• Subject Name : IT Computer Science

Digital Forensics Analysis and Validation

Q.1. a. The hiding of data involves manipulating or changing a file according to the concealing information. There are different techniques of hiding, hiding partitions; in this, partitions have to be created and then hide this with the help of editor disk. There are some hidden tools also that help in hiding partitions like GDisk, System commander, LILO and PartionMagic. There are different kinds of account so it is required to analyse the disk. It is windows that help in creating the gap of partitions among the partitions automatically, nevertheless, there is a gap that is also larger gap.

Technique used in this image is marking bad cluster. It is used to hide the sensitive data in free space. This technique is common to FAT system. There is the only way to access the data by changing the bad clusters into good clusters.

Q.1.b. The MD5 is a hashing algorithm that helps in a one way cryptographic operation. It accepts the messages of all the lengths in the form of input and it returns the result in the form of fixed length which is known as digest value and it is used for the authentication purpose in the actual message. This algorithm was designed for using in the cryptographic algorithm that assist for checking the authentication of digital signature.

In the given image, the input is in the form of file, the file name is Test 03. Txt and the output that generates with the help of MD5 is 0562…..hence, it is required to check what the file contains.

The message of text file processes in the 512 bit blocks and then it break down into smaller chunks of 16 words and each 16 word composed of 32 bits. The output that is received with the help of MD5 is a 128 bit value of message digest. The calculation of the message digest has to perform in different stages and at every stage it is 512 bit long. The first phase is the initialisation. Every phase contains 4 message digest that passes and modifies value of the present data and of the previous data. The final value in this algorithm can be calculated with the help last block.

Q.2. a. In the given study the electronic devices or media devices like the computer system in which Ryan install the Malware is the possible evidence that can be taken for the forensic examination. This digital device must be having memory dump, with the help of memory dump the forensic evidence can be created.

Digital investigations fall into two categories, first is public sector investigation and second private sector investigations.

DEFR stands for digital exudence First Responder : it is the situation that helps in arriving on the incident scene, evaluate the situation, and take all prevention measures to obtain the evidences.

DES is Digital Evidence Specialist: it is the specialist that has all the skills to evaluate the data and determine when the other specialist summoned to help in it.

Q.2.b. Acquisition is the process of gathering of evidences in the fork of digital and with the help of electronic device. There are different methods of data acquisition;

disk-to-disk copy,

 disk-to-image file,

logical disk-to-disk file, and

sparse data copy of a file or folder.

In this situation, sparse data copy of a file or folder and logical disk-to-disk file acquisition are important and beneficial because there is a need to obtain too much with the help of RAID drives or from the large drives. During gathering the digital evidences, the testers have to abide by all the rules like “order of volatility”. This rule helps in describing the sequence or order in that the evidence is gathered. This can be preserved with the help of various algorithm, there are different kinds of algorithms used like hashing algorithms and types of hashing such as SHA1 or MD5 algorithms.

Q.2.c. Challenges of cloud forensics:

  1. Logs play an important role in the investigation. In cloud, all the data are stored at unknown locations so it will become difficult to find all the logs and get access to all the evidences.
  2. In cloud, finding the physical location of data is very difficult.
  3. The service level agreement is must, in most of the cases, the forensic investigations are not incorporated the SLAs that signed among the customer and the CSP that stands fort cloud service providers.

Q.2.d. The techniques of anti-forensic makes the process of investigation very difficult in to the computer. If someone commits the fraud in a firm by stealing the sensitive information and other crucial details of the company, there are wide range of activities that comes under the cyber crime activities. In most of the cases, these kinds of perpetrators try to keep and want to achieve the deleted browser history and cookies and even cache. But attackers also seek their convenience and attack on the computers or system as per their convenient, so most of the attackers use software to hack and to modify the digital monkey paws. With the help of anti-forensics tools, it become very difficult to extract the evidences from the computer while an investigation is going on.

Techniques

  1. Encryption
  2. Stenography
  3. Tunneling
  4. Nolin routing
  5. Obfuscating
  6. Spoofing: Ip spoofing and Mac spoofing

Q.2.e. There are four steps that need to follow if want to suspect the running computer;

Step 1: development in policy and procedure.

