MN613 Implementation of Computer Forensic Techniques
1. Install/deploy the digital forensics tools of your choice.
2. Research how to identify digital forensics tools; that is the process to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. This should be thoroughly presented in the report.
3. Must complete at least 2 forensic techniques to be implemented.
4. Lab demonstration: Must explain how each tool works in class to your instructor before week 11.Each tool should not exceed more than 5 minutes in the presentation.
5. Compile a written report of the above along with your evaluations and recommendations. The report must contain several screenshots of evidence and a short description for each snapshot that provides proof that you completed the work.
Section 2: Investigation Wi-Fi Hacking Activity
A complaint was made to the authorities describing alleged Wi-Fi hacking activity. When the authorities reached the place, they found a Dell laptop and an Alfa Card (wireless USB adapter) abandoned in the surrounding area. Eyewitnesses recall sighting a person with such equipment lingering in the area of the WiFi access point. This abandoned equipment is seized as possible evidence. You are hired as a Computer Forensics Investigator. In this case, you need to find any evidence of the Wi-Fi hacking activity, and any data that might have been generated from the suspect’s hard drive, so that it may be presented in a court of law.
Evidence Disk: The seized Dell laptop disk can be obtained from your tutor.Tools : The tool that can be used for the purposes of this investigation is Prodiscover. If you would like to choose another forensics tool, talk to your tutor and get permission to use it.Tasks required to perform: analysis of the evidence would require performing the 20 tasks of .
1. What are the hash values (MD5 & SHA-1) of this image?
2. Explain installed OS information in detail.
3. Identify the date of OS installation.
4. Identify the registered owner, account name in use and the last recorded shut down date and time
5. Identify the account name of the user who mostly used the computer and the user who last logged into it
6. What is the timezone setting?
8. List all accounts in OS except the system accounts: Administrator, Guest, system profile, Local Service, Network Service.
9. What applications were installed by the suspect after installing OS?
10. Who was the last user to logon into PC?
11. When was the last recorded shutdown date/time?
12. Explain the information of network interface(s) with an IP address assigned by DHCP
Answer:
EPRB- it is an arrangement of apparatuses for encoded frameworks, information unscrambling and secret word recuperation that works on Windows working framework.AUTOSPY- This is a computerized criminology stage and Graphical User Interface to the Sleuth Kit. It keeps running on Windows, Linux and macOS.
Implementation of computer forensic techniques
Most digital crime activities leave a trace of evidence that allow the investigators to solve and prevent digital crimes [1]. According to my research I have concluded around 90% of all the data processed to information does not leave the digital domains. I will elaborate on the forensic techniques that facilitate acquisition of evidence. Example of these techniques include
Live forensics
Also known as live response. It majorly attempts to identify, control and eliminate possible threats in a live running system environment. In the past, this involved taking images and snapshots so as to perform analysis on these images. This was far-fetched as the process was far from efficient.Live forensic is more efficient if you focus on handling threats on the spot. The main difference between traditional and live forensic is on the time: the procedures of identifying, quantifying and eliminating threats are still similar in both techniques [1].
This techniques has a short life span and therefore its degree of success is determined by focusing on the source of threat. Instead of rushing into the process, one should look for usual suspect files in the system such as temporary directories. On windows, the best way of initiating live forensics is by peaking the active user app data directory, especially its roaming folder.
Password recovery
This refers to the recovery of password protected files. It can be through cracking the password or by passing it.
Passwords provide strong protection to sensitive information. It is in rare cases that the password is lost or the account administrator forgets the password [2]. In cases like this, password recovery is the best way to gain access to information.Brute forces can be used in cracking any password. It does this by attempting all possible passwords. In majority of the cases, this procedure is time consuming.
Smarter techniques have been deployed to reduce the number of possible passwords thus reducing on the time spent on password recovery. With the use of a wide range of array utilities, password recovery is made quite easy.
Deployment forensic tools
ElcomSoft Password Recovery Bundle (EPRB) –
This is a legal instrument that is utilized for secret key recuperation. It opens records, unscramble files and break into scrambled compartments with an across the board secret key recuperation package.
It just keeps running on a Windows Operating System.The apparatus is utilized in recovering passwords for an immense scope of office and business based applications including: Text processors, flag-bearers, office suites, database administration projects, spreadsheets and email customers [3].
The apparatus have however a little computerized process as the instrument requires monitory supervision. These robotized highlights include:
- Remote administration of secret key recuperation workstations.
- Time stamping of CPU Run time and resource usage.
The undertakings performed by the ElcomSoft Password Recovery Bundle include:
- Recovers report and framework passwords to different record positions.
- Monitoring CPU time and asset use.
- Performs password recuperation of client activities.
Autospy
This computerized crime scene investigation program is like a graphical interface device which is utilized to a great extent by military, law offices and corporates to look at PC's past exercises [4]. You can likewise utilize it in recuperating photographs from your camera's or telephone's memory card.
