Professional Documents
Culture Documents
PRACTICAL : 1
Aim: To study the overview of Digital Forensics.
Introduction:
Purpose:
There are several tools which are used for digital forensics. Here are a few
popular and most used digital forensics tools :
DOS, etc. The only drawback of this tool is that you need to remember
all the commands.
Autopsy:
It is an open-source digital forensic software which is put to use
heavily for carrying out hard drive investigations. Corporate
investigators and government agencies use it to conduct digital
investigations. The military and law enforcement agencies leverage
this tool as well. While it is available for both Linux and Windows, it
comes pre-installed in Kali Linux. Autopsy can examine various sorts
of data configurations. For example, FAT, Ext2/Ext3, NTFS etc
ProDiscover Basic:
Like Autopsy, ProDiscover Basic has a GUI (graphical user interface)
as well. Also, it is a free digital forensic tool. Without modifying any
data, the tool intends to make replicas of the hard disk. It also allows
to preview and search suspect files, reading the entire drive byte-by-
byte and without altering any data or metadata. A user can analyse
the evidence in detail as soon as the image is ready.
SANS SIFT:
The SANS SIFT (Investigative Forensic Toolkit) is an Ubuntu-based
live CD. It covers all the tools required to carry out an in-depth
incident response investigation or forensic. It supports analysis of
Advanced Forensic Format (AFF), RAW (dd) evidence formats, and
Expert Witness Format (E01). SIFT incorporates tools such as
log2timeline as well. It helps generate a timeline from system logs,
Rifiuti for examining the recycle bin, Scalpel for data file carving, etc.
Volatility:
For the analysis of volatile memory, Volatility is the most well-known
tool. Identical to the Sleuth Kit, Volatility is also open-source, free,
and supports third-party plugins. The Volatility Foundation conducts
a yearly contest to develop the most innovative and useful extension
to users’ framework.
PRACTICAL : 2
Aim: - How to recover deleted files or data from the storage or
storage devices using Forensics Tools
2. Create an image:
The first step in recovering the file would be creating a bit by
bit image of the whole hard disk. There are multiple tools we
can help us perform this task, but for this practical we will be
using Access Data Forensic Toll Kit or Access Data FTK.
From the file menu select create image. Once you did that it will
ask for various details such as for a case number, evidence
number, examiner name, etc. Obviously, this software was
designed for law enforcement and all evidence needs to be
categorized and labelled.
Once done it will ask for a location of the physical drive you
want to image, a destination directory and a name for the
image file. When you are done with all these administrative
tasks, FTK Imager will begin the process of creating a
forensically sound bit-by-bit image of your drive.
Once you select an image file, start the automatic file recovery.
After that select the File Type tab above the Explorer window
to categorize the files by type. As you can see, there are
numerous file types recovered from this hard disk. Once done
that you will see your demo files within the list.
PRACTICAL : 3
Aim : To study the steps for hiding and extracting any text file
behind an image file/ Audio file using Command Prompt.
Procedure :
To Hide The File :
Step 1 : Convert the text file into .rar file.
Step 3 : Press Enter and you have successfully hidden the text file behind
the image file.
Step 2 : At the bottom of the text file you will see your content along with
the text file name. Since my file was empty only file name is visible.
PRACTICAL : 4
Aim : How to Extract Exchangeable image file format (EXIF) Data
from Image Files using Exifreader Software.
Procedure :
Step 1 : Download the Extract Exchangeable image file format (EXIF)
from the link https://exif-reader.en.softonic.com/ and install it on your PC.
Open it.
Step 2: Click on open and select the image you want the data about.
PRACTICAL : 6
Aim : How to Collect Email Evidence in Victim PC.
Procedure :
To collect evidence we must first setup dumpit tool.
Press “y” to continue. Once done it will start processing and then finally a
success message will come.
The output file would be at the same location as the .exe file of dumpit.
To view this file download bulk extractor viewer. Make sure your system
has java installed otherwise the program won’t run.
Once done click on generate report.
Select the file and output directory.
PRACTICAL : 7
Aim : How to Extracting Browser Artefacts.
Introduction :
These artefacts are files stored inside of specific folders in the operating
system. Each browser stores its files in a different place than other
browsers and they all have different names, but they all store (most of the
time) the same type of data (artefacts).
PRACTICAL : 8
Aim : How to View Last Activity of Your PC.
Introduction : What is activity on PC?
The Activity by Computer report shows the total time spent on PC in
applications and on websites. ... This way, you can see what document was
opened, what site URLs were visited and so forth.
How to view :
To view activity on your PC in start menu type in Event
Open it and you will see all the logs and information regarding the activities
on your PC.
PRACTICAL : 9
Aim : Find Last Connected USB on your system (USB Forensics).
USBDeview is a small utility that lists all USB devices that currently
connected to your computer, as well as all USB devices that you previously
used.
For each USB device, extended information is displayed: Device
name/description, device type, serial number (for mass storage devices),
the date/time that device was added, VendorID, ProductID, and more…
USBDeview also allows you to uninstall USB devices that you previously
used, disconnect USB devices that are currently connected to your
computer, as well as to disable and enable USB devices.
PRACTICAL : 11
Aim : Comparison of two Files for forensics investigation by
Compare IT software.
Introduction :
Compare It is a software that displays 2 files side by side, with colored
differences sections to simplify analyzing. You can move changes between
files with a single mouse click or keystroke, and of course, you have the
ability to edit files directly in comparison window. It can make colored
printout of differences report, exactly as it’s on the screen.
Select the two files you want to compare. Open the files and you will see the
difference between the files side by side.
PRACTICAL : 12
Aim : Live Forensics Case Investigation using Autopsy.