Professional Documents
Culture Documents
Team members:
19BCI0074 - Nandipati Hemanth Kumar Reddy
19BCE2081 - Y.V.N.S.R.K.Teja
19BCE0952 - Rahul Sanjeev
Case:
A complaint was made to the authorities describing alleged Wi-Fi hacking
activity. When the authorities reached the spot, they found an abandoned Dell
computer which is suspected that this computer was used for hacking
purposes. Schardt uses "Mr.Evil" nickname when he goes online.
During the course of investigation, analysis of the evidence would require
performing these tasks of computer forensics:
1. The operating system which was used in the computer
2. The registered owner of the computer
3. The computer account name
4. The last recorded computer shutdown date/time
5. Total accounts recorded
6. The account name of the user who mostly uses the computer 7. The last
user to login into the computer
8. A search for the name of “Greg Schardt” to prove that he is Mr. Evil and is
also the administrator of this computer and the file used to prove it.
9. The same file in above reports the IP address and MAC address of the
computer.
10. Some installed programs that may be used for hacking.
11. E-mail address of Mr. Evil
12. The NNTP (news server) settings of Mr. Evil
13. Two installed programs show information about mail
14. A popular IRC (Internet Relay Chat) program called MIRC was installed
and how it’s used.
Dataset Used
6. The account name of the user who mostly uses the computer can be seen
in OS accounts under Mr.Evil info
Here he has a login count of 15
9. The irunin.ini file in above reports the IP address of the computer which
can be found in it
%LANIP%=192.168.1.111
10. Some installed programs that may be used for hacking are found in
Installed Programs
They are
Ethereal – Packet Sniffing
123 Write all stored passwords – Password dumping
CuteFTP – Transfer Files
Cain & Abel – Password Hacking/Cracking
WinPcap – Packet Capturing
Look@Lan – Monitor Networks
11. SMTP E-Mail address of Mr.Evil can be found in an Installed program
named Forte Agent which is a mail service provider
We go to vol2-->program files-->agent-->data and whike searching files in
that we find the email id in a file 00000158.IDX here mail is
whoknowsme@sbcglobal.net
It can be confirmed by doing a keyword search as the SMTP E-Mail Id of
Mr.Evil
14. A popular IRC (Internet Relay Chat) program called MIRC is used and
it’s details can be show below
User id is mini me
The Autopsy Report
Conclusion:
The forensic investigation that is carried out on the disk image is displayed. It
is possible to identify the types of crime committed and the criminal behind
the crime. The Computer hard disk is a main source of evidence against such
crimes as it maintains the digital information on it. Hence we found hacker
using the autopsy tool.