OSforensics Tool and Recovered Forensic Artifacts - Speech or Presentation Example

Running Head: OSForensic OSForensic Name of Student Course Title Name of Professor April 30, 2016 Table of Contents Introduction 2 A critical review and discussion of the OSF tool 2 Summary of your results 6 Introduction OSforensic is meant to help in retrieving information from certain disk that most of information is destroyed or deleted. In this case a small disk has been provided for analysis using the program. OSforensic is about verifying the storage media in a forensically sound manner with a view to identifying, preserving, analyzing and presenting facts and opinions on the evidence that was obtained. The forensic techniques have been developed to aid the detection of computer crime, a branch of crime that is becoming an ever increasing threat in the present world. Computational forensics uses various data mining, data restructuring, and data reconstruction techniques in order determine the actual occurrence of a crime. The use computational forensics however is not limited to verifying the occurrence of the crime. Computational forensics however goes a step beyond detection and is used to identify the perpetrator of the crime. It is also used to determine the extent of damage caused by the crime. OSforensic are used on a regular basis by investigators to determine the accuracy and validity of the accounting records. They are also used by law enforcement agencies in order to determine the occurrence of a financial crime A critical review and discussion of the OSF tool The OSF tool has features that help in file search using file names, time or size. It also in also helps in a discovering contents of the file that exists or deleted, it also has hash to recover passwords. The retrieval of password can be done whether in the computer or from the web. The created suspicious Files and Activity can also be discovered using Hash. The above Forensic tool, despite their criticism has been an invaluable asset in solving crimes. Their utility can only be assessed by the fact that they have aided in solving countless crimes and have improved the efficiency of the law enforcement agencies. These are not a new innovation; rather they have been used for many centuries before the development of modern forensic techniques. In these times, the field of forensics continues to grow to encompass new subjects and to aid the law enforcement agencies in an ever increasing capacity.The following screenshot showing features of OSforensic Figure 1: OSForensic tools From the screenshot it can be noted that there is a file viewer that is used to show text, hex, images, graphics, Meta data and streams. There is web browser that shows can display websites that are visited and any online content that is browsed. it has also a viewer that shows the frequency of using some applications and browsing some sites. There is also Memory forensics which enable the analysis of the memory of the disk under investigation to discover the attacks carried out in it. This enables leaving out necessary data or information for investigation. The screenshot for it is shown below Figure 2: Memory Viewer This forensics helps to preserve the survivability and integrity of existing infrastructure. it computer forensics can save an organization a lot of money. In any organization there is greater stress on computer security and major allocation of budgetary resources for information technology is made on them. In fact many organizations are deploying network security devices such as the Intrusion Detection Systems (IDS), firewalls and so on to report on the security status of their networks. The uses of forensic accounting techniques are not limited to detecting the occurrence of the crime. The techniques are also used in order to determine the extent of damage caused and to determine the criminals responsible. As mentioned earlier in the essay, the use of forensic techniques is not limited to those that have been mentioned in the paper (Isenberg, 2002). The list of forensic disciples is long and in-exhaustive. Almost every day new entries are made to list of forensic disciplines that can be used to solve crimes. The utility of the forensic techniques is such that some criminals scholars have hinted at the prospected of solving crimes that are hundreds of years old. For example, using Forensic psychology and psychiatry, the criminal investigators have reached new breakthroughs in many cases. OSForensic play an important part in examining deception or any other illegal activity going on within the records. They provide statistics and other evidences to find out factors involve in a situation. They present all facts, proven research and other findings in a form of formal outputs, which is than submitted in court for further procedure of investigation. Use of OSForensic is not limited to specific investigations only, but it can also be used in various situations such as in valuation, a forensic accountant finds out present value of the business for many legal issues. In addition, they also play part in white collar crime investigation for both public and private businesses on behalf of police force. It has also been observed that sometimes they help settle down dispute between two partners such as shareholders through peaceful negotiation in a professional manner. The forensic artifacts recovered from the 4X4.E01 Image In OSForensic two types of data are collected; they are Persistent data and Volatile