The deliverables for this project are as follows:
- Digital Forensics Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
- I will provide the Lab document, I will attach it here and a word document outlining the assignment.
Project 5 Resources
The deliverables for this project are as follows:
1. Digital Forensics Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
This project will provide an introduction to digital forensic analysis.
Digital forensic analysis is used to review and investigate data collected through digital communications and computer networks. The National Institute for Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting. You will learn more about these concepts as you navigate throughout the steps of this project and read the literature and links found in each step.
There are four steps that will lead you through this project. Begin with Step 1: “Methodology.” The deliverables for this project are as follows:
1. Digital Forensic Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
Step 1: Methodology
The methodology for digital forensics follows a systems process. Identify the requirements, purpose, and objectives of the investigation. Click the links below to review information that will aid in conducting and documenting an investigation:
Secure Programming Fundamentals
It is important that programmers follow secure coding methods and adopt safe practices in the development stage, rather than trying to implement them at a later stage.
One of the fundamental secure programming practices is input validation, which is performed to prevent attacks from external sources. The National Institute of Standards and Technology (NIST) also emphasizes its importance for safe programming in its “Guide to Secure Web Services”:
Write all web service code in languages that automatically perform input validation, such as Java and C#, or if writing in C or C++, ensure that all expected input lengths and formats are explicitly specified, and that all inputs received are validated to ensure that they do not exceed those lengths or violate those formats. Error and exception handling should be expressly programmed to reject or truncate any inputs that violate the allowable input lengths/formats (Singhal et al., 2007).
Another fundamental practice to ensure security is access control, which is implemented to prevent unauthorized access, resulting in intentional or unintentional changes to the code. In addition it is important to include security tools and architectures that can detect code errors and prevent attacks. Finally, it is useful to develop mitigation strategies by modeling possible threats and testing the code.
References
Singhal, A., Winograd, T., & Scarfone, K. (2007). Computer security: Guide to secure web services: Recommendations of the National Institute of Standards and Technology (Special Publication 800-95). http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
Forensics Fundamentals
Digital forensic analysis is performed to review and investigate data collected through digital communications and computer networks. In Guide to Integrating Forensic Techniques into Incident Response, the National Institute of Standards and Technology (NIST) has defined four fundamental phases for forensic analysis: collection, examination, analysis, and reporting.
During collection, data related to a specific event is identified, labeled, recorded, and collected, and its integrity is preserved. In the second phase, examination, forensic tools and techniques appropriate to the types of data that were collected are executed to identify and extract the relevant information from the collected data while protecting its integrity.
Examination may use a combination of automated tools and manual processes.
The next phase, analysis, involves analyzing the results of the examination to derive useful information that addresses the questions that were the impetus for performing the collection and examination.
The final phase involves reporting the results of the analysis, which may include describing the actions performed, determining what other actions need to be performed, and recommending improvements to policies, guidelines, procedures, tools, and other aspects of the forensic process. (Kent et al., 2006).
Forensic analysis is used by organizations and businesses for several purposes, such as applying internal actions, managing legal matters, maintaining network security, and detecting and preventing cyberthreats.
References
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer security: Guide to integrating forensic techniques into incident response: Recommendations of the National Institute of Standards and Technology: Special Publication 800-86. http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
Learn about the investigation methodology. Consider secure programming fundamentals. Define the digital forensics analysis methodology and the phases of the digital forensics fundamentals and methodology, including the following:
1. preparation
2. extraction
3. identification
4. analysis
This information will help you understand the process you will use during an investigation.
Step 2: Tools and Techniques
Forensics Analysis Tools
Forensic analysis is performed with tool kits designed for various platforms, including Windows, Linux, and Mac. The tool kits have several functions created to perform specific tasks, such as disk imaging, file recovery, e-mail parsing, hash and image analysis, memory capture, password recovery, P2P analysis, string search, etc., with technical parameters.
