Overview of the Investigation
Title: Clowning About Again
In the state of Western Australia, it is illegal to access, own or distribute digital content relating to clowns. An allegation was been made to law enforcement whereby a witness claims to have seen an individual access clown related content within a place of work. Following the approval of formal warrants, the computer in question was seized from the work place. The computer was then forensically acquired using FTK Imager. Unfortunately, the junior investigator who obtained the ‘forensic image’ of the computer only performed a logical acquisition. To worsen the situation, the junior investigator forensically wiped the original hard drive from the computer. Fortunately, the logical acquisition was undertaken in a forensically sound manner. The suspect, Clark denies accessing clown content. However, Clark does confirm that the computer does belong to him. Clark stated that he does not always take the computer home or lock it when he is away from his desk.
You are a consultant who specialises in digital forensic investigations. You have been assigned the task of examining a ‘forensic’ image of the laptop, which was seized with correct warrants. It is currently unknown what Clark was doing with the clown content. In Clark’s opinion, the computer was infected with malware which resulted in any potential content appearing on the computer.
Your task is to investigate the supplied forensic image using appropriate tools and process and to develop and prepare a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions!
Your report must follow the report structure shown below.
A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must characterised, explained and examined. What is the value of the evidence to the investigation? What does each piece of evidence mean? Does evidence support or negate the allegations made?
Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence, which demonstrates ownership of the device or content?
Was the digital content purposefully accessed/used/downloaded/installed? Was it accidental? Was it a third party? Was it malicious software? Present all evidence to support your theory.
How many files of every type were present on the system? What percentage of these files relate to the offence? What does this mean for the overall investigation?
What applications are installed that relate to the investigation? What purpose do these applications serve? Have they been used/run? Dates/times the application was used. What impact do these applications have on the investigation?
Primary focus of this project is explore the progressed computerized legal sciences images by using reasonable tool. Basically, region of Western Australia does not offer access to modernized substance related to comedians since it is unlawful access, guarantee and circle the propelled substance related to jokesters. The comedians' automated substance are gotten to by malware. Thusly, this examination is prerequisites to look into the propelled substance related to the jokesters. Generally, the charge was make the law approval where by an eyewitness maintains to get to the jokesters related data inside a work put. In any case, some entertainer's substance are gotten to without the work put. Unfortunately, junior propelled operator got the advanced crime scene investigation image of the PC that is comedians substance played out an authentic anchoring. Along these lines, this condition the junior computerized criminology inspector wiped the primary hard drive from the PC. Since, the reliable anchoring is done by forensically strong way. Thusly, the lesser pro easily chose the legitimate picture. The suspect, Clark demies the getting to the entertainer content and moreover Clark does not attest that the PC has a place with him. The Clark says, he doesn't by and large take the PC home or jolt it. Thusly, senior analyst needs to assess the legitimate image of the lap which was seized with right warrants. Furthermore, also Clark express the PC was polluted with malware that achieved different potential substance appearing on the PC. This examination is done by using the autopsy forensics tool. The examination will be done and discussed in detail.
Here, client needs to give the presentation of substance relating to the offense. The gave logical examination communicated that the charge was make the law prerequisite where by an eyewitness pronounces to get to the comics related data inside a work put. Nevertheless, a few comedians substance are gotten to without the work put. Shockingly, junior analyst obtained the criminology image of the PC that is comedians substance played out a real anchoring. Thusly, this situation the junior automated criminology analyst wiped the main hard drive from the PC. Since, the intelligible acquiring is done by forensically stable way. Thusly, the junior analyst easily chose the criminological picture. Thusly, senior analyst needs to examine the quantifiable image of the lap which was seized with right warrants. This examination is done by using the autopsy forensics tool.
Tools and Process Used in the Investigation
Here, user needs to using the 7 zip extraction to open the all the provided case image and it converted into the single case file. To extract the provided case file by using the below steps. Fisrt, user needs to download and install the 7 zip software.After, open 7 zip and also open the provided case file. It is illustrated as below.
