CAP 498

Investigating an Extortion Case

Bachelor's of Computer Application

SUBMITTED TO

02-03-2023 Deposit Date

Investigator Name Investigator Officer (HEAD)

Sanchit Chauhan Gaganpreet kaur

 To Whomsoever It May Concern

I am Sanchit Chauhan (Investigator) 12009265, here by declare that the work done by me

on “Investigating an Extortion Case” Case 12-02-2023 Deposit Date Lovely professional

University , Phagwara, Punjab, is a record of original work for the partial fulfillment of the

requirements for the award of the degree, Masters of Computer Applications.

Investigator Name

Sanchit Chauhan

(120092652)

2
 Acknowledgment

The Case opportunity we had with the Investigator Officer (Head) was a great chance for

learning and cyber forensics investigation. This is a Cyber Forensics Therefore, I consider

myself as a very lucky individual as I was provided with an opportunity to be a part of this

Case. I am also grateful for having a chance to learn from the Investigation who led me

through this First Investigation. I express my deepest thanks to Investigator Officer (Head)

Dr. Yasir Afaq School of Computer Application, Lovely Professional University for allowing

me to grab this opportunity. I choose this moment to acknowledge his contribution

gratefully by giving necessary advice and guidance to make my Investigation a good

learning experience.

Investigator Name

Sanchit Chauhan

(12009265)

3
 Case Study-1: Investigating an Child Pornography Case:

We have an important task allocated as an investigator to investigate a child pornography

case where several digital devices have been collected as evidence. In order to properly

investigate this case, we require that you use the EWFTOOL KIT. We know that this is an

important responsibility and we trust in your skills and expertise to get the job done. If you

have any questions or need any assistance in using the EWFTOOL KIT, please do not

hesitate to reach.

Steps to perform :

● First we need to extract the source file path and then we need to provide some

additional information as shown in the snapshot below.

4
 ● After creating the image of the suspected file we also need to check the integrity of

the files created so we verified their hash values.

5
 ● Here we are creating the different format of the original image file we create

(encase, smart , ftk)

6
 ● Here are the different format files stored in the system directory.

Case Study-2 : Investigating a Case on Breach of Data :

We are writing to inform you of a breach of data that has occurred at our software-based

company in Noida . The complainant has reported that some of our employees have used

the company hard drive to leak crucial information to outsiders. It is imperative that we

investigate this matter fully and as soon as possible. Therefore, we would like to request

your expertise in conducting a thorough investigation of the hard drives in question. We

are confident that with your experience and skill, you will be able to uncover any evidence

of wrongdoing and help us take the necessary steps toward rectifying the situation.

Steps to perform :

● Firstly we are going to use the FTK tool for both data acquisition and data analysis.

So we will add the source file and provide the additional information and

destination route to it.

7
 ● Now we provide the description and some of the additional information on the case

for the chain of custody.

8
 ● Now we also provide the image formats , compression level and other type of

encryption if want to provide

● Here we can check the result in the image creation technique.

● Now by adding the evidence items we can check the data in a hierarchical manner.

And get the metadata as well.

9
 ● We get the different files with extension AD1, hash.csv and exported contents within

the image file.

10
11
12