Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Computer Crime and Digital Evidence

Module Code: UFCFP4-30-1 Student id-24059073

Date: March 2025 Module Details

·
Module Name: Computer Crime and Digital Evidence

·
Module Code: UFCFP4-30-1

Section 1: Overview of Assessment

Students are entrusted with performing comprehensive evaluations of forensic tools, applying them in practical scenarios, and meticulously documenting their observations. The key emphasis lies in ensuring evidence preservation, validating forensic tools, and maintaining strict adherence to established forensic standards to guarantee accurate and credible results.

Section 2: Task Specification

Functioning as forensic analysts within a Digital Forensics Unit (DFU), students will identify, evaluate, and validate forensic tools used for the retrieval and examination of digital evidence. They are required to produce a detailed forensic report that meticulously records their methodologies, findings, and interpretations in alignment with industry best practices.

Section 3: Deliverables

·
Testing and Validation Plan (TVP1): A structured and detailed plan documenting the approach, methodology, and verification procedures used to test the forensic tools.

·
Standard Operating Procedure (SOP): A precise, step-by-step manual providing detailed instructions for the appropriate usage of the selected forensic tools, ensuring repeatable and reliable outcomes.

Section 4: Marking Criteria

·
Completeness and Accuracy: Assessing the thoroughness and correctness of the testing procedures and documentation.

·
Knowledge Transfer: Evaluating the clarity and efficiency of the report in communicating findings and methodologies.

·
Adherence to Standards: Ensuring the report complies with forensic best practices and maintains high levels of procedural integrity.

·
Report Formatting: Analyzing the presentation and structure of the report, ensuring logical flow, coherence, and professional aesthetics.

Section 5: Feedback Mechanisms

·
Formative Feedback: Continuous feedback will be offered during lab and classroom sessions, providing opportunities for improvement before final submission.

·
Summative Feedback: Comprehensive written feedback will be provided post-submission, offering insights into strengths and areas needing improvement.

Section 6: Appendices

6.1 Starting and Managing Your Assessment

Initiate your work promptly and make the most of available lab facilities. Efficient time management is essential to meet deadlines. Don’t hesitate to seek guidance from tutors for clarifications or support.

6.2 Academic Integrity

Maintaining academic honesty is crucial. Acts of plagiarism, collusion, or data manipulation are strictly forbidden. Ensure all submissions are your original work and properly cited.

6.3 Restrictions on AI Use

Content generated using AI tools is not allowed. Your findings and reports should be based solely on hands-on forensic testing and genuine analysis.

6.4 Referencing Requirements

Adhere to the UWE Harvard referencing style when citing sources. Make sure all references are accurate and include appropriate credit for research materials, publications, and forensic tool documentation.

Forensic Toolkit Testing and Validation Report

Introduction

This document provides a comprehensive review and validation of forensic tools for the examination of digital evidence. The reasonable procedures, test results and verification processes are detailed in this document.

1.
Evidence Preservation


Tool Used: [FTK Imager v4.7.1]

This section captures the imaging and preservation of digital evidence, to provide verification of the integrity and authenticity of the original data.

The imaging process included creating a forensic image of the target drive using FTK Imager, specifically a raw (DD) image. Part of the process included calculating the MD5 and SHA-1 hash values of the source drive before and after imaging was complete, and those values were compared to confirm that the drive was not altered during the imaging process. The MD5 and SHA-1 hash values were successfully matched (e.g., MD5: Insert Calculated MD5 Hash Value, SHA-1: [Insert Calculated SHA-1 Hash Value]), which confirms that it is an accurate original bit-for-bit copy of the target drive. Once complete, the image was saved to a secure, write-protected location. 

2.System Profiling


Tool Used: [Registry Explorer v1.6.0]

Description: Analyzing registry hives and validating findings using Access Data Registry Viewer to ensure accurate and complete data related to system configuration.

