A

Micro Project Report

ON

Study on Digital Forensic.

SUBMITTED BY

Karan sathe.(40)

Under Guidance of

MR. Samadhan Thokal sir

Diploma Course in Computer Technology

(As per directives of I Scheme, MSBTE)

JAYWANT SHIKSHAN PRASARK MANDA

BHIVARABAI SAWANT POLYTECHNIC, PUNE - 412207

Board of technical Education

Certificate

This is to certify that Mr.karan prakash sathe with Roll No. 40 of

Sixth Semester of Diploma in Computer Engineering of Institute

Bhivarabai Sawant Polytechnic Wagholi , Pune has successfully

completed the Micro-Project in Environmental Technology Initiative (22618)

Place: Wagholi, Pune Enrollment No: 1910870046

Date: 24 Apr 2022 Exam seat No:

MS.WALE SWATI . MS.S.GAIKWAD . Dr.P.T KALE

Subject Teacher Head of Department Princelple

forensics is the development of software application

tools/computer forensics tools. The platform on which the data

are stored varies from controllers on the industrial machines,

autonomous devices, personal computers, mobile devices,

computer networks, cloud-based systems and servers. There are

many types of digital forensics tools available in the market in

which one of the core features of is to preserve the original file

or data after the data is recovered from these devices, so they can

be compared with the original data and make sure that the

extracted date is not contaminated or tampered with. There are some basic principles that need to
be notices while

using digital forensic tools. When the data is collected, the data

should not be altered. People who are using the digital forensic

tools should have a documentation of all their activity. And the

main principle is the access to the original document should be

restricted to prevent any alteration or modification of the

evidence.

2.LITERATUREREVIEW :
With the emergence of digital forensics and its applications

in industry, tools were emerging in the market that began

focusing on different types of problems that deal with forensic

investigation. In 2010 Garfinkel presented his work called

Digital forensics research: The next 10 years [8] which portrays

the crisis that might be confronted by the developers in the

subject of digital forensics. We see the problems that were

overcome since 2010 and the ones that still remain challenging.
The crisis that were analyzed by Simson L. Garfinkel are

Vishal R. Ambhire, Dr. B.B. Meshram [1] has explained in

the paper Digital Forensic Tools the process and the flow of a

digital forensic investigation. The process starts after the incident is reported or a crime is detected.
After that it goes in

the flow as shown in Fig. 1

3.DIGITAL FORENIC TOOL :

Guidance Software are the creators of EnCase [6], [12]. It is

one of the widely used forensic tools in world. In fact, 90% of

the consumer goods companies around the world, 93% of the

banks, 100% of the federal agencies, 75% of the power

distributors and 80% of the Universities in the U.S. use Encase.

The investigation lifecycle is almost the same that is being

described in [2] starting with investigation then collecting data

analyzing it and then generating a report.

Triage: EnCase Forensic gives you the capacity to rapidly view

and inquiry potential confirmation to figure out if assist

examination is justified.

Collect: It helps to obtain more evidence by collecting from a

variety of file formats and operating systems.

Decrypt: Here, it uses Tableau Hardware for password

recovery and decryption is done.

Process: As EnCase is built specifically for speed and

performance which can automate complicated queries.

B.Digital Forenic Framwork:

Digital Forensics Framework [13] is an Open Source

forensics platform which is developed on a customized

Application Programming Interface. Mostly used by the law

enforcement agencies, educational institutions and private

DFF which is free, DFF Pro: 1,000€ for one-year support and

DFF Live: 1,300€ for one-year support. DFF free will not get

any professional support, report editor, automation engine, user

activities reporting, hash scanner and skype analysis when

compared with DFF Pro and DFF Live.

The following are the features of DFF:

 It can perform Cryptographic hash calculation

 Can perform EXIF meta-data extraction

 Can import all Microsoft Outlook mailboxes

 Memory Dump analysis

 Scripting and batching capabilities

 Instinctive reporting of valuable information and web-

browsing

 Can automatically extract data

 Can perform investigation during live and static

Analysi.

