Scribd
Upload
31 views

Practical 1

Digital forensics involves identifying the responsible party behind digital crimes using various techniques and tools. Key tools include EnCase Forensic, FTK, and Prodiscover, as well as several open-source options like Magic Rescue and Autopsy. Digital forensics can recover deleted files, track malware sources, and extract critical information from devices.

Uploaded by

figib39200
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
31 views

Practical 1

Digital forensics involves identifying the responsible party behind digital crimes using various techniques and tools. Key tools include EnCase Forensic, FTK, and Prodiscover, as well as several open-source options like Magic Rescue and Autopsy. Digital forensics can recover deleted files, track malware sources, and extract critical information from devices.

Uploaded by

figib39200
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

PRACTICAL 1:

Study of Computer Forensics and different tools used for forensic investigation at least 7.

What Is Digital Forensics?


Digital forensics is the field of determining who was responsible for a digital intrusion or other computer
crime. It uses a wide range of techniques to gain attribution to the perpetrator.
It relies upon the fundamental concept that whenever a digital intrusion or crime is committed, the
perpetrator inadvertently leaves a bit of themselves behind for the investigator to find. These "bits" could be
entries in log files, changes to the registry, hacking software, malware, remnants of deleted files, etc. All of
these can provide clues and evidence to determine their identity and lead to the capture and arrest of the
hacker.
As a hacker, the more you know and understand about digital forensics, the better you can evade the
standard forensic techniques and even implement anti-forensic measures to throw off the investigator.

The Digital Forensic Tools


Just like in hacking, there are a number of software tools for doing digital forensics. For the hacker,
becoming familiar with these tools and how they work is crucial to evading them. Most digital forensic
investigators rely upon three major commercial digital forensic suites.
1. Guidance Software's EnCase Forensic
2. Access Data's Forensic Tool Kit (FTK)
3. Prodiscover

These three suites are comprised of multiple tools and reporting features and can be fairly expensive. While
these suites are widely used by law enforcement, they use the same or similar techniques as the free open-
source suites without the fancy interfaces.

What Can Digital Forensics Do?


 Recovering deleted files, including emails
 Determine what computer, device, and/or software created the malicious file, software, and/or attack.
 Trail the source IP and/or MAC address of the attack.
 Track the source of malware by its signature and components.
 Determine the time, place, and device that took a picture.
 Track the location of a cell phone enabled device (with or without GPS enabled).
 Determine the time a file was modified, accessed or created (MAC).
 Crack passwords on encrypted hard drives, files, or communication.
 Determine which websites the perpetrator visited and what files he downloaded.
 Determine what commands and software the suspect has utilized.
 Extract critical information from volatile memory.

List of Forensic tools:


1. Magic Rescue:
Magic Rescue opens devices for reading, scans them for file types it
knows how to recover and calls an external program to extract them. It
looks at "magic bytes" in file contents, so it can be used both as an
undelete utility and for recovering a corrupted drive or partition. It
works on any file system, but on very fragmented file systems it can
only recover the first chunk of each file. These chunks are sometimes as
big as 50MB, however.

2. Scalpel:

Recover files from a disk image or raw block device based on headers and
footers specified by the user.

3. Autopsy:

Autopsy is a digital forensics platform and graphical interface to The Sleuth Kit®
and other digital forensics tools. It is used by law enforcement, military, and
corporate examiners to investigate what happened on a computer. You can even use
it to recover photos from your camera's memory card.
4. ProDiscover:

ProDiscover helps in efficiently uncovering files and data of interest. Wizards, dashboards and
timeline views help in speedily discovering vital information. Investigators are provided with a wide
range of tools and integrated viewers to explore the evidence disks and extract artifacts relevant to
the investigation. ProDiscover combines speed and accuracy, with ease of use and is available at an
affordable price.

5. Forensic Toolkit:
Forensic Toolkit, or FTK, is computer forensics software originally developed by AccessData, and
now owned and actively developed by Exterro. It scans a hard drive looking for various information.
[1]
It can, for example, potentially locate deleted emails[2] and scan a disk for text strings to use them
as a password dictionary to crack encryption.
6. BinWalk:
7.
Binwalk is a tool for searching a given binary image for embedded files and
executable code. Specifically, it is designed for identifying files and code
embedded inside of firmware images. Binwalk uses the libmagic library, so
it is compatible with magic signatures created for the Unix file utility.

8. HashDeep:

Hashdeep is a set of tools to compute MD5, SHA1, SHA256, tiger and whirlpool hashsums of arbitrary
number of files recursively.
The main hashdeep features are:
o It can compare those hashsums with a list of known hashes;
o The tools can display those that match the list or those that does not match;
o It can display a time estimation when processing large files.
o It can do piecewise hashing (hash input files in arbitrary sized blocks).

9. Bulk Extractor :

Bulk Extractor is a C++ program that scans a disk image, a file, or a directory of files and extracts
useful information without parsing the file system or file system structures. The results are stored in
feature files that can be easily inspected, parsed, or processed with automated tools. Bulk Extractor
also creates histograms of features that it finds, as features that are more common tend to be more
important.

10. pdf-Parser:

This tool will parse a PDF document to identify the fundamental elements used in the analyzed file.
It will not render a PDF document.

11. Guymager:

The forensic imager contained in this package, guymager, was designed to support different image
file formats, to be most user-friendly and to run really fast. It has a high speed multi-threaded engine
using parallel compression for best performance on multi-processor and hyper-threading machines.

You might also like