An extensive catalog of forensic tools, compiled by the National Institute of Standards and Technology (NIST), is being updated by “adding new functions based on the work of the Computer Forensics Tool Testing (CFTT) project” (NIST, 2014).
References
National Institute of Standards and Technology. (2014). Computer forensics tool catalog. http://toolcatalog.nist.gov/index.php
Web Log and Session Analysis
Log and session analysis is used to collect information about accessibility of web servers and use of websites. According to Quirk (2010):
Log-file analysis software reads the records, called log files, on the webserver, which record all clicks that take place on the server. Web servers have always stored all the clicks that take place in a log file, so the software interprets data that have always been available. A new line is written in a log file with each new request. For example, clicking on a link, making an Ajax call, or submitting a form will each result in a new line being written.
While logs record clicks on the server, sessions emphasize user time spent on the websites. Quirk (2010) defines session as “interaction by an individual with a website consisting of one or more page views within a specified period of time.” Both logs and sessions are useful for deriving analytics about user behaviors and patterns.
References
Quirk eMarketing. (2010). Online marketing essentials. http://2012books.lardbucket.org/books/online-marketing-essentials/s18-web-analytics-and-conversion-o.html
Hash Analysis
Hashing is a method used to change data characters into keys so that they are indexed and can be accessed quickly. The method is also used for data encryption and decryption by authenticating digital signatures.
The Forensic Tool Taxonomy from the National Institute of Standards and Technology (NIST) provides details of hash analysis and algorithms for different systems including Windows, Mac, and Linux (NIST, 2014). The algorithms are used for several applications, including computing, creating and managing hash sets, searching and filtering files, and eliminating duplicate files.
References
National Institute of Standards and Technology. (2014). Forensic tool taxonomy. In Computer forensics tool catalog. http://toolcatalog.nist.gov/taxonomy/index.php?ff_id=16
Step 3: Explore Forensic Tools
I will provide the lab document.
This hands-on lab will introduce you to FTK Imager, a forensics tool. You will use your lab findings in the last step when you compile your research paper.
Step 4: Digital Forensics Research Paper
Now that you have learned the basics of digital forensics analysis and methodology, and have experienced one of the common forensic tools, use the material presented in this project as well as research you have conducted outside of the course materials to write a research paper that addresses the following:
1. digital forensics methodology
2. the importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
3. hashing in the context of digital forensics
4. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in court?
The deliverables for this project are as follows:
2. Digital Forensics Research Paper: This should be a five-page double-spaced Word document with citations in APA format. The page count does not include diagrams or tables.
,
THE REQUIRED LAB QUESTIONS
|
Act as a forensic analyst charged to assist lead forensic investigators of XPD, you have been able to assist the lead investigators to examine and analyze computer and digital evidence for the purpose of identification, collection, preservation of evidence, and possibly prosecution of crime suspects. Based on the knowledge and experience gained from the lab about the use of BitLocker encryption, answer the following questions. |
|
|
PART 2—TASK 2, TASK 3: Creating a Physical Disk Image, Image Loading, Verification, and Forensic Analysis |
|
|
1. What forensic and disk information can you determine from the summary or the content of the text file? In the summary section of the disc content, valid information such as the case number, evidence number, and the investigator among other drive information are found. These are important because they show where the information was obtained, and other information is required to validate the evidence without having to read through the entire report. See the figure below for this case: 2. How does this forensic information tell you about the case information you provided in the Evidence Item Information earlier? The summarized information shows that this case was being investigated by the XYZ police department and the examiner is XY. The information can also help me keep track of the chain of custody. I am also able to verify that the information was collected over a physical drive as instructed for this case. 3. Acting as a forensic analyst to assist lead forensic investigators at XPD (i.e. XYZ police department), how will the knowledge gained hep you examine digital evidence for the purpose of identification, collection, preservation of evidence, and possibly prosecution of crime suspects? Be reminded that it is the policy of XPD to use all proven legal means and methodologies to minimize incidence of computer crimes. During this exercise, I conducted a series of activities which are shown in annex section at the end of this document. One of the valid information acquired involves procedures of imaging which begins from firing up the tool, creating partitions, and mining data. The information is equipped with the desired knowledge of how to carry out complete data and evidence acquisition while ensuring that data integrity is always maintained. I will be able to assist the XYZPD with all the forensic analysis processes. 