Step 2: assessment of evidence

Step 3: Acquisition of evidence

Step 4” examination of evidence

Step 5: Documenting and reporting

Q.3. a There are four methods of data acquisition that is used in the given scenario. These methods help in obtaining the data; gathering new data, transforming or converting the legacy data, exchanging or sharing the information and purchasing the data.

Gathering new data

It is required to gather the new data on the basis of these following, skills, frequency and timeliness. Skills needs for the collection that may help in dictating about the contract. Frequency helps in collecting the data once, one type of data is collected only one time, Timeliness helps in the requirement of data.

Transforming or converting the legacy data

There are two things that comes under this, legacy quality that contains the sufficiency of data and quality also fulfill the demand of science requirements, Technical issue is the medium of storage.

Exchanging or sharing the information

It helps in creating the SLA which is service level agreement, data organizations, record requirements, and completeness of data.

Purchasing the data.

It contains agreements of purchase, data certification and issues related to license.

Q.3.b. In this case, gathering new data is used to collect the data. Gathering new data, it is required to gather the new data on the basis of these following, skills, frequency and timeliness. Skills needs for the collection that may help in dictating about the contract. Frequency helps in collecting the data once, one type of data is collected only one time, Timeliness helps in the requirement of data.

Q.3 c. Policies are the rules that are applied to measure the performance. Companies and people require ethics to preserve the respect of the organization and to respect them performance. These are the laws that help in governing the codes of the responsibilities. It also helps in describing the lowest degree of action of the performance obtained to prevent the liability. The examiners of digital forensics have two roles; first is fact witness and second is expert witness. An expert witness can examine if the user is not present while the occurrence of any event.

Q.4.a. If there is a file that has a bad signature on it and original header oof the file also has a signature and then header file is called the signature file. The header file defines the form of file, it is used so that whatever written in the file can be recognize accurately and also attached with it. There are more than lakhs of files that have same kind of format like

Example:

Signature of file

File extension

Description

47 49 46 38 37 61

GIF

GIF87a Graphics interchange format file

47 49 46 38 39 61

GIF

GIF89a Graphics interchange format file

E3 82 85 96

PWL

Password Windows File

89 50 4E 47 0D 0A 1A 0A

PNG

Portable Network Graphics File

52 45 47 45 44 49 54 34

REG, SUD

Registry Undo files and Windows NT Registry

There are some methods to identify the files such as file identification, thorough identification of each file and thorough identification for the files that don’t have any extensions. Some of the users use the extension of the file so that no one can understand what us inside the file.

Encase is also the type that helps in checking the header of the file and also helps in making the comparison in the signature of the file by pressing the internal table button. It is the bad signature that helps in fending about the extension of the file and header does not match.

Q.4.b There are some tools that help in cracking the password;

Crack station: it used on the platforms like Linux, macOS, and windows. The supported protocols are, LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+ (sha1(sha1_bin)), QubesV3.1BackupDefaults. the main features of this tool is to crack the password hash, it only works for the non-salted hashes.

Brutus: The platform is windows, it only supported to windows. The protocols are, FTP, HTTP, POP3, SMB, Telnet, NetBus, IMAP, NNTP, and other platforms. The main features of this tool is to provide multistage authentication, it supports simultaneous connections up top sixty connections, it also supports to proxy.

Rainbowcrack: It supported to Linux and windows. The supporting protocols are NTLM Tables, MD5 Tables, SHA2 Tables. The main features of this are, high performance cracking, it also supports multi core GPU and processing.

Q.5.a. Logs are very important part of all the organization and all the logs have to store safely at a place so that no unauthorized user can interact with this data. No user who don’t authorized cannot access these logs. Logs contain all the employee’s details, their sensitive data and their personal data. The method chosen the new start up is relevant as firewall helps in keeping all the logs and all the data secure.

The main objective of the firewall is to prevent the network from all kinds unauthorized packets of data. The work of firewall is to keep filtering all the packets as per the IP address and port. All the firewalls work on the same principle

Q.5.b There are three process; Capture, identity and analyses

Process helps in capturing the packets in the promiscuous mode that is SPAN and mirror parts of TAPS.

Identifying the packets and filtered on the basis of specific criteria like time and date.

Analyzing the packets and restructured and categories them on the basis of known data and on the basis of unknown data such as performance of header analysis.