Description: Registry Explorer was employed to acquire key system configuration data from the target systems registry hives (e.g., SYSTEM, SOFTWARE, NTUSER.DAT) focusing on specific keys of interest such as user account data, installed software and system configurations. The findings from Registry Explorer then underwent verification compared to Access Data Registry Viewer; for instance, user account data, obtained through Registry Explorer was verified against the same user account data through Access Data Registry Viewer to ensure accuracy. Any discrepancies between the obtained data was noted and investigated. The use of successful dual verification of registry entries identified as the Insert Registry Key Path and Insert Registry Value, to validate the summarized findings of both tools.

Description: Analyzing registry hives and verifying results with Access Data Registry Viewer.

3. File Recovery


Tool Used: [PhotoRec v7.2]

Description: Recovery of deleted files using file carving techniques, with a particular focus on identifying and reconstructing fragmented files.

Description: PhotoRec was used to recover deleted files from unallocated space, and the tool’s ability to identify files based on file headers and footers, irrespective-file system metadata, proved useful. Rehabilitation efforts primarily focused on specific file types (e.g., JPEG, DOCX, ZIP) both file identification and reconstruction occurred. These recovered files were then validated through the examination of file contents and through comparison with known good copies. For example, when investigating for recovered JPEG images, we opened all images and visually checked each image for image integrity, while hash value comparisons confirmed file similarity with known good JPEG images. Successful and independent validation of Number JPEG files and Number DOCX files, demonstrates the effectiveness of PhotoRec.

Description: Recovery of deleted files through file carving techniques.

4. Internet-Based Evidence


Tool Used: [ Autopsy Web Artifacts]

Description: Parsing the Web browser history, cookies and cache files and confirming the findings by inspecting the original SQLite databases.

Description: Autopsy Web Artifacts allowed for parsing the Web browser artifacts from the target system’s browser profiles (Chrome, Firefox etc.). The parsed artifacts (browsing history, download history, and cookie information) were verified by directly opening the pertinent SQLite database files via a SQLite browser for several of the artifacts. An example was shown that certain entries in the history.db file were matched by the parsed history in Autopsy to demonstrate the tool was accurately parsing the data. A successful matched entry would have included “Web History: Site Visited here/ at insertTimestamp here”, which would verify the parsing of the tool was accurately retrieving the web history data parsed.

Description: We parsed web browser history and verified using SQLite.

5. Windows Artifacts


Tool Used: [LNK Explorer]

Description: Analysis of LNK files, prefetch, thumbnail databases, etc.

6. Hash Analysis and Filtering


Tool Used: [Autopsy Hash Lookup]

Description: The process of calculating and filtering hash values against known hash sets (e.g., NIST NSRL), in order to identify known files and remove non-user related data.

Description: Autopsy Hash Lookup was utilized to calculate hash values (MD5, SHA-1) of files from the suspect hard drive. The hash values calculated were then compared against the NIST National Software Reference Library (NSRL) hash set. The files with known hash values were accurately and successfully identified and filtered out from the dataset, allowing an enormous reduction of data that needed to be analyzed manually. For instance, by filtering out known operating system files from the dataset using the NSRL hash set, the amount of time it took to analyze the remaining data was drastically reduced. The filtration of *Number* known files verified the functionality of the hash lookup feature of the tool.

Description: Hash values were calculated and filtered.

7. File Extension Analysis


Tool Used:[TrID File Identifier]

Description: TrID analyzes the contents of files to determine the file type regardless of the file extension, allowing the accurate determination of files that have been mislabelled or disguised.

TrID is a tool utilized to analyze various files with suspicious file extensions or missing file extensions. The ability of the tool to determine the file type by examining the binary signatures of the file was of utmost importance. For example, a file assigned a text file extension, .txt, was examined using TrID and was verified to be a JPEG image file. This capability of being able to have the file type examined and determined to not be a text file avoids potentially misinterpreting the content of the file. Accurately identifying the File Name to be a JPEG file instead of a .txt file extension speaks to the abilities of TrID.