Once files are upload successfullly on the 7 zip, after right click the case file to clck the 7 zip to choose the extract to compressing the provided the case file into single case file. The compressing process is demostrated as below (Boddington, 2016).
After, all the case file are compresed into case file.7z. But, provided case file does not converted into single image otherwise it converted into one folder.Then, user requires to download and install the autopsy tool. The installation of autopsy tool is finished, after open the autopsy tool to click the new case. After, user enter the case information and save the case file to browser the directory. It is demonstrated as below. Here, case name as digital forensics. Then, click the next button (Computer forensics, 2010). Then, enter the case number is digital forensics case 01. After, proceed the analysis by click the next button. Once new case created, after add the provided case file to choose the unallocated disk image then click the next button. Then, browse the forensics image folder to choose the appropriate folder and click the forensic image which is 182.7z.002. Then, click the next button. After, configure the forensic image to ingest modules and click the next button. Finally, added the data source for created case by click the Finish button. Successfully data source is added into the case. Similarly, add the all the forensics images on the created case. The provided all the forensics image is successfully added to the digital forensics case.
Once, data sources are added into the created case after user needs to identify the evidence for digital forensics investigation. A detailed representation of all content identified, extracted and analysed in the investigation are discussed in below issues.
This issue is used to identify the information about the provided case file.
182.7z.001 - case file identification
Here, user needs to click the appropriate data to identify the case file information (CYBERCRIME AND DIGITAL FORENSICS, 2018). The given case file has the one deleted file which is image file. It is shown below.
Analysis of Evidence
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file. The provide detail information is illustrated as below.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the three files. The given case file has below results. This results provide the email search information and one deleted file information (Gogolin, 2013).
Here, user needs to click the appropriate data to identify the case file information (Philipp, Cowen and Davis, 2010).The given case file has the one deleted file which is image file. It is shown below.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file. The provide detail information is illustrated as below.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the three files. The given case file has below results. This results provide the email search information and one deleted file information (Hayes, n.d.).
Here, user needs to click the appropriate data to identify the case file information. The given case file has the one deleted file which is image file. It is shown below.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file. The provide detail information is illustrated as below.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information. The given case file has the one deleted file which is image file. It is shown below.
Identification of Evidence
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file. The provide detail information is illustrated as below.
The investigator also provided the below information The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information. The given case file has the one deleted file which is image file. It is shown below.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file. The provide detail information is illustrated as below.
The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information. The given case file has the one deleted file which is image file. It is shown below.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The provided case file has some keyword search information like single literal keyword search, single regular expression search and email address. Here, the email address key search file has the only one file.The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information.
Keywords Search Results
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the only one file.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the only one file. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information. The given case file has the one deleted file which is image file.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the three files. The given case file has below results. This results provide the email search information and one deleted file information.
Deleted File
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
The investigator also provided the below information. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. The given case file has below results. This results provide the email search information and one deleted file information.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
In this issues, user requires the indent the digital content are purposed accessed, used and finally deleted that file. This process are demonstrated as below.
Here, user needs to click the appropriate data to identify the deleted case file information.
Here, user needs to click the appropriate data to identify the deleted case file information (Maras, 2015).
Here, user needs to click the appropriate data to identify the deleted case file information. This process is demonstrated as below (Meyer, 2014).
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Ownership of the Device and Content
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
Here, user needs to click the appropriate data to identify the deleted case file information.
The investigator provided the detailed representation of all content identified, extracted and analysed in the given case file.
In this issues, user requires to determine the files on the system by using the provided forensics image.
182.7z.001 – Quantity of case file
Here, user needs to click the appropriate data to identify the quantity case file information (Nelson, 2004).The given case file has the one deleted file which is image file. In this case file, investigator identified the quantity of the file. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the three files. It is demonstrated as below.
