Site Loader
Rock Street, San Francisco

Summary: The Investigation team has been able to detect and
collect few pieces of evidence on which they would be able to find out the
suspect of series of kidnappings happened lately. The international stuffed
slave market has become the main source where all the illegal activities been
taking up. The Toy story Investigation Response (TSIR) team has finally
recorded all the evidence. The TSPD has collected few items from the suspect to
which he claimed he is innocent. The possible objectives are the data which was
stored and what data were stored in the hard drive of the computer, also the
registry and the browser history and files for which the data can collect of
the last few days. The Investigation team can determine the suspicious
activities by logging into the data and decoding the files by inserting
commands that will give the exact information loaded into them. The TSIR team
can investigate all the data which would help them more and will help them in
reaching to the main suspect behind this kidnapping. Sherriff Woody has made
the list of all possible suspects and is collecting data. The Investigation
will clarify if the suspect they have detained is the main culprit behind it or
other sources are also there which has been working on his system in his absence.
The software which the investigation team has developed will be able to detect
all the files and folders stored in the disks and registry that relates to the
current event.   The team requires tools
to generate the metadata should have TSK (The Sleuth Kit) File system that
would help to investigate metadata. The management system of TSK The TSK organizes
the information inside database system in the 5 different classes: Data Unit, System
File, data stored as Metadata, Subject name of the file and the application of
it. This chain stores all information such as recent access information of
items required authorization and pointers to the information data that
associated with the file directory of the system. The description of the file
can be easily obtained but difficult to memorize the numeric al secret number
or coding of it. Hence, all statistics which is its data only has been done in
the system is kept which needs to be taken out with the help of TSK system. The
Deleted files can be restored using the same tool which is advanced in
retrieving information i.e. all the previously mentioned techniques can be
merged alone by the TSK System. The System will detect all the directories and
will flash all the names it detected. It will not display those names that are
unallocated or marked unallocated it will not flash them up. The unallocated information
can be easily found with the help of F.L.S. by scraping into the MFT that will
resend in to the address list called as directory of it. This will make easier
to explain and detect the files removed by the suspect and in what way they
were displayed in data system in Master File Table. This is very easy to tell
the difference between those information which were deleted because the files
that was recovered from MFT shows a “-” sign in their name such as -/ab than
ab/ab. The file carving of the fragmented file can be done by using the tool
Scalpel. Based on the data fragment types or data file prototype, the
operations are performed by Scalpel. These prototypes are based on general
expressions and binary strings. Various default prototypes are stored in the
configuration file which is stored in “scalpel.conf”. Scalpel
supports the comments in the configuration file which is used to explain the
structure of file carving prototypes. All information is extracted by the
carver which reads data from header and footer which then match all raw files,
images etc. It can easily carve all files types like NTFS, FATx or raw
partitions as well. All kinds of services like file recovering or even
investigation can be easily performed by the scalpel. Firefox SQLite Manager
Addon can easily detect all those sites which have been used regularly without
being informed by the actual user and can show all details loaded on the
screen. It will inform the investigator about how many files were accidentally
opened or casually opened. History file will also be detected during the same
time. The intent and the frequency of the data searched will get loaded into it
verifying the intent or the purpose from the history of the browser. Regripper
is the tool that will help in identifying the registry information Win32R which
is registry component which is used to access the registry information. This
operation is done in an object-oriented manner. The Registry key nodes within
the hive file can be detected including the data and value node as well. The
last name can be easily retrieved by the key node access, and it enables after
parsing it to an investigator in the easiest form to understand it. The best
feature of this is that it enables the function and passes reports in a
readable manner to understand easily. Wireshark has the immense good role in
identifying activities inside the system. In the detection data such as emails
and links inside them are generated by this system which could become the
potential evidence for the digital forensics team. No one can be able to cheat
ever by fraud like stealing someone’s connection by malfunctioning their IP
address. The activities of a person can be easily detected by using Wireshark,
it enables to detect IP and MAC addresses as well as any suspicious person. It
will help in restoring all the information behind the screen such as emails and
links that were used and deleted. The power of Wireshark can be enhanced by
using tools like aircrack_ng which is used to examine the wireless network’s
traffic, this enables Wireshark a powerful tool.

Post Author: admin


I'm Eunice!

Would you like to get a custom essay? How about receiving a customized one?

Check it out