3. Pro Discover:

 It allows inspection, image capture and search of

Hardware Protected Area

 To find the data, it uses Boolean search capability to

search for regular expressions and keywords

 It is flexible and fast

 ProDiscover Incident Response Edition can help to stop

the threat within the minutes of alert

 One can install the SMART AGENT when required and

can remove when it is done

 It also comes with malware discovery hash sets

 Uses Perl Scripts for performing investigation tasks

 It creates automatic reports with the information.

4.ANALYSIS:
The reference [8] have described the crisis that the developer

might face. So, we have compared the challenges with the

present scenario of the tools available and have suggested which

framework is helpful in resolving the problem. The first problem

they discussed was related to the time that was taken by the tool

to make analysis of the device. The tools that have successfully

solved the barrier of time are EnCase, DFF, Pro-Discover, FTK,

Bulk_Extractor, X-ways forensics, The Sleuth Kit and

WindowsSCOPE.

The second hindrance specified in [8] was related to

operating system. For instance, EnCase can run on Windows,

Linux, Dos and MAC. Similarly, there are different tools that

bolster various stages, for example, DFF, Pro-Discover, X-ways

Forensics, FTK, The Sleuth Kit, Bulk_Extractor.

placed on the same computers. For example, if the file is stored

on computer A than another piece of file related to that might be

stored in computer B then, there should some kind of forensic

tools that should be able to extract the information out of this

networks. The tools that are used to extract this files present on

different computers are EnCase, Quest changeauditor,

WindowSCOPE, X-ways Forensic, FTK.

The fourth issue that is mentioned in [8] by the authors is

what if the information is stored away in the cloud. The tools

that are used to resolve this scenario are EnCase, Quest

changeauditor, WindowsSCOPE, Bulk_Extractor.

5.REFERENCE:
[1] Vishal R. Ambhire and Dr. B.B. Meshram, “Digital Forensic Tools”,

IOSR Journal of Engineering, Mar, 2012, Vol. 2(3) pp.392-398

[2] Varsha Karbhari Sanap, Vanita Mane “Comparative Study and

Simulation of Digital Forensic Tools”, International Conference on

Advances in Science and Technology 2015 (ICAST 2015)

[3] Charles W. Adams, “Legal Issues Pertaining to the Development of

Digital Forensic Tools”, Third International Workshop on Systematic

Approaches to Digital Forensic Engineering, pp.123-132.

[4] Dan Manson, Anna Carlin, Steve Ramos, Alain Gyger, Matthew

Kaufman, Jeremy Treichelt, “Is the Open Way a Better Way? Digital

Forensics using Open Source Tools”, Proceedings of the 40th Hawaii

International Conference on System Sciences, Jan. 29, 2007.

[5] George Grispos, Tim Storer, William Bradley Glisson, “A comparison of

forensic evidence recovery techniques for a windows mobile

smartphone”, Digital Investigation, Volume 8, Issue 1, July 2011, pp. 23–

36.
[6] Lee Garber, “EnCase: A Case Study in Computer-Forensic Technology”,

Computer Magazine, Jan 2001.

[7] Mamoona Rafique, M.N.A.Khan, “Exploring Static and Live Digital

Forensics: Methods, Practices and Tools”, International Journal of

Scientific & Engineering Research Volume 4, Issue 10, Oct 2013

[8] Simson L. Garfinkel, “Digital forensics research: The next 10 years”, The

International Journal of Digital Forensics & Incident Response, Volume

7, Supplement, Aug 2010, pp. 64–S73 Naval Postgraduate School,

Monterey, USA.

[9] Ben Martini and Kim-Kwang Raymond Choo, “An integrated conceptual

digital forensic framework for cloud computing”, The International

Journal of Digital Forensics & Incident Response, Volume 9, Issue 2, Nov

2012, pp. 71–80

[10] D. Parker, Crime by Computer, Scribner’s, New York, 1976.

[11] Simson L. Garfinkel, “Digital media triage with bulk data analysis and

bulk_extractor”, The International Journal of Digital Forensics & Incident

Response, Volume 32, Feb