CKIT 519 Forensic Computing : Murder Investigation

One of the main uses of computer forensics is for root cause investigation, recognition, protection, credentials, interpretation, and extraction of computer medium for evidences. Evidence is requires everywhere for investigating the exact root cause of crime same is crucial for a large variety of crimes made with computer and its misuses. Verification of information that can be extracted & with the help of different Computer Forensic tools & software we can get it back by making use of electronic means. Remotely found Control of the computer can be found physically. This term is used for understanding the appearance of evidence by lawyers, staff or management which is from non-technical background. Consideration of proofs by the court is based on the legal rules which find out if the evidences can be accepted by the court or not. Computer should be prevented from the viruses being installed in the analytic process. All the data should be handled with proper care in the investigation which was sought and gathered in the investigation. Collection of data from different sources like easily available records which are available publically also information available in paid forums and internal or secrete information. Computer forensics is a practice and crime involving electronics is suspected hen computer forensics investigator takes each of the following factors such as Investigation of registry file, Investigation of registry report, Techniques for various recovery data. Easy discovery of NTFS ,Maintains file header, Activity logger, Hard disk imaging & cloning, Read various images file structure, Support various file system FAT and NTFS,Automatic discovery of erased disk partition, Data authenticity, Proper case management, Memory Investigation, Gallery & pictures, Investigation metadata of file types for Investigation Capitals Very advanced technology we have. We also have different latest tools and procedures that are certified and also authorized among others. Proficiency Very highly experienced team of forensic experts we have with international certificates of technical branch. Speed and worldwide range – By using special type of software and hardware we can do work immediately from anywhere like globally, locally or regionally. Specialized team can do the same. Skill with Experience & capability of accounting knowledge of accounting with technical knowledge is the perfect combination which experts have. Whole data of computer should be determined. Recovery of deleted data, encrypted data. Monitoring on each and every vital activities. Prevention of criminal activities on system. In forensic investigation data in digital format is necessary. It is proved in survey and also published in recent publication that information is based on digital area. In other words most of the information used in digital format only. Online communication, digital photos all these things are impossible without system.

• Whole data of computer should be determined.
• Recovery of deleted data, encrypted data.
• Monitoring on each and every vital activities.
• Prevention of criminal activities on system.

Personal data on system could be stored by the suspects. Computer forensics is use for getting data back and also makes use of it as a proof against suspect’s activity. This finding resulted to his conviction and arrest, who confessed that he had committed ten murder cases between the year 1999 and 2012 around Nairobi. Any data being subject to intervention or not, that can be extracted from a computer.

• Arranging Operations.
• extraction of information
• Recovery of deleted data
• Identification of reserved Keyword and search operations.
• Passwords encryption

Physically /remotely found Control of the computer can be found Physically/remotely.

Verification of information that can be extracted & with the help of different Computer Forensic tools & software we can get it back by making use of electronic means.

This phase is used for understanding the appearance of evidence by lawyers, staff or management which is from non-technical background.

Consideration of proofs by the court is based on the legal rules which find out if the evidences can be accepted by the court or not. Computer should be prevented from the viruses being installed in the analytic process.

All the data should be handled with proper care in the investigation which was sought and gathered in the investigation.

• Unpredictable Information
  • Information related to Network
    • Intercrosses Communication among system and the network
  • Dynamic Processes or Active process
    • Programs and background processes which are recently running on the system
  • Sign in Users
    • Logged in Users / employees recently using computer system
  • Files that are in use
• Non-Volatile Data
  • This section contains data that was not changeable example system configuration, system setting files etc.
• Hardware
  • Users should be aware of all the internal and external parts of a system
  • Deeply knowledge of hard drives and settings
  • Knowledge of motherboards and the various chips are being used
  • Power supply
  • Memory
• Operating Systems
  • Windows operating system like 3.1/95/98/ME/NT/2000/2003/XP
  • Disk Operating System
  • UNIX

Software applications

• Users should have knowledge of popular software packages like MS-Office.
• Forensic Tools
  • Awareness of computer system forensic techniques

Electronic or digital gadgets like hard drives, PC’s, laptops iPads, digital camcorder etc can be used for extracting evidences.

Advantages of using FAT or FAT32 type of file system:

• Faster USB related operations.
• Minimize memory consumption.
• Fast scanning.
• Compatible with all operating systems.

Investigations done by using Computer Forensic:

For investigating computer related crimes specialist requires specific and reliable set of tools and very dedicated techniques. Selection of tools depends on the type of the device used and the type of digital proofs.