data. Persistent data is the data that is stored in secondary computer storage media and Volatile data is data that is stored in registries, cache and the Random Access Memory (RAM). From the 4X4.E01 Image, three forensic artifacts were discovered that is four deleted files, hidden data and deleted file fragments. In obtain above forensic artifacts the file was 4X4.E01 identified and used with hash number provided. Summary of your results During the investigation of disk 4X4.E01 provided it can be noted that there was 215 files in total before deletion was done. Among them there were 142 graphical files whereby the deleted files were six. This is summarised as follows 1 Total files 215 2 graphics files 142 3 Are any deleted files 6 4 password protection Not protected The screenshots of the results above is shown below; Figure 3: deleted files and number of files searched From the above file the files searched and found is shown above as well as the files deleted. The password is word is not protected as shown by the images of the file The files in the case have passwords that are not protected. this type of timer-based password is through hardware generators. In addition to the one-time-password, a PIN is used. The generated password is usually valid for a short duration after generation. This approach is beneficial in that there is a limited time for an attacker to attack. However, using it without transmission security (SSL/TLS) makes an attack possible. Figure 4: Creation of signature 5. What is the Camel Trophy event? From the screenshot below Camel Trophy event is found in file called in Land Rover FAQ and it is Extended Cross country Rally. The file type is HTML which is active. In this case an event sensitising consumers of Camel's American cigarettes. The event uses various vehicles but mostly Land rover is vehicle of choice. The file is active and has health partitions. 6. What vehicle was used to win the Camel Trophy in Zaire and in what year? The vehicle that was used to win the Camel Trophy in Zaire was the 1983 Land Rover Series III 88" (SWB), and in what year 1983, it is found in file called Land Rover FAQ. The file is active. 7. How far was the 1997 Trophy event? The 1997 Trophy event was in Mongolia and covered 1500miles. It is found in Land Rover FAQ in file type HTML. The file is active and has health partitions. 8. What item does the code TR875 refer to and how much does it cost? The code TR875 refer to LWB Full Hood in Stone, costing £239.99 it is found in file called Land Rover FAQ which is HTML that is deleted. The item in in the case with “TR875” refer to Series 2A and 3 and it is in file LR Centre LTD. The file is deleted and it is form of HTML. The vehicle with the registration VRW 370T is model is Series III Pickup and found in the file S3.jpg which is an image and it is active. The vehicle registration VRW 370T has a set of handbrake shoes costing £8.23 each. The information is found in the pricelist file in form of xls or excel. The file is active and has health partitions. In 2006 Mr Smith organised a trip to Morocco , this file is found in Morocco_entry_form which is a pdf file. The file is active and has health partition. The AUT 54902 is A model Discovery which is in a file called Retail price Guide in form of pdf. The file is active and has health partitions. The years of the Series Three Land Rovers in production were 1972 to 1975 and information is in file Land Rover vehicle ID. The file is in HTML and it is active. The film used a 101 Forward Control as a taxi is Judge Dredd (try searching for ‘movie’ as well as ‘film’!) for promoting and is found in file named Land Rover vehicle ID which is in HTML. The file is active. Behind the vehicle with the registration 63 FL 75M is a trailer. It is in a file called Image File:101.jpg which is image file and it is active. For questions 5 to 16 had their results summarised as follows; Question ANWER The File Type Of File Status 5. What is the Camel Trophy event? Extended Cross country Rally Land Rover FAQ HTML Active and Health partitions 6. What vehicle was used to win the Camel Trophy in Zaire and in what year? 1983 a series 3 88inich (SWB) Land Rover FAQ HTML Active 7. How far was the 1997 Trophy event? 1,500 miles Land Rover FAQ HTML Active and Health partitions 8. What item does the code TR875 refer to and how much does it cost? LWB Full Hood in Stone, at £239.99 LR Centre LTD HTML Deleted 9. Which models do the items in the file with the “TR875” refer to? Series 2A and 3 LR Centre LTD HTML Deleted 10. What model is the vehicle with the registration VRW 370T? Series III Pickup S3.jpg Image File jpg Active and Health partitions 11. For the vehicle registration VRW 370T how much would a set of handbrake shoes cost? £8.23 each pricelist xls Active and Health partitions 12. Where did Mr. Smith organise a trip to and when did they go? Morocco in 2006 Morocco_entry_form.pdf pdf Active and Health partitions 13. What is AUT 54902 A model Discovery Retail price Guide.pdf pdf Active 14. What years were the Series Three Land Rovers in production? a. 1972-85 Land Rover vehicle ID HTML Active 15. What film used a 101 Forward Control as a taxi? Judge Dredd (try searching for ‘movie’ as well as ‘film’!) Land Rover vehicle ID HTML file Active 16. What is behind the vehicle with the registration 63 FL 75? A trailer Image File:101.jpg Image File (jpg) Active A forensic review on one of the drives revealed that the one had entered into the system They entered the