Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Cyber&digital forensics report
1. CYBER & DIGITAL FORENSICS
Yash sawarkar kunal kawale Anup Singh
Student of IT department, Student of IT department, student of ITdepartment,
G.H. Raisoni college of engineering, G.H. Raisoni college of engineering, G.H.raisoni college of
Nagpur, India. Nagpur, India. Nagpur,india.
2. G.H.RAISONI COLLEGE OF ENGINEERING
(AN AUTONOMOUS INSTITUTION UNDER UGC ACT 1956)
A REPORT ON
“CYBER & DIGITAL FORENSICS”
TEACHER ASSESSMENT EXAM
NAME: KUNAL KAWALE (83)
: YASH SAWARKAR (82)
: ANUP SINGH GAHLOD
SECTION:A
BRANCH: INFORMATION TECHNOLOGY
3. INDEX
1. Title……………………………………………………………………..1
2. Abstract……………………………………………………………….2
3. Introduction ……………………………………………………….2
4. Methodology……………………………………………………….3
5. Digital analysis tools……………………………………………3
6. Technique …………………………………………………………..4
7. Related work………………………………………………………..5
8. Analysis………………………………………………………………..6
9. Conclusion…………………………………………………………..15
10. Reference………………………………………………………….16
4. 2. ABSTRACT
In this Report we show how to conduct digital forensics on computers, Now days internet
continues to grow in day to day life of every human for social networks, information source,
research, communication and all that thinks that made easy to do. Due to its rapid development
and lacking of proper regulation the cyber crime increase in recent past years and investigators
have been facing the difficulty of digital evidence.Digital evidence is stored in computer can play a
major role in a wide range of crimes including murder, rape, hacked pc’s and servers etc.Digital
forensics can be classified into live and dead analysis a live can be performed while the system is
being running or not shutdown and dead analysis can be performed after the machine goes to off
condition in that case the data can also be lost.
3. INTRODUCTION
The increasing criminal activities using digital information as the means or target warrant for a
structured manner in dealing with them. As more information is stored in digital form it is very
likely that the evidence needed to process the criminal is also in digital form. For this paper
computer or digital forensics is defined as the use of an expert to preserve, analyse and produce
data from volatile and non volatile media storage.
Computer forensics is in the early stages of development and as a result problems are emerging
forensic analysis of computer system is a field that has been focused on a digital investigation of
any source of information. forensics investigation techniques has focused mostly on evidence
contained within the hard disk. But recently there has been demand for more tools and technique
to be developed for capturing memory images and analysing their content that is because user
input information that may be recovered from memory allocation.
5. 4. METHODOLOGY
Defining computer forensic require one more clarification. Many argue about whether computer
forensic is a science or art the argument is unnecessary, however the tools and methods are
scientific hence the word technique is often used to sidestep the unproductive science/art dispute.
5. DIGITAL FORENSIC TOOLS
A number of open source and commercial tools exist for computer forensic typically analysis
include a manual review of material on the media, reviewing the windows registry for suspect
information discovering and cracking password.
1>Name- backtrack 5r2 (linux operating system)-This OS has many forensic tools for analysis of
any compromised system or find security holes in that a large amount of open source bundled
packages are installed in that OS.
2>Ophcrack-This tool use to crack the hashes which generated by sam files of windows this
tools use rainbow tables to crack the hashes.
3>registry recon-That rebuild windows registry from anywhere on a hard drive and parses them
for deep analysis.
4>Nuix-A fraud prevention software. Full text search extract emails, credit cards numbers,
emails, ip address, URL’s skins tone analysis.
6. 6. TECHNIQUE
Live incident response-Collects all of the revelent data from the system that will be used to
confirm whether that incident occurred. Live incident response include collecting volatile and
non volatile data. Volatile data is information we would lose if we walked up to a device and
disconnected the power cord. Nonvolatile data includes data that would be very useful to collect
during digital forensic collection such as system event logs, user logons, and patch levels, among
many others.
Volatile vs. Nonvolatile data-
Some of the volatile data that should be collected includes system date and time, current network
connections, open TCP and UDP ports, which executables are opening UDP and TCP ports,
cached NETBIOS name table, users currently logged on, the internal routing table, running
processes, scheduled jobs, open files, and process memory dumps. This list is not all inclusive as
a forensic investigator must consider any and all possible variables during collection. However,
one thing that all these have in common is
that they would be lost if the power were removed from your target machine.
Cross-drive analysis-
A forensic technique that correlates information found on multiple hard drives. The process, still being
researched, can be used to identify social networks and for perform anomaly detection
Live analysis-
The examination of computers from within the operating system using custom forensics or existing
sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for
example, where the encryption keys may be collected and, in some instances, the logical hard drive
volume may be imaged before the computer is shut down.
Deleted files-
A common technique used in computer forensics is the recovery of deleted files. Modern forensic
software have their own tools for recovering or carving out deleted data. Most operating systems and file
systems do not always erase physical file data, allowing investigators to reconstruct it from the physical
disk sectors. File carving involves searching for known file headers within the disk image and
reconstructing deleted materials.
Steganography-
One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture
or digital image. This process is often used to hide pornographic images of children as well as information
that a given criminal does not want to have discovered. Computer forensics professionals can fight this by
looking at the hash of the file and comparing it to the original image While the image appears exactly the
same, the hashchanges as the data changes.
7. 7. RELATED WORK
UNIX Live Response-
Any forensic investigator should be prepared to encounter non-windows operating
systems such as DOS, Linux, and UNIX. This section will concentrate on UNIX live
response. In order to collect volatile data, we can utilize the following commands during
a UNIX live response:
a. System date and time – date
b. Current network connections – netstat
View USB History in Windows-
1. Windows stores information in the registry about every USB device plugged into the box. We
can view this information with the following command
c:userab>reg query hklnsystemcurrentcontrolsetenumusbstor /s
1>now open ur power shell command prompt
2>if to read the name is more complicated then use this command in power shell
PS c:> Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetEnumUSBSTOR**' | Select
FriendlyName
2. for user friendly view
PS c:> Get-ChildItem HKLM:SYSTEMControlSet001EnumUSBSTOR | Select-Object
PSChildname
8. 8. ANALYSIS
The approach for a digital investigation is performed on the basis of the physical crime scene
investigation process In the present case, a digital crime scene involves software- and hardware-
based digital environment. The process consists of three key stages: system preservation,
evidence searching and event reconstruction. These stages do not require occurring one after one,
and their flow is depicted in Figure 2 Moreover, it is possible
to use this procedure during investigation of both live and dead systems
Dead analysis works with trusted application in a trusted operation system in order to find the
evidence. Dead analysis seems to be better since the live analysis may result in obtaining false
information
Figure 2
9. CONCLUSION
It is hoped that this papers are helpful in introduction to computer forensic and the digital
forensic methodology. Currently there is still no authoritative technology standered so a large
quantity of thinks is waiting to be done This article and flow chart may serve as useful tool to
guide discussion among personal making forensic cyber crime lab in the computer crime and
intellectual property section is always available for consulation a combination of new
techonology and changing habits of use means that the forensic examiner must strive too keep up
to date with the latest development this paper has illustrated some of the technique to ensure a
greater understanding of the value of the the digital evidence available to ensure a stronger case
for the prosecution.
9. 10. Reference link
M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International
Journal of Digital Evidence. Retrieved 2 August 2010.
Carrier, Brian D (2007). "Basic Digital Forensic Investigation Concepts"
Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics.
McGraw Hill Professional. p. 544. ISBN 0-07-162677-8. Retrieved 27 August 2010.