A

MICROPROJECT REPORT
On

“Study of any case of forgery/ falsification crime case

solved using digital forensic.”

Submitted in fulfilment of requirement for the award of the

Diploma in Computer Engineering

Prescribed by

Maharashtra State Board of Technical Education, Mumbai.

2021-2022

Submitted by:

SANDIP MANDAL

Guided by:
Prof. D. Roy
(Lecturer)

Department of Computer Engineering

Shri Sai Polytechnic, Chandrapur
2021-2022
 SHRI SAI POLYTECHNIC CHANDRAPUR
DEPARTMENT OF CIVIL ENGINEERING
2021-2022

CERTIFICATE

This is to certified that this complete project report of entitled

" Study of any case of forgery/ falsification crime case
solved using digital forensic " Submitted by the following
students of sixth semester of "SHRI SAI POLYTECHNIC,
CHANDRAPUR, (M.S.) in the partial fulfilment for requirement of
DIPLOMA IN COMPUTER ENGINEERING from Maharashtra State
Board of Technical Education, Mumbai, (M.S.). This is the record
of their own project work carried out by them under my guidance and
supervision for the academic session 2021-2022.

SUBMITTED BY:

SANDIP MANDL

Prof. D. ROY Prof. S. Sarkate

( Project guide. ) ( HOD)

DEPARTMENT OF COMPUTER ENGINEERING DEPARTMENT OF COMPUTER ENGINEERING

SSPC. Chandrapur SSPC. Chandrapur
 ACKNOWLEDGEMENT

A project is a job of great enormity and it can’t be accomplished by an

individual all by them. Eventually, we are grateful to several individuals
whose professional guidance, assistance and encouragement have made it
a pleasant endeavour to undertake this project.

We take this opportunity to express our profound gratitude to our respected

Principal PILARE SIR for his support. We are grateful to the Head of the
Department SARKATE SIR, for his unfailing encouragement and
suggestion given to us during our project work.

Guidance and deadlines play a very important role in successful

completion of the project on time. We also convey our gratitude to our
internal project guide,

ABSTRACT

Computer technology is the major integral part of everyday human life,

and it is growing rapidly, as are computer crimes such as financial fraud,
unauthorized intrusion, identity theft and intellectual theft. To counteract
those computer-related crimes, Computer Forensics plays a very
important role. “Computer Forensics involves obtaining and analysing
digital information for use as evidence in civil, criminal or administrative
cases.

This report also includes a computer investigation model, data

collections and its types, evidence acquisitions, forensics tools,
malicious investigation, legal aspects of computer forensics, and finally
this report also provides necessary recommendations, countermeasures
and policies to ensure this SME will be placed in a secure network
environment.
INTRODUCTION

Case study
A new start-up SME (small-medium enterprise) based in Luton with an E-
government model has recently begun to notice anomalies in its
accounting and product records. It has undertaken an initial check of
system log files, and there are a number of suspicious entries and IP
addresses with a large amount of data being sent outside the company
firewall. They have also recently received a number of customer
complaints saying that there is often a strange message displayed during
order processing, and they are often re-directed to a payment page that
does not look legitimate.

The company makes use of a general purpose eBusiness package

(OSCommerce) and has a small team of six IT support professionals, but
they do not feel that they have the expertise to carry out a full scale
malware/forensic investigation.

As there is increased competition in the hi-tech domain, the company is

anxious to ensure that their systems are not being compromised, and they
have employed a digital forensic investigator to determine whether any
malicious activity has taken place, and to ensure that there is no malware
within their systems.

Your task is to investigate the team’s suspicions and to suggest to the

team how they may be able to disinfect any machines affected with
malware, and to ensure that no other machines in their premises or across
the network have been infected. The team also wants you to carry out a
digital forensics investigation to see whether you can trace the cause of
the problems, and if necessary, to prepare a case against the perpetrators.

The company uses Windows Server NT for its servers. Patches are applied
by the IT support team on a monthly basis, but the team has noticed that a
number of machines do not seem to have been patched.
3 Famous Cases Solved Through Digital Forensics

Digital forensics is a process often used in criminal investigations. It

involves collecting digital evidence from various devices, tools, or
infrastructures such as computers, mobile devices, emails, hard discs, and
cloud storage systems

Here are a few famous cases where digital forensics played a crucial
role:

1. The BTK Killer

You can’t talk about criminal cases and digital forensics without
mentioning the infamous BTK killer case. What remained to be a mystery
for more than 30 years was finally solved via digital forensics in the early
2000s.

The “BTK Killer,” aka Dennis Rader, tortured and killed at least ten
people while he was still at loose and undiscovered. He’d taunt the police
forces by sending them cryptic messages during his killing sprees,
baffling them even more.