Conclusion

This report details the processes that have been used in testing, validating, and documenting using forensic tools for analysis of digital evidence. Each forensic tool has been thoroughly assessed to ensure quality through thorough and detailed testing, from repeated reliability to the ability to be replicated. Validation is essential to maintain the admissibility of the evidence in a courtroom, and performing validation is a formal process that incorporates more than one forensic method, process, and/or procedure that can repeatably use established industry standards. for each process for the proper standard operating procedures outlined in each description, forensic investigators can get accurate photographic results with a varied range of document examiners and or images achieving consistently a reliable process of each investigation. Continuous learning and adherence to forensic standards after documentation of reports is also necessary to maintain the credibility of forensic analysis.

image6.jpeg

image7.jpeg

image8.png

image9.png

image10.jpeg

image11.jpeg

image12.jpeg

image13.jpeg

image14.jpeg

image15.jpeg

image1.png

image2.jpeg

image3.png

image4.jpeg

image5.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

computering part 7

The goal of this project is to integrate your various components into polished, professional products. Follow the instructions below to ensure a successful submission: Apply Feedback: Review and incorporate all feedback received from previous submissions (Parts 2-6). Enhance and Improve: Refine any of the three required items (cover letter with

Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. Based on the readings this week, 1. Discuss some common strategies and pitfalls you have seen with business continuity. 2. Discuss some common strategies and

sociology

The goal of this project is to integrate your various components into polished, professional products. Follow the instructions below to ensure a successful submission: Apply Feedback: Review and incorporate all feedback received from previous submissions (Parts 2-6). Enhance and Improve: Refine any of the three required items (cover letter with

Python

  Instructions Create a simple Python application (Save as w5_firstname_lastname.py) . Create a Python script that takes two parameters to do the following:- 1) List all files names, size, date created in the given folder 2) Parameter1 = Root Folder name Parameter2= File size >>> to filter file size (

Python

  Instructions:  Describe methods for securing Python code. Pick at least ONE of the methods for securing node and deep dive into what it means and how it is used to secure code.   

Discussion 8 of 459

Follow the attach instruction to complete the work. 1. What is one specific technology you found the most intriguing throughout the course? 2. If you were to be a hacker, which building block vector would you choose to attack your selected technology and why?

WK 4 Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. Discussion on access control and physical security. These areas found to be one or more points of weakness in audit 1. Discuss some common points of

Node.js

  Instructions Create a simple Node.js server (Save as w4_firstname_lastname.js) . Create a restful application similar to the one in lesson 4 (ReSTFul Web Services). Document the routing table, and the application you created. Submit your week 4 work in w4_firstname_lastname.txt (Please save the file as a text file and

Computer Science- Python Gurobi assignment

I need the output following these steps: Put all of these files into the same folder, Open the python file, If there is any error, check if any file is missing, It has 105 counties and 4 districts, so it will take a while to finish running. I need it

Research Project

Please follow the instructions attached below:  I have choose the topic from the list is:   PROJECT TITLE Firm RTOS – Balancing Real-Time Performance and Flexibility Please check the abstract from my file and write the research project. 

provide me java based interview question.

Core Java Interview Questions (Basic Level) 1. What is Java? Java is a high-level, object-oriented, platform-independent programming language developed by Sun Microsystems. 2. What are the features of Java?  Object-Oriented  Platform Independent (via JVM)  Secure and Robust  Multithreaded  Architecture Neutral  High Performance (via JIT

Dynamons world Mod APK

 What are the best tips for playing RPG games like Dynamons World? I recently found a great resource at that offers a lot of insights and even MOD APKs for Dynamons World, but I’d love to hear personal strategies and gameplay advice from the community too! ???????? 

459 w7

Follow the attach instructions to complete this work. Questions: 1. What is Generative AI and how is it similar/different to Traditional AI? 2. Do you believe that work created by Generative AI (e.g. ChatGPT) is comparable in quality to human created content?  What challenges and opportunities  does Generative AI pose

Computer Science WK3 Assignment

Please see attachment for instructions ISSC680 Week 3 Homework Assignment Instructions: Please provide a one-page response to the following topic utilizing supporting documentation obtained from the attach books and the Internet. APA format and reference. Topic: Differentiate between the different types of cryptographic algorithms.

Discussion and Replies

Please see attachment for instructions     Discussion   In 250 words total, answer the questions below with 4 evidence base scholarly articles. APA format. Based on this weeks readings, 1. Discuss some effective strategies for Security Awareness in your organization or 2. What you would like to see implemented