Tools used for Forensic Investigations:

In forensic investigation data in digital format is necessary. It is proved in survey and also published in recent publication that 95% of information is based on digital area. In other words most of the information used in digital format only. Online communication, digital photos all these things are impossible without system.

Special tools are used for forensic investigation which is applicable with digital format only. Most of the evidences are available in digital format. For retrieving digital evidence special kind of tools are required.

Digital Evidence

Take out all document type like Office, PDF, RTF, and OpenOffice

Take out all log file and messages from Operating system Windows, MacOS & Linux.

Take out history of web browser, favorites and analyze cookies.

Take out all email, address book and attachment

Take out text file and images file.

Determine mobile iPhone, iPad and Blackberry device & backups

Computer forensics is branch of computer science which is concern with computer crimes. Computer crime may be do offline and online. Computer is used for produce information and now days it expanded to all devices related to digital data. The main goal of computer forensics makes the investigation on the basic of device and digital data. By investigations of evidence from digital data and find who was responsible for particular crime.

For better result of research, many computer forensics tools have created.

These computer forensics tools can also be classified into various categories:

There are forensics tools which categories as below

• Disk & data investigation tools
• File watchers
• File examination tools
• Registry investigation tools
• Internet investigation tools
• Email investigation tools
• Mobile devices investigation tools
• Mac OS investigation tools
• Network investigation tools
• Database investigation tools

Computer Forensics provide advanced platform to digital forensics for Investigation

• Hard disk imaging & cloning
• Read various images file structure
• Support various file system FAT and NTFS
• Automatic discovery of erased disk partition
• Techniques for various recovery data.
• Easy discovery of NTFS ADS
• Maintains file header
• Activity logger
• Data authenticity
• Proper case management
• Memory Investigation
• Gallery & pictures
• Investigation of registry file
• Investigation of registry report
• Investigation metadata of file types for Investigation

There are different case studies with different industries which are below

Case: Internal Business Fraud
Atmosphere: Complex Multi-Location Network and Desktop
Trade: Banking

Case: Litigation
Atmosphere – Legacy & Updated Mainframe
Trade – Financial

NTFS Master File Table (MFT)

File can be store in two type of system it may be FAT and NTFS .MFT volume show that record are store in special file called master file table.NTFS store 16 records of special information. First record of MFT describes master file table which is followed MFT mirror record.

If first record is corrupted and NTFS read second record for find MFT file. The data segment of MFT & MFT mirror file is recorded on boot sector.

This structure help to access file very fast. So attribute and structure are very important for investigation by computer forensics. FAT file system which store list of names & address. It also contain index into FAT

MFT structure contains small records completely inside it. For huge directories there is special structure of B-trees. This has pointers for pointing outside clusters that contains records which cannot be inserting in MFT structure due to its big size.

Forensic experts must have knowledge and they also have experience for conducting fraud investigation.

Being owner, member of boards or responsible person in organisation some strong issues can be occurs are as follows:-

• One of the main issues among all is misappropriation of wealth or assets in the form of stealing money or done fraud in account, fraud in loan etc.
• We need to help in stopping corruption like bribery etc.
• Anti-fraud programmes should be run and proper financial reporting should be done,.
• Investigate the environment and severity of fraud and also pay attention on losses.
• Also monitor account section for minimize the losses.

Computer Forensics For acquiring pictures from secondary storage devices and digital medium like DVD, memory cards etc. also gathering information from e-mails and other documents of electronic gadgets for preparation of proofs electronically we can say electronic evidence for more analysis for presenting forensic information.

Gathering of electronic data from all the sources which are available like hard drives etc, e-mails all are includes in this procedure. It also includes scanned and electronically identified papers using Optical character reorganization tools.

With the help of this procedure investigation experts will be able to do investigation and searching very quickly because they don’t need to read whole email every time. They can search using reserved keywords which can save their time. And they also can decide which documents can be shown to lawyer and for clients to show online.

• Collection of data from different sources like easily available records which are available publically also information available in paid forums and internal or secrete information.
• It also helps to make us understand very critical scenarios.

• Capitals– Very advanced technology we have. We also have different latest tools and procedures that are certified and also authorized among others.
• Proficiency – Very highly experienced team of forensic experts we have with international certificates of technical branch.
• Speed and worldwide range – By using special type of software and hardware we can do work immediately from anywhere like globally, locally or regionally. Our specialized FTS team can do the same.
• Skill with Experience
• A capability of accounting – knowledge of accounting with technical knowledge is the perfect combination which our experts have.