disk through a security opening was were able to “view and delete four files, including files for trip and event organising, along with information belonging to Camel trophy. Forensic artifacts obtained from the image are instruments that an expert uses to deduce scientific evidence should be well established in its specific field, and should have gained widespread acceptance from relevant experts. Through forensic artifacts, courts are at liberty to dismiss it as inadmissible if its credibility cannot be henceforth ascertained. Experts are required to give their testimonies and opinions following studies, experiments and deductions made from generally accepted techniques or equipment. The forensic artifacts seeks to ensure that scientific theories and techniques used by experts in their deductions are thoroughly tested and accepted within reasonable ground. Testing such techniques would increase their effectiveness and validity, thus promoting their acceptance in different fields. By testing the methods and techniques, experts would enhance their performance and increase their reliability. The use of such techniques promoted reliability and could ruin the credibility of scientific experts and their opinions. Through the need for publication and peer-reviews, the forensic artifacts seeks to promote technique-validity among scientific experts. Publishing results based on particular studies or techniques would attract the review of other experts in the field, thus increasing the credibility of such techniques. Also, collecting data in a form of audio or visual does not need any educational knowledge, but techniques and other skills. However, it has been observed when any large organization tend to hire candidate for their firm they verify educational credentials from educational institution. In addition, the best way of verifying credentials is to check the provided references. Many professional organizations provide certifications to forensic accountants (Levanti, 2009). Some accounting firms do not require any educational or professional experience for their investigations. The OSforensic also include the use of memory and file databases. The databases are accessible to various features that contain information of countless features to detect all files deleted. While the utility of such databases appears to be non-existent, they have proven to be invaluable. These databases allow the users to compare files information and other information in order to confirm the files deleted used in a crime. This saves a considerable amount of time since the information is instantaneously accessible. As far as camel trophy`s case is concerned, in my perception, OSforensic would definitely help in investigating about events and transactions, that are in doubts that one is trying to hide from club owners. A forensic investigator can conduct investigation fairly and easily because he or she proper software for investigation, secondly he or she can use all authorities to find out truth as soon as possible. In addition, investigating about frauds is their fundamental duty which they would surely perform honestly and also, they can take legal actions against criminal and can precede the case in the court. Consequences will depend upon the individual chosen by the organization for this particular purpose of investigating about case. Indeed, the possibilities offered by these OSForensic are exciting, but technology tools, by themselves, really do not address the problems confronting investigators in crime. Other elements need to be taken into consideration, such as the integration of these devices into investigation; the adequate training of investigators and other professionals in the use of these assistive technology devices; detailed implementation plans, among others. The training of professionals is especially needed because it is very much possible that users in this field are not abreast with latest technological trends. This total dependence on skills and technological tools make it imperative for these devices to be effectively integrated into the investigation so that an individual will find it easier to use it independently. Even if there are now numerous forensic tools, their usefulness is defeated if they are not integrated into the investigation objectives. References Adler, J. R. 2004. Forensic Psychology: Concepts, debates and practice. Cullompton: Willan. Dees, T. 2004. New computer forensics tools . Law & Order, 52(6) , 24-25. Gaensslen, R. (2008). Introduction to Forensics & Criminalistics . McGraw-Hill Companies, Inc. Hay, A. & Peterson, G., 2011. Acquiring OS x File Handles through Forensics Memory Analysis”, Air Force Institute of Technology. Kaur, M., Kaur, N. & Khurana, S. 2016. A Literature Review on Cyber Forensic and its Analysis tools. International Journal of Advanced Research in Computer and Communication Engineering Lee, H. C. 2004. Advances in Forensics Provide Creative Tools for Solving Crimes. Bulletin of the Connecticut Academy of Science and Engineering, Vol. 19,2, Summer . Raghavan, S. & Raghavan, S V ., 2013. “ A Study of Forensic & Analysis Tools”, IEEE, 978-1-4799-4061-5/13. Suteva, N., Mileva, A. & Loleski, M., 2014. “Computer Forensic Analysis of Some Web Attacks”, World Congress on Internet Security, Zhou, Y. & Jiang, K. 2012. “An Analysis System for Computer Forensic Education, Training, and Awareness”, International Conference on Computing, Measurement, Control and Sensor Network, page no: 48-51, 2012. Read More