MN624 Digital Forensics and Social Media Forensic

In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can think of.

Case Scenario

Hereby, I have selected a real case study on the following common scenario, that truly depends on the real situation of an individual; and all specific information has not been disclosed for the privacy reasons: the Facebook account of an individual has been hacked by one person, and also several crimes were committed by the hackers by using that Facebook account, for example, an unseemly message was composed utilizing inaccurate substances, such as, misrepresentation or scam, and downloading and transferring precluded pictures from that account (Casey, 2012). The genuine proprietor of the Facebook profile had reported to the police about this issue, and prosecutors after the orders of the Judge has started an examination. After that, a man whose personality was stolen has conveyed to Facebook overseers a proof about the responsibility for profile, but the criminal demonstration was still carrying out. (Anobah, Saleem, & Popov, 2014).

Facts of Findings

It is impractical to execute the "Live Forensic" system, however, just "Post Mortem" gadget investigation. The law authorization authorities in the USA have utilized the "Online Law Enforcement Request Framework" at www.facebook.com/records for the accommodation and preparation of solicitations. On the framework, it was noticed that an officially sanctioned email delivery is needed to access the Online Law Enforcement Request System (Cohen, 2011). Asking for data can likewise be put together through the email and fax. Facebook unveils the account records exclusively as per Facebook terms of administration and the relevant law, including the government Stored Communications, under segment 2701-2712.

The initial phase of a analogue investigation procedure 

I have considered various computerized measurable models and systems. In the vast majority of models, I have selected the primary period of advanced legal examination preparation, including the acknowledgment recognizable proof and protection of computerized confirmation. This phase is not a that much straightforward as the trouble known with safeguarding the trustworthiness and chain of authority of the computerized proof. In this phase, the key constituent are the specialists on call, immeasurable agents, casualties, suspects as well as observers. Along with this at this period, the act of an exception of advanced gadgets, potential bearers of computerized confirmations was conceived to get to the Facebook by a web association (Cohen, 2013). The examiner ought to be extremely watchful on the grounds that under computerized gadgets, there is a mixture of gadgets, such as, advanced cells, savvy TVs gadgets, play stations and so forth, and absolved legitimate gadgets. The second period of advanced examination preparation requires collection, examination, as well as investigation of computerized confirmation (Daniel, & Daniel, 2012). This is a very complex stage as a result of the need of knowing the computerized proof and devices for examining the advanced verification. In this situation, I expect that the advanced confirmation should be placed on speculates PC on the HDD in which the information is present.

Software use: The Software utilized for the examination should be rediscovered. The examination must be performed by a capable and prepared faculty. Full bit2bit artifact of HDD must be dead due to the decision that no scrutiny is performed on unparalleled gadgets as proof conveyer. After the execution of the IEF, the main outcomes were demonstrated destructive and found that upheld the specialist’s supposition. There were found, no proofs in interfacing any web activity and the Facebook correspondence (Flory, 2016). The real suspect was truly utilizing another someone username or secret key and the social media record to assit criminal movements through the utilization of virtual machine by using only the IEP. As it is now obvious that there are a great deal of Facebook things and the movement on the Internet. By protecting the things and examining the timestamps of the documents, the underlying theory was demonstrated.

Case 2: Hard Disk Drive Forensic

For this situation, the proprietor of the HVAC business was connected with our crime scene investigation lab for hard drive scientific examination. The proprietor, a notable master in the ecological adjusting industry found that an ex-representative has given the produced affirmation reports in his name. At some point in time, the worker has obviously made a stamp of their ex-manager's signature and NEBB accreditation seal and utilized it to act like them. The forged signature and seal discovered its way to an unknown number of HVAC accreditation report without our customer's learning or assent (Kessler, 2010). The supervisor found that their worker even has a physical elastic stamp made with a specific end goal to imitate them. Our client wanted to know the degree of the harm, expecting that their notoriety was at stake. He has also submitted hard drives from the two portable workstations, which the misleading representative had been utilized as a major aspect of their work. The supervisor speculated that the worker had erased documents from these gadgets before returning them. He needed to recuperate, however, many of the fake reports would be prudent so he could conceivably seek after the lawful activity against their ex-representative (Nikkel, 2016).

Facts of findings

Both of the portable PCs I got from the hard circle drive forensics investigation contained two hard drives each. One hard drive contained the working framework for the PC and the greater part of the client's project, while the other gave the extra storage room. I would need to filter through every one of the hard drives altogether to uncover whatever confirmation existed of the ex-worker's duplicity. I would not like to intrude with the first hard drives, however. In computerized crime scene investigation, it is a standard practice to chip away a duplicate of the client's information, instead of the client's unique information (Schwerha, 2011). Instead of that route, there's no way of rolling out any improvements to the first information, and pollution or harm to the first gadget is forestalled. In this case, we docked each of the four hard drives in a Wiebetech Forensic Ultradock composed of insurance gadget. This gadget hinders any "state" charges sent to the drives, guaranteeing on a major level that it is difficult to change the information on them. To picture the drives, I have utilized the FTK Imager. Then, I effectively checked the HDD pictures and confirmed that I, in reality, had made the correct, piece for-bit duplicates of the first HDD (Steel, 2014).

Dredging Up Removed Files

With my exact legal pictures close by, I could proceed with the hard drive measurable examination and pore over the dynamic and deleted files on the hard drives. When utilizing PC, it might be the judgmental skills that are needed to imagine that once a user dragged a record in the Recycle Bin, as well as purged the container, that document is gone for eternity. In the event that a hard drive stays being used after we erased a document from it, that record will eventually disappear as new information tramples over it (Sutherland, Davies, Pringle, & Blyth, 2013).