Unlike the EPRB apparatus, it keeps running on different working frameworks. These OS include: Windows, Linux and macOS. The file formats that are supported by Autospy forensic tool include:
- Disk Image-these are files or set of files that are made up of byte for byte hard or media drive copy.
- Local Disk: primary storage device
- Logical Files: files and folders that are locally available in the computer storage.
The vendors support reputation by providing a 24hr help line to facilitate aid if needed. The vendor also provides a user and developer guide documentation.
The tasks performed by this tool include:
- Gives a course of events examination which shows framework's occasions in a graphical interface.
- Concentrates information from SMS, call logs and contacts.
- It distinguishes documents and organizers in light of their name and way.
- Label records with discretionary label names, for example, 'bookmark' or 'suspicious', and include remarks [5].
- Distinguishes easy routes to accessing records.
Adding source of data
You can include an information source in a few different ways:
- After you make a case, it consequently prompts you to include an information source.
- There is a toolbar thing to include a Data Source when a case is open.
- The "Record", "Include Data Source" menu thing when a case is open.
The information source must stay open for the span of the investigation in light of the fact that the case contains a reference to the information source. It doesn't duplicate the information source into the case organizer.Notwithstanding the kind of information source, there are some basic strides all the while:
1) You will be provoked to determine the information source to include (points of interest are)
2) Autopsy will play out an essential examination of the information source and populate an implanted database with a passage for each document in the information source. No substance is investigated all the while, just the records are counted.
3) While searching information source, it will be provoke a rundown of ingest modules to empower
4) After you design the ingest modules, you may need to sit tight for Autopsy to complete its essential examination of the information source.
5) After the ingest modules have been designed and the fundamental examination of the information source is finished, the ingest modules will start to break down the document substance. Information can be spelt from the source [6].
Assignment section 2
Registered owner, account name in use and the last recorded shut down date and time: MARTIN KING, KINGMARTIN, shutdown Friday, June 16, 2017 12:59:23PM
Account name of the user who mostly used the computer and the user who last logged into it: KINGMARTIN, MARTIN KING.
The time zone is 3GMt standard time
The computer name was be DESKTOP-3AVIC6Z.
Accounts on the OS were Administrator, Guest, Paul Acct.
Applications that are installed in the operating system.
Roslyn Language Services - x86 14.0.23107
Application Insights Tools for Visual Studio 2015 3.3
Microsoft Visual Studio Team Foundation Server 2015 Office Integration (x64) 14.0.23102
Adobe Photoshop 1.0.0000
Microsoft Visual Studio 2015 XAML Visual Diagnostics 14.0.23107
Microsoft Build Tools Language Resources 14.0 (x86) 14.0.23107
Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False 8.0.56336
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False 11.0.60610
Microsoft Blend for Visual Studio 2015 - ENU 14.0.23107
Microsoft Visual Studio Professional 2015 - ENU 14.0.23107
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False 9.0.30729
Windows Espc Resource Package 14.0.23107
Microsoft Visual Studio 2015 XAML Application Timeline - ENU 14.0.23107
Microsoft .NET Framework 4 Multi-Targeting Pack 4.0.30319
Visual C++ IDE Common Package 14.0.23107
Internet Explorer 8.9.1.5100
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False 9.0.30411
Microsoft Visual Studio Team Foundation Server 2015 Storyboarding (x64) 14.0.23102
Microsoft System CLR Types for SQL Server 2014 12.0.2402.11
The browser that was used is CHROME BROWSER
The directory to the software was. E:Software
The application that was used for email is Yahoo mail
The applications that were installed in the computer and could be used for hacking are
- Cain&Abel
Bibliography
Schneier, B. and Kelsey, ecure audit logs to support computer forensics., CM Transactions on Information and System Security (TISSEC), 2(2), pp.159-176, 2010.
Kruse II, W.G. and Heiser,, Computer forensics: incident response essentials, Pearson Education, 2013.
Yasinsac, A., Erbacher, R.F., Marks, D.G., Pollitt, M.M. and Sommer, P.M, Computer forensics education, IEEE Security & Privacy, 99(4), pp.15-23., 2013.
Yusoff, Y., Ismail, R. and Hassan, Z., 2011, Common phases of computer forensics investigation models., International Journal of Computer Science & Information Technology, 3(3), pp.17-31., 2011.
Fahey, A.L., e fense Inc, omputer forensics, e-discovery and incident response methods and systems, U.S. Patent Application 12/318,083., 2009.
Bradford, P.G., Brown, M., Perdue, J. and Self, B., April. Towards proactive computer-system forensics. In Information Technology: Coding and Computing, Proceedings. ITCC 2004. International Conference on (Vol. 2, pp. 648-652). IEEE., 2012.
Luttgens, J.T., Pepe, M. and Mandia, K, Incident response & computer forensics. McGraw-Hill Education Group., 2014.
Buy MN613 Implementation of Computer Forensic Techniques Answers Online
Talk to our expert to get the help with MN613 Implementation of Computer Forensic Techniques Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
