One of the most common commercial digital forensic tools is EnCase, an integrated tool used in many types of digital forensic investigations, with a focus on computers and servers.
One of the most common commercial digital forensic tools is EnCase, an integrated tool used in many types of digital forensic investigations, with a focus on computers and servers.
Additional Access Data tools that are commonly used include Password Recovery Toolkit (PRTK) and Registry Viewer.
There are three steps in this project. In those steps, you will use EnCase and other tools to image two computers and a thumb drive or USB stick. Each step in the project requires you to respond to detectives’ questions based on computer images.
The final assignment is a paper that helps detectives better understand the use of EnCase to access and image computers and thumb drives. In Step 1, you introduce detectives to the basics of forensic digital investigation by creating an image using EnCase.
Step 1: Create an Image in FTK Imager
One of the first steps in conducting digital forensic investigations involves creating a forensic image of the digital evidence disk or drive. Digital forensics evidence can be found in operating systems, disk drives, network traffic, emails, and in software applications. To help the detectives in your department to better understand the digital forensics investigation process, you have offered to show them how you create an image using FTK Imager. Media investigations of digital storage devices can include audio files, pictures, videos, words, portions of files, graphic files, and information about a file. Graphics files can be a rich source of forensic evidence.
Because you are pressed for time, you go to the virtual lab and decide to create an image of the “My Pictures” directory on your computer. This process is similar to making a full computer image, but it takes only a few minutes rather than several hours. You are preparing a report describing the steps that you follow so the detectives can refer to it later. You will include a screenshot and text file (DFC620_Lab1_Name.ad1) that document your imaging process with information such as hash values.
Step 2: Process an Image From the Suspect Mantooth’s Computer
In the previous step, you imaged a directory for a forensic report using FTK Imager. Now the detectives have requested additional analysis, so you decide to go to the virtual lab and use EnCase to access user account information for the image from a computer owned by a suspect named Mantooth. Detectives don’t yet have the suspect’s first name and are seeking more information.
Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering.
Step 3: Process an Image From the Suspect Washer’s Computer
The Mantooth image has provided a lot of new information, but the detectives want more. EnCase is the tool that can uncover it. An image has been taken of the hard drive in a computer belonging to a suspect named Washer.
Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering.
Step 4: Submit Final Paper
The time has come to combine work products from the earlier steps into a final paper summarizing the use of EnCase. You submit it to the detectives (your instructor) and cross your fingers that it contains everything they need to know about the tools available for accessing and imaging forensic data.
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
1.4: Tailor communications to the audience.
1.6: Follow conventions of Standard Written English.
1.7: Create neat and professional looking documents appropriate for the project or presentation.
2.2: Locate and access sufficient information to investigate the issue or problem.
5.3: Demonstrate the appropriate use of multiple digital forensic tools and techniques for imaging.
6.1: Perform report creation, affidavit creation, and preparation to testify.
6.3: Use forensic tools for investigation of multimedia technologies.
6.4: Demonstrate the ability to gather file system evidence.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.