Software: OS Forensics has enabled me to recognize the suspicious records and action with hash coordinating, messages, drive signature correlations, memory as well as paired data. It gives a chance to extricate the legal confirmation from PCs rapidly with the cutting edge document looking and ordering, and empowers this information to be overseen effectively. OS Forensics also enables the client to see and dissect the crude areas of every physical plate and parcels joined with the framework (Taylor, Endicott-Popovsky, & Frincke, 2014). This module gives me the capacity to play out a more profound assessment of a drive, looking past the information put away in the document framework's records and indexes. For playing at this level of investigation, it might be required if data of premium are suspected to be covered up inside the crude areas of the drive, which are not ordinarily opened by means of typical working framework systems.

Case 3: Mobile Device Forensic

Confirming the accumulation from the Smartphone is extremely essential. Removing information, protecting them, building theory and introducing advanced confirmations all can guide in explaining the legitimate cases. This paper, a genuine and legitimate situation from Oman is taken. An association got a protest from a client (Ali) clarifying that his cellphone had been fully hacked. Contact list is accepting instant messages through a well-known visiting application, WhatsApp. In any case, Ali guarantees that Ali has not been delivering messages from mobile. In case to tolerate the case, the agents began taking a gander at the logs and records of this episode, and started following Ali's ISP. The report display that the different messages were really received by Ali's mobile contact list. Notwithstanding, there was not even a single record for his versatile, having delivering any messages (Wafula, & M., 2016). The cell phone utilized as a part of this situation was an iPhone running on an iOS 5.0.1 framework. In view of the ISP's report, he is honest in this situation. Notwithstanding, there is a complete demand to know how Ali's mobile bargained as well as utilized to deliver messages to users contacts. Ali's telephone was not accessible for testing because of the legitimate requirements (Kessler, 2010).

The apparatuses additionally scored high in Hoog's investigation of cell phone legal sciences.

Cell phone Testing: The Smartphone tried using Oxygen Forensic Suite along with the UFED physical analyzer. The starting discoveries have demonstrated that the cell phone is an iPhone4 running on the operating system, 5.0.1.

Oxygen Forensic Cortege: The scrutiny with the Oxygen measurable composition located the most honored data, for instance, IMEI, ICCID as well as IMSI in such portable that were utilized like a part of giving wrongdoings state of affairs. The ISP affirmed before that Ali did not send messages. Then again, Ali's contacts have got different messages from the Ali's telephone. To reproduce the situation, parallel gadget was tested utilizing OF as well as UFED carnal analyzer. WhatsApp messages likewise be delivered over Wi-Fi organize. From the previously mentioned existence, we can determine two conceivable trade off situations (Larson, 2014).

Software: ProDiscover Forensic is a PC security instrument that empowers PC to find the greater part of the information on a PC circle and in the meantime ensures to prove and make a quality evidentiary report for use in the legitimate procedures. By utilizing the industry-best practices and a slightest damaging procedure approach, ProDiscover Forensic permits the examination of records without adjusting profitable metadata, for example, last-time got to. ProDiscover Forensic can recuperate erased records, analyze slack space, get to the Windows Data Course, as well as powerfully permit a review and pursuit catch of the HPA of the plate using its own spearheaded innovation. It is unrealistic to conceal information from the ProDiscover Forensic in light of the fact that it peruses the circle at the area level (Anobah, Saleem, & Popov, 2014).

Conclusion

This study concludes that the main objective of each advanced criminological examination was computerized and the proofs gathered, broken down and exhibited in the court legally. Advanced proof dislike "standard" confirmation in a criminal or common examination prepare is a progression of 1as well as 0 bits and nothing else and on account of this, it is exceptionally muddled to comprehend both for the court and the jury, what computerized proof is, and how scientific specialists find, break down, store, oversee, and exhibit the advanced proof in the court.

References

Anobah, M., Saleem, S., & Popov, O. (2014). Testing Framework for Mobile Device Forensics Tools. Journal Of Digital Forensics, Security And Law.

Casey, E. (2012). Cloud computing and digital forensics. Digital Investigation, 9(2), 69-70.

Cohen, F. (2011). Column: Putting the Science in Digital Forensics. Journal Of Digital Forensics, Security And Law.

Cohen, F. (2013). Science Column: Reconstruction: The Experimental Side of Digital Forensics. Journal Of Digital Forensics, Security And Law.

Daniel, L., & Daniel, L. (2012). Digital forensics for legal professionals (1st ed.). Waltham, MA: Syngress.

Flory, T. (2016). Digital Forensics in Law Enforcement: A Needs Based Analysis of Indiana Agencies. Journal Of Digital Forensics, Security And Law.

Kessler, G. (2010). Book Review: Computer Forensics: Principles and Practices. Journal Of Digital Forensics, Security And Law.

Larson, S. (2014). The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Journal Of Digital Forensics, Security And Law.

Nikkel, B. (2016). NVM express drives and digital forensics. Digital Investigation, 16, 38-45.

Schwerha, J. (2011). The Forensics Aspects of Event Data Recorders. Journal Of Digital Forensics, Security And Law.

Steel, C. (2014). Idiographic Digital Profiling: Behavioral Analysis Based On Digital Forensics. Journal Of Digital Forensics, Security And Law.

Sutherland, I., Davies, G., Pringle, N., & Blyth, A. (2013). The Impact of Hard Disk Firmware Steganography on Computer Forensics. Journal Of Digital Forensics, Security And Law.

Taylor, C., Endicott-Popovsky, B., & Frincke, D. (2014). Specifying digital forensics: A forensics policy approach. Digital Investigation, 4, 101-104.

Wafula, G., & M., A. (2016). Social Media Forensics for Hate Speech Opinion Mining. International Journal Of Computer Applications, 155(1), 39-47.