Akash's Blog

  Case Jonathan Simpson owns a construction company. One day a subcontractor calls him, saying that he needs a replacement check for the job he completed at 1437 West Maple Avenue. Jonathan looks up the job on his accounting program and agrees to reissue the check for $12,750. The subcontractor says that the original check was for only $10,750. Jonathan looks around the office but can’t find the company check book or ledger. Only one other person has access to the accounting program. Jonathan calls you to investigate. How would you proceed?  Write a report  detailing the steps Jonathan needs to take to gather the necessary evidence and protect his company. Investigation An investigation has to be completed for a variety of reasons. Reason one, there was a job put in at $12,750 when it only costs $10,750 which means that there is a missing $2,000 that is unaccounted for. Reason two, the check book and the ledger are missing and the only other person that has access is nowh...

  T he steps for hiding and extract any Text File behind an Image File/Audio File using Windows Command Prompt We can see that, Most of our data not 100% secure on interconnected devices which are connected in network. So, we need to take care of our device or file security. Therefore, we need to create some basic level security. For that we are going to hide our text file behind any Image File or Audio File by using Windows Command Prompt. 1) First we need to take any Image File along with our Confidential File. 2) Type any confidential message into our TXT File (Confidential File). Just like below: 3) Then open command prompt, and type following command on it. copy /b ImageFileName.png+TextFileName.txt Result.png In binary mode,  copy /b copies all characters (including special characters such as CTRL+C, CTRL+S, CTRL+Z, and ENTER) to the device, as data . 4) Then open Result.png as normal photo viewer first. We see that only image is display, and now open it as notepad. In n...

  Pro-discover Pro-discover is a software in a digital forensics that helps investigators to acquire the evidence from computer device. Pro-discover is mostly used in digital forensics and incident response. By using Pro-discover tool, we can create a image of any disk drive or storage drive to analyse, discover the data for investigation. Some key features of Pro-discover includes: Preview and Image Disks Investigate all filesystems Analyse email artifacts and web Report generation (hash value or automatic) View Internet History You need to install first Pro-Discover basic software which is available freely. After that opening it, we will see the following launch dialog for creating a new project. Mention the project number and project file name on it and click open button. Standard format of Project Number is like  '001-HDD-1-27-07-2022'  and Project File Name is  'SampleDemo-001-HDD-1-27-07-2022'. Then click on the Capture and Add Image which is in the left h...

  Linux Data acquiring commands DD (Data Dump) dd is use in Linux or Unix operating systems for cloning or converting the files. dd can create bit-by-bit copy of physical drive to generate the image. This image can be used by most of the forensics purposes. Some practical examples on dd command: To backup the entire hard disk:  To backup a complete copy of a hard disc to a different hard disc connected to the identical system, execute the dd command as shown.      # dd if=/dev/sda of=/dev/sdb      'if ' referred as input file, and of referred as output fie. We must be mentioned input and output file carefully. To copy, drive to drive using dd command as shown below, sync option allows you to replicate everything using synchronized input/output.     # dd if=/dev/sda of=/dev/sdb conv=noerror, sync To backup a Partition: You can use the device name of a partition in the input data file, and into the output data either you will be able ...

  The Sleuth Kit - Autopsy The sleuth kit is set of c library and command line utilities which is used for analysis of disk image and for recovery of data from them. Autopsy is simple to use GUI based software that provides a way for analysing the hard drive and mobile phones. It is generally used by military purpose, corporate examiners, law enforcement to study what happened on the computer. You can also use it for recovering the camera's memory card. Autopsy is free available for general use. Don't use it for any illegal activity. You can download autopsy from  here . Now we are going to see that how autopsy work in windows  environment . After installing the autopsy, run it and select new case. After that enter the case name which is related to your case or device you are going to scan and select the location of the case in device and also select the case type, and then click next. Then type the case number and examiner's other details. Then click finish. Then just wa...

  OpenPuff OpenPuff is a Steganography software which is freely available for data hiding and marking. The general example of Steganography is message hidden inside any image file. In OpenPuff, data is split among many carriers. For unhiding correct carrier sequence needed. It can hide data which is up to 256 Mb. It is suitable for many carriers’ formats Image, Audio, Video, Adobe, or Flash. It uses 512-bit cryptography algorithms. It has unique level of security for hiding data. It is portable software. It is safe which means spyware/adware free, fully redistributable, and Open Source core crypto-library. It is professional and simple to use for beginner. Download You can download this software from  here . Working of OpenPuff Software for hiding and unhiding data First, we take our any confidential file for this process as sample shown below. Open OpenPuff software, we can see interface as below which have many options. Click on hide button which in Steganography field, here...

  To understand and demonstrate working of jumplists from data forensic perspective by using jumplists view tool. Jump Lists basically created for providing the quick access to the recently opened documents for respective application. Which is first introduced in the Windows 7. For data forensic perspective, By using Jumplists forensic investigator can analyse the suspect's activity like tracking recently opened application, when the file or application opened or closed, etc. Jumplists provide the Most Recently Used and Most Frequently Used list for respective application which is helpful for data forensic. There are two sets created for storing jumplists in windows: AutomaticDestinations This is automatically generated by Operating System when any file or application opened. The files stored in it, has  .automaticDesinations-ms  extension. To access this file we need to go through the following path. C:\Users\XYZ\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinat...

  Secure Deletion Anti-Forensics includes many things for secure deletion of data or evidence. Some of them are mentioned below. Destruction of Evidence This method removes the evidence and make recovery impossible. Two methods mention below about this: Physical destruction: Use of magnetic field or other less subtle and unconventional methods. Logical destruction: Overwriting information/data or eliminating it. Artifact wiping  is the technique by which we can successfully delete file or completely remove file from any drive. By this particular files or file system is permanently eliminate from system. There are various methods for this: Disk cleaning utilities : There are so many techniques are present like BC Wipe, Eraser, cyberscrubs cybercide, killdisk, PC inspector, CMRR secure erase. File wiping utilities : This utility is used for deleting individual files from an OS. It is relatively fast as compared to disk wiping utility. There are also some utilities are present li...

  Case study for Email-Forensics using open source tool With the speedy growth in the world of digitization, emails have become a primary need among every individual for a seamless communication experience with the intended recipient. Although the advanced features may vary from one email application to another, moreover every email client provides basic functionality to send and receive the emails consisting of different crucial information. At times, these emails become the primary medium, which is vulnerable to several email frauds and attacks. Role of Email in Investigation Emails play a very important role in business communications and have emerged as one of the most important applications on internet. They are a convenient mode for sending messages as well as documents, not only from computers but also from other electronic gadgets such as mobile phones and tablets. The negative side of emails is that criminals may leak important information about their company. Hence, the r...