There are some steps that required to follow to deal with more than on company:

Identification

Preservation

Examination

Analysis

Presentation

Incident response

Q.5.c. Hashing algorithm: This is based on the mathematical formulation that help in developing the fix length string of the numbers and the characters that is called hash function. Different kinds of hashing algorithm is used for extracting the information. This special algorithm also applied in the case of network security for encoding the messages that want to send from one place to another. There are other popular algorithms also but SHA1 and MD5 is the part of the hashing algorithm. If one wants to provide a good security to the system then it is mandatory to apply this hashing algorithm. In this the input size is fix but the length of the output always varies according to the function.

Encryption algorithm: This is the most popular kind of technique used in the network security as it helps in authorizing the party that want to access the code at the decryption end. There are two type of encryption algorithm, one symmetric encryption algorithm and other is asymmetric type of algorithm.

Q.5.d. There are different kinds of challenges in the network forensics are;

  1. data integrity
  2. extraction locations of data
  3. data privacy
  4. IP address access
  5. Transmission of high speed data
  6. Storage of data in the network devices

Q.5.e. There are different kinds of logs, generally three types of log files;

Request log files is the document that execute the programs in a concurrent way as an outcome of concurrent request. Each concurrent log file also produces the log file.

Manager Log files is the document that helps in performing the document of concurrent manager which is making request of running. The list is proceeding with the permission of concurrent manager.

The Internal Concurrent Manager Log file displays the parameter that are loaded when this internal began.

There are various kinds of attacks that happened. There are different kinds of methods such as active intrusion detection. With the help of this method, investigator help in detecting the footsteps of the attacker with the help of these log files and the instruction technique.

Q.6.a There are three types of files in the SIM card namely;

Mastery file

Dedicated file

Elementary file

There are different kinds of tools available that help in extracting the information from the SIM card. There is a tool that is called SIMXtractor that help in retrieving the data. It was developed to retrieve the information from sim. This is not the opens source for everybody. These tools contains three things;

Sim card reader

Sim Imager

Sim analyser

Sim card reader helps in using to connecting the SIM card with the device that is used for the investigation purpose. It is a reader that is based on hardware and with the support of USB.

SIM imager is used to extract the image from the SIM with the help of hashing algorithm that is MD5 and SHA2.

Sim analyser is used to analyse the tools. It analyses the information and other messages of sim like logs, call details, and many more.

Q.6.b. In most of the phones, the procedure is same, you just need to access the SIM card when the SIM is in phone. The method is same for all the phones, it does not matter, it is an android phone or it is an IOS phone. There are three different kind of SIM card, one is normal sim card, second is PIN SIM card and third is blocked Sim card.

In the normal SIM card, SIMXtractor can help in extracting the information such as location of the phone, the image on the phone, the history of web browser and all other details. There is another thing which is called memory dump, it is also known a core dump. It helps in retrieving the information from the phone.

First it is required to connect the phone with the computer and then with the help of memory dump, the data can be collected.

The second type is Pin protected SIM, in this phone data can be retrieved but some information may be lost while extracting the information with the help of tool.

Q.6.c. Data validation is the process of checking the accuracy of the data and by checking the quality of data that needs to perform before importing the data to some other place and processing the data onto some other place.

There are some steps that need to follow for data validation:

  1. It is required to measure a sample data.
  2. Then it is required to validate the database also.
  3. Validating the format of data also required

There are some methods that help in validating the data such as scripting, open source tools and techniques.

Remember, at the center of any academic work, lies clarity and evidence. Should you need further assistance, do look up to our Computer Science Assignment Help

Get It Done! Today

Upload your assignment
  • 1,212,718Orders

  • 4.9/5Rating

  • 5,063Experts

Highlights

  • 21 Step Quality Check
  • 2000+ Ph.D Experts
  • Live Expert Sessions
  • Dedicated App
  • Earn while you Learn with us
  • Confidentiality Agreement
  • Money Back Guarantee
  • Customer Feedback

Just Pay for your Assignment

  • Turnitin Report

    $10.00
  • Proofreading and Editing

    $9.00Per Page
  • Consultation with Expert

    $35.00Per Hour
  • Live Session 1-on-1

    $40.00Per 30 min.
  • Quality Check

    $25.00
  • Total

    Free
  • Let's Start

Browse across 1 Million Assignment Samples for Free

Explore MASS
Order Now

My Assignment Services- Whatsapp Tap to ChatGet instant assignment help

refresh