4. What happens to a fragment of an image file larger than the fragment size of 1500 MB (e.g. 1 TB)? Also, in our case, how many chunks of image files can you get should the fragment size be changed to 200 MB during the imaging process? A fragment size larger than 1500MB, which is the standard unit for most fragments, must be further defragmented into bits smaller than 1500 until the last partition is realized. In this case, the disk image was smaller than 1500MB. See figure below: 5. Review the unpartitioned space and comment on what you find. Did you find anything suspicious yet? I reviewed the un-partitioned space during this lab and recovered information that may have been deleted. In this case, I recovered an image file show in the figure below, however, the image did not appear to have embedded messages or information: 6. As you can see from above, there is only one partition and one unpartitioned space. In your opinion, what implication(s) can this have on the forensic investigation processes? Having only one partition means that the file paths are not affected as it would be with multiple partitions. This means that forensic analysis is not made more complex and the analysts can easily recover deleted information from unallocated or hidden disc space. 7. Does the unpartitioned space have any practical forensic significance? Why or why not? Yes, they do. In most forensic investigations, unpartitioned space often has data or files that may have been hidden by the user. PART 3—TASK 1: Loading the Given PCAP file into Wireshark for Analysis From the packet detail pane, examine the packet capture between the source IP address (192.168.15.4) and the destination IP address (140.247.62.34). What do you see about the hardware/MAC address of the two endpoints and what does it tell you about the two vendors of the devices involved? In this section, after loading the PCAP file, I looked through the packet information in the middle row of the window. I noticed that the hardware or MAC address of the source was 00:17:f2:e2:c0:ce and it is popularly associated with Apple company. The destination IP had a hardware or MAC address of 00:1d:d9:2e:4f:60 which belongs to a vendor known by the abbreviation HonAir . See the figure below: 1. Why do you think the host points to http://www.sendanonymousemail.net website? Access the site and determine if this represents a harassing message. In my opinion, the host is pointing to this website because it resides on a server that is not secure. For instance, while on the website, there is a warning at the top left corner that notifies the users that the site is not secure: 2. Considering the source IP of 192.168.15.4, and the destination IP of 69.80.225.91 in IPv4 packet, what is the MAC address and hardware vendor? Determine if this information can help you identify the attacker and how? In the packet analysis, I discovered a MAC address of 00:04:5A:4F:5B:59 while the information revealed that the vendor is 3Com. The information is relevant because it reveals the vendor and MAC of the switch that the attacker is using. 3. From your search with mailchat apply filter string in the search box of the Follow HTTP Stream window, how many email addresses did you find? Filtering with the mail chat only revealed two email addresses which are [email protected] and [email protected]. 4. Is there any indication of a harassing message? Determine if this information can help you identify the attacker and how? From the email messages, there was no evidence of harassing messages. Although helpful, this information could not help me identify an attacker. 5. In your opinion, what information of the HTTP/TCP stream can tie to a particular web browser or email address? The identification of the HTTP/TCP streams help shed light on which browser, email address or IP address was used. For instance, in the image bellow, the IP address 145.254.160.237 is tied to Mozilla. 6. Identify the other HTTP traffic or TCP connections that can possibly ID the attacker. To further understand how to run an analysis, I investigated how to filter for flag as these are some of the ways to identify attackers or threats. See the figure below: |
|
|
NOTE : Proceed to the next page and use the space provided to compile a summary of your lab experience report. Use additional space as necessary to complete the report. |
SUMMARY OF THE LAB EXPERIENCE REPORT
Use the space below to summarize your lab experience report based on your findings from the lab, making sure to complete all required actions in each step of the lab and respond to all questions. Be sure to incorporate key part of your findings in your final project report for submission to your professor. You may use additional space as necessary to complete the lab.
