DIGITAL FORENSICS

Lab fAT

NAME: Asmit Gupta

REG. NO.:18BCE0904
SLOT: F1+TF1
FACULTY: SURESHKUMAR N
QUESTION

Digital forensic tools are used to unravel criminal acts and prove crime in the
court of law. However, the area, task and/or functions digital forensic tools are
being applied in may not be suitable hence leading to unreliable results by
these tools. In many cases, forensic experts may apply a particular tool not
because it is the most effective tool but because it is available, cheap and the
expert is familiar with it. This has often led to use of unreliable digital forensic
tools, which may yield unreliable results. Unreliable results may jeopardize the
whole forensic investigation process and in some cases lead to criminals walking
free thereby being bolded to commit the same crime again. This may also lead
to time wasting, trial and error, loss of money, etc. How to validate the forensic
tools used for the investigation to generate the valid evidence.

SOLUTION
The process of using automated software has served law enforcement and the courts very well,
and experienced detectives and investigators have been able to use their well-developed
policing skills, in conjunction with the automated software, so as to provide sound evidence.
However, the growth in the computer forensic field has created a demand for new software
and a means to verify that this software is truly “forensic” i.e. capable of meeting the
requirements of the ‘trier of fact’.
The validity and credibility of electronic evidence are of paramount importance given the
forensic context of the discipline In other words, the trustworthiness of digital evidence relies
on the scientific application of the process, the analysis and the correct utilization and
functioning of computer forensic tools.
There are a few of points that need to be noted.
 • First, vendor validation has been widely undocumented, and not proven publicly,
except through rhetoric and hearsay on bulletin boards. Many published documents in
this field discuss repeatability of process with other tools as the main validation
technique, but no documented record can be found in the discipline that expands on
the notion of two tools being wrong
• Secondly, this validation work treats the EE software package as a single unseparated
entity. Because the cost of purchasing such software is so great it would be infeasible
to discount an entire package due to a single or small group of functions failing
validation.
• Following the second point is the cost and complexity issue of the tool orientated VV
approach. These tools either are designed solely for forensic purposes or are designed
to meet the needs of particular interest groups
• Validation and verification of the discipline is a difficult task requiring a structured
framework and only the outcomes are defined. This presents unique problems with
the discipline since this dynamic change is not found in other forensic disciplines such
as fingerprint examination, and DNA testing.

The development of forensic software tools and high assurance software requires axiomatic
proofs in the foundational development of the software. This concept is the foundation of
traditional software engineering. many tools are not developed specifically for the purposes of
digital forensics, they are developed for other purposes and applied to the discipline, so this
makes it difficult to police.

FTK MANAGER

1.Adding evidence item to investigation

 2. To connect usb drive with this application
we are selecting physical drive
 3. We are selecting a path of usb drive

4. Its shows that usb drive is connected with

this application
6.By right clicking on the file and select the
export file option we can export the file into
pc
7.In this we are selecting a location of the
deleted file

8.Now the file is exported sucessfully in the

location
9.Clearly the file has successfully managed to
retrieve back in the folder after export

10.Creation of disk image of the USB Drive

11.Filling the case details for making Raw
image type of the disk
12.Specifying location where to store the disk
image
13.Disk Imaging process is currently in
progress and upon completion will be stored in
the folder as mentioned above

14.The disk image has been successfully created

which has got 2 parts to it
 AUTOPSY
DELETE AND RETERIVE THE DATA FROM AUTOPSY
STEPS:-

1. FILL THE CASE INFORMATION

2. GIVE SOME ADDITIONAL DETAILS

3. CREATING DATABASE
4. SELECT TYPE OF DATA SOURCE

5. SELECT THE USB FROM DATA SOURCE

6. SELECT THE FIELDS WHICH YOU WANT TO RETERIVE

7. Add data source in the loacal database

8. ALL THE DELETED FILES ARE SHOWN HERE

9. RIGHT CLICK ON THAT FILE WHICH YOU WANT TO RETERIVE

10. SELECT THE FOLDER WHERE YOU WANT TO RETERIVE THE
DATA
11. FILE EXTRACTED

12. EXTRACTED FILE IS SHOWN HERE

Steps followed for Bit Shifting In WinHex:
1. OPEN THE WINHEX EDITOR

2. OPEN THE FILE OF YOUR CHOICE WHOSE BITS HAVE TO

BE SHIFTED

• Click on File Menu

• Select Open option
• Browse the file of your choice.
3. IF REQUIRED, YOU CAN VALIDATE THE AUTHENTICITY OF
THE FILE USING MD5 HASH

• Click on Tools Menu

• Click on Compute Hash Option
• Select the type of hash you want to calculate
• Click on OK
4. PERFORM BIT SHIFTING ON THE FILE

• Click on edit menu

• Choose the modify Data option
• Choose the bit shifting option of your choice
Click on OK
After Bit-Shifting :

You can finally save the file.

CONCLUSION
In many cases, forensic experts may apply a particular tool not
because it is the most effective tool but because it is available, cheap
and the expert is familiar with it. This has often led to the use of
unreliable digital forensic tools, which may yield unreliable results.
Unreliable results may jeopardize the whole forensic investigation
process and in some cases lead to criminals walking free thereby
being bolded to commit the same crime again. This may also lead to
time-wasting, trial, and error, loss of money, etc. I successfully
analyzed all the data and validated with the help of various software.
and all the results were the same hance we can tell all the tools were
validated