However, it was this very habit that finally led to his arrest. In 2005,
Rader sent the police a Microsoft Word document on a floppy disk.
Digital forensics experts were able to trace the metadata contained
within the disk, helping unveil the BTK Killer’s true identity. Rader was
finally arrested and imprisoned shortly after this.
 2. The Craigslist Killer

When you think of Craigslist, you typically think of buying and selling
products online. Over a decade ago, however, the website name was
associated with a murder case that was eventually solved through digital
forensics.
In April 2009, Boston was shaken by the murder of a young woman in her
hotel room. There was also a reported case of assault on another woman
who was robbed at gunpoint. What did the two victims have in common?
They had both advertised their services on Craigslist and had an
appointment with a man named “Andy” on the night of the crime scene.
When investigators traced the emails exchanged between the victims and
“The Craigslist Killer,” the IP addresses led them to an unlikely suspect:
23-year old Philip Markoff, a medical student. This was a massive victory
for digital forensics, and it showcased how the technology can be used in
crime cases.
 3. Larry J. Thomas Vs State of Indiana

In 2016, Larry J. Thomas was found guilty of an attempted robbery that resulted
in the murder of Rito Llamas-Juarez. While the case had eyewitnesses who
confirmed Thomas’s presence at the crime scene, digital forensics helped
strengthen the case even further.
During the investigation, the authorities took the content posted on the
culprit’s Facebook account under consideration. They found that he had
been using a handle named “Slaughtaboi Larro” and had posted photos of
himself carrying an assault rifle. The ammunition used in the murder case
matched that of the weapon shown in Thomas’s online images. The photos
were also used to match a bracelet found at the crime scene. Thomas had
been wearing a similar bracelet in the pictures posted online. Consequently,
Thomas was arrested and imprisoned.
Computer investigation model
According to Kruse II, W.G., and Heiser, J.G. (2010), a computer
investigation is to identify the evidences, preserve those evidences, extract
them, document each and every process, and validate those evidences and to
analyse them to find the root cause and by which to provide the
recommendations or solutions.

“Computer Forensics is a new field and there is less standardization and

consistency across the courts and industry” (US-CERT, 2012). Each
computer forensic model is focused on a particular area such as law
enforcement or electronic evidence discovery. There is no single digital
forensic investigation model that has been universally accepted. However, it
was generally accepted that the digital forensic model framework must be
flexible, so that it can support any type of incidents and new technologies
(Adam, R., 2012).

Kent, K., et.al, (2006) developed a basic digital forensic investigation

model called the Four Step Forensics Process (FSFP) with the idea of
Venter (2006) that digital forensics investigation can be conducted by
even non-technical persons. This model gives more flexibility than any
other model so that an organization can adopt the most suitable model
based on the situations that occurred. These are the reasons we chose
this model for this investigation. FSFP contains the following four basic
processes, as shown in the figure:

Figure 1: FSFP Forensic Investigation Model

Source: Kent, K., et.al, (2006)

The “Preserve and Document Evidence” arrow mark indicates that we
must preserve and document the all evidences during the course of
investigation, as this can be submitted to the court as evidences in some
cases. We will discuss each and every process or stage of the FSFP
investigation model in following sections.

Conclusions

This report contains how to conduct the Computer Forensic Investigation

and Malware Investigation in various methods and using various tools.
This report also contains the ACPO’s four principal and IS017799
security policy procedures which must be implemented in every
organization to improve the security network architecture. It also
analysed the First Four Step Forensic Investigation model and why we
chose this model to conduct the forensic investigation for this case.

It also has important preparation steps before starting the investigation.

Then this report has an analysis part where we analysed the data which
we gathered by various methods to yield the findings. This report also has
the recommendations to avoid the security breach in future.

Digital forensic investigation is a challenging process, because every

incident differs from other incidents. A computer forensic investigator
must be competent enough in Technical and Legal to conduct the
investigation. Since the evidence which is provided by a computer forensic
investigator can be an important part the case, the investigation report
must be precise and in detail.
REFERENCES

• 7safe, (2013) “Good Practice Guide for Computer-Based Electronic

Evidence”
• ACPO (2013), “Good Practice Guide for Computer-Based
Electronic Evidence”, V4.0
• Evidence and Digital Forensics”, Australian Security Magazine,
• Aquilina, M.J., (2003), “Malware Forensics, Investigating and
Analyzing Malicious Code”, Syngress,
• Carvey, H., (2005), “Windows Forensics and Incident Recovery”,
Boston: Pearson Education Inc.
• Case studies, PwC CybercrimeUS Center of Excellence,
PricewaterhouseCoopers LLP, 2010,
• CJCSM 6510.01B, 2012, “Cyber Incident Handling Program”,
Chairman of the Joint Chiefs of Staff Manual, J6.
• Dave, P., (2013), “SQL – A Career in Database Forensics
• Forensic Analysis of a SQL Server 2005 Database Server
• SME Cyber security and the Three Little Pigs”, ISACA journal,
Vol 6
• Hunt, R., (2012), “New Developments In Network Forensics – Tools
and Techniques”, New Zealand, IEEE, pp. 377 – 381.

-------------------------------THANK YOU------------------------------------