In summary, I conducted the lab on a windows virtual machine and used the FTK software to create an image. I also investigated how to verify the image and evidence using MD5 and SHA1 hash values which are vital components of data forensic. I was able to analyze the unpartitioned space from which I recovered an image that was deleted. In the second part of the lab, I loaded a PCAP file for analysis and I was able to figure out how to analyze the packets based on the different components such as MAC addresses, IP addresses, and the protocols.
image.png
image6.png
image5.png
image2.png
image8.png
image4.png
image3.png
image7.png
Sortmyessay.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\’ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Sortmyessay.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
SortMyEssay.com is an online academic writing platform that provides customers with high-quality papers, regardless of their academic level or the country they come from. Founded in 2012, SortMyEssay.com has quickly become one of the leading providers of quality academic writing services across the globe. It is well known for its exceptional customer service and its dedication to providing only top-notch content to its customers.
At SortMyEssay.com, we understand that not all students are on the same academic level – some may be just starting out, while others may have already completed a number of degrees in various disciplines – so our team strives to provide essays that meet each student’s individual needs. Our writers have been specially trained to write according to different levels of students and also customize each essay according to the client’s specific requirements and instructions given by their professor/teacher/lecturer etc., thus ensuring accuracy and quality at all times.
When it comes to undergraduate (UG) essays, our writers focus on topics such as Accounting, Biology, Computer Science, Economics, English Literature and Language Arts among many others; Masters’ (MA) essays usually require profound knowledge about a particular subject matter or topic with respect to which our experts are well versed; Doctoral (PhD) essays call for original research work based on primary sources; Postgraduate (PG certificate/diploma) essays are more focused on extensive secondary source review focusing on areas such as Business Administration or Human Resource Management; And finally Professional Certification courses requires up-to-date knowledge about current developments & trends within a particular field like Project Management or Quality Assurance etc.. Such broad range allows us to accommodate almost any request made by our esteemed customers who can rest assured knowing their essay will be written perfectly tailored towards their current educational goals & aspirations!
Our commitment towards excellence doesn’t stop at just meeting your individual needs but extends even further when it comes countries served – SortMyEssay covers nearly every country around the world including USA , UK , Canada , Australia , Germany , France among other countries making sure there’s nothing stopping you from achieving success! Our staff consists of professional writers committed towards delivering top notch content while keeping prices affordable enough so everyone can benefit from them no matter what part of world they live in !
Furthermore we ensure strict adherence towards deadlines set forth by clients so you don’t miss any important milestones along your way . We believe time is valuable & should not be wasted trying to figure out how produce high quality paper without breaking bank – which is exactly why we turn impossible into possible & always deliver ahead schedule !
All in all we strive hard everyday make sure none our clients ever disappointed with services provided here at sortmyessay . With expert assistance available round clock guarantees fast turnaround time helping them secure good grades . As one biggest players industry today you can rely us full confidence knowing your assignment safe hands . So go ahead contact now get started journey success !
At SortMyEssay.com, we understand that quality is the key to successful academic writing and this is why all of our papers are written by experienced professionals who have extensive knowledge in their respective fields. We also ensure that each paper goes through multiple levels of review before being delivered to the customer, which includes a rigorous plagiarism check as well as editing for grammar mistakes & typos. This guarantees that only the best-written papers make it into your hands!
Although essays are our specialty, we do not limit ourselves to just this service – our writers can assist with any type of academic writing you may require such as term papers, research papers, coursework assignments & even dissertations so don’t hesitate contact us if you need help completing more complex tasks!
We take pride in delivering quality services to all clients at an affordable price and believe that everyone deserves access to high-quality content regardless of their location or budget. Our commitment towards excellence has earned us accolades from customers around world making us one best online academic writing platforms available today !
So what are you waiting for ? Get started now and experience the power behind sortmyessay ! You won’t regret it
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
