014.

[13] G. Wingate, Computer Systems Validation. Boca Raton, USA: CRC Press, 2016.

[14]C. Guru, "Database Validation - Computer Science GCSE GURU", Computer Science GCSE GURU, 2018.

[15] C. Techopedia, "What is Data Validation? - Definition from Techopedia", Techopedia.com, 2018. 

 [16] J. Sammons, The basics of digital forensics. Amsterdam: Syngress Media, 2015.

[3] S. Naqvi, "Digital Forensics", Iaria.org, 2012.

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). Computer Forensics: Recovering And Analyzing Deleted Files From A USB Drive Essay.. Retrieved from https://myassignmenthelp.com/free-samples/mn613-computer-forensics/detailed.html.

"Computer Forensics: Recovering And Analyzing Deleted Files From A USB Drive Essay.." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/mn613-computer-forensics/detailed.html.

My Assignment Help (2021) Computer Forensics: Recovering And Analyzing Deleted Files From A USB Drive Essay. [Online]. Available from: https://myassignmenthelp.com/free-samples/mn613-computer-forensics/detailed.html
[Accessed 29 March 2024].

My Assignment Help. 'Computer Forensics: Recovering And Analyzing Deleted Files From A USB Drive Essay.' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/mn613-computer-forensics/detailed.html> accessed 29 March 2024.

My Assignment Help. Computer Forensics: Recovering And Analyzing Deleted Files From A USB Drive Essay. [Internet]. My Assignment Help. 2021 [cited 29 March 2024]. Available from: https://myassignmenthelp.com/free-samples/mn613-computer-forensics/detailed.html.

Get instant help from 5000+ experts for
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing: Proofread your work by experts and improve grade at Lowest cost

loader
250 words
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Plagiarism checker
Verify originality of an essay
essay
Generate unique essays in a jiffy
Plagiarism checker
Cite sources with ease
support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close