Here, user needs to click the appropriate data to identify the quantity case file information. The given case file has the one deleted file which is image file (Nelson, Phillips and Steuart, n.d.). In this case file, investigator identified the quantity of the file. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the three files. It is demonstrated as below.
Here, user needs to click the appropriate data to identify the quantity case file information (Olivier and Shenoi, 2006). The given case file has the one deleted file which is image file. In this case file, investigator identified the quantity of the file. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files. It is demonstrated as below.
Here, user needs to click the appropriate data to identify the quantity case file information. The given case file has the one deleted file which is image file. In this case file, investigator identified the quantity of the file. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the two files.
Here, user needs to click the appropriate data to identify the quantity case file information. The given case file has the one deleted file which is image file. This case file does not have the files on the system.
Here, user needs to click the appropriate data to identify the quantity case file information. The given case file has the one deleted file which is image file. In this case file, investigator identified the quantity of the file. The given case file has the three key word search information such as Single regular expression search, Email address and Single literal keyword search. Here, the single regular expression and single literal keyword search does not have the any file. But, the email address key search file has the only one file.
In this investigation, there is no software is installed on the system (Pollitt and Shenoi, 2010).
References
Boddington, R. (2016). Practical Digital Forensics. Packt Publishing.
Computer forensics. (2010). Clifton Park, NY: Course Technology Cengage Learning.
CYBERCRIME AND DIGITAL FORENSICS. (2018). [S.l.]: CLANRYE INTL.
Gogolin, G. (2013). Digital forensics explained. Boca Raton, FL: CRC Press.
Hayes, D. (n.d.). A practical guide to computer forensics investigations.
Maras, M. (2015). Computer forensics. Burlington, MA: Jones & Bartlett Learning.
Meyer, T. (2014). Careers in computer forensics. New York: Rosen Publishing.
Nelson, B. (2004). Computer forensics and investigations. Boston, Mass.: Thomson/Course Technology.
Nelson, B., Phillips, A. and Steuart, C. (n.d.). Guide to computer forensics and investigations.
Olivier, M. and Shenoi, S. (2006). Advances in digital forensics II. New York: Springer.
Philipp, A., Cowen, D. and Davis, C. (2010). Hacking exposed, computer forensics. New York: McGraw-Hill.
Pollitt, M. and Shenoi, S. (2010). Advances in digital forensics. New York: Springer/International Federation for Information Processing.
Sammons, J. (2015). The basics of digital forensics. Amsterdam: Syngress Media.
To export a reference to this article please select a referencing stye below:
My Assignment Help. (2021). Digital Forensic Investigation: Unmasking Clowning In Cyberspace. Retrieved from https://myassignmenthelp.com/free-samples/mn613-computer-forensics/explore-the-progressed-computerized-legal-sciences-images.html.
"Digital Forensic Investigation: Unmasking Clowning In Cyberspace." My Assignment Help, 2021, https://myassignmenthelp.com/free-samples/mn613-computer-forensics/explore-the-progressed-computerized-legal-sciences-images.html.
My Assignment Help (2021) Digital Forensic Investigation: Unmasking Clowning In Cyberspace [Online]. Available from: https://myassignmenthelp.com/free-samples/mn613-computer-forensics/explore-the-progressed-computerized-legal-sciences-images.html
[Accessed 26 November 2024].
My Assignment Help. 'Digital Forensic Investigation: Unmasking Clowning In Cyberspace' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/mn613-computer-forensics/explore-the-progressed-computerized-legal-sciences-images.html> accessed 26 November 2024.
My Assignment Help. Digital Forensic Investigation: Unmasking Clowning In Cyberspace [Internet]. My Assignment Help. 2021 [cited 26 November 2024]. Available from: https://myassignmenthelp.com/free-samples/mn613-computer-forensics/explore-the-progressed-computerized-legal-sciences-images.html.