Computer Forensics

Whole data of computer should be determined. Recovery of deleted data, encrypted data. Monitoring on each and every vital activities. Prevention of criminal activities on system. In forensic investigation data in digital format is necessary. It is proved in survey and also published in recent publication that information is based on digital area. In other words most of the information used in digital format only. Online communication, digital photos all these things are impossible without system

Documents & Email Analysis

This process consists gaining of collection of electronic data. This data get from available sources such as electronic media & mail files and also including scanned and recognized paper documents .Take out all email, address book and attachment. Computer forensics is branch of computer science which is concern with computer crimes. Computer crime may be do offline and online. Computer is used for produce information and now days it expanded to all devices related to digital data. The main goal of computer forensics makes the investigation on the basic of device and digital data.

Computer forensics is a practice and crime involving electronics is suspected hen computer forensics investigator takes each of the following factors such as Investigation of registry file, Investigation of registry report, Techniques for various recovery data. Verification of information that can be extracted & with the help of different Computer Forensic tools & software we can get it back by making use of electronic means. Remotely found Control of the computer can be found physically. This term is used for understanding the appearance of evidence by lawyers, staff or management which is from non-technical background. Consideration of proofs by the court is based on the legal rules which find out if the evidences can be accepted by the court or not. Computer should be prevented from the viruses being installed in the analytic process. All the data should be handled with proper care in the investigation which was sought and gathered in the investigation. Collection of data from different sources like easily available records which are available publically also information available in paid forums and internal or secrete information. Capitals Very advanced technology we have. We also have different latest tools and procedures that are certified and also authorized among others. Proficiency Very highly experienced team of forensic experts we have with international certificates of technical branch. Speed and worldwide range – By using special type of software and hardware we can do work immediately from anywhere like globally, locally or regionally. Skill with Experience & capability of accounting knowledge of accounting with technical knowledge is the perfect combination which our experts have. Following steps should be followed by Computer forensics for investigating the crime involving electronic media as a part of crime.

Get permission for authorization for searching and resizing.

1. Take proper care that no one can change crime area. it should be secure
2. Documentation should be done properly each and every time when it was seized.
3. Electronic evidences should be keep and transport safely with proper care.
4. Get hold of the electronic evidences which will get from the equipment by make use of forensic reliable methods. Also keep forensic images of electronic proofs.

Never change original material. Keep it safe.

5. Make outline of your own planning to review the mapping of electronic proofs which also includes keywords and search terms.
6. Observe and investigate images of forensic labs of the e-evidence by your planning.
7. Understand and illustrate inferences which are totally based upon electronic evidences.
8. Make report which explains the examination that you have done in very easy formats. Make clear report.

Following are the steps that should be following by any forensic experts to get or investigate computer electronic evidences. 

Keep your vital data and tools safe by ensuring that your system is safe.

 If your computer is connected to the internet keep proper watch on it so no unauthorized user can get access to it. And also keep your storage devices safe.

Keep copy of every file including encrypted files and also give password to each and every file hidden file. Take proper care that no one can modify your file or no one can get access to it. Make changes or modify the file which is copy not original. So that original files is in safe.

References

NELSON, B., PHILLIPS, A., & STEUART, C. 2010. Guide to computer forensics and investigations. Boston, MA, Course Technology Cengage Learning.

Nelson, Bill. 2004 Guide to Computer Forensics and Investigations. Boston, MA: Thomson Course Technology

Chen, B. (2013). Computer Forensics in Criminal Investigations. [Online]. Available at: https://dujs.dartmouth.edu/2013/03/computer-forensics-in-criminal-investigations/#.V01JkPl97b2 [Accessed 31 May 2016].

Nelson, Phillips, Enfinger, and Steuart ( 2006). Guide to Computer Forensics and Investigations. 2nd ed. Canada. "Understanding Computer Investigations. Available at: https://72.14.209.104/search?q=cache:lIPQZjd7f0wJ:cs3.wnmu.edu/Math%26CS/mcfarland/CMPS480%2520Forensics%2520PPT/Chap_02.ppt+multi+evidence+form&hl=en&gl=us&ct=clnk&cd=2&client=firefox-a [Accessed 26 June 2017].

Carlson, A & Pope, BM 2009, ‘The “Big Deal”: A survey of how libraries are responding and what the alternatives are’, The Serials Librarian, vol. 57, no. 4, pp. 380-398. Available from: Taylor & Francis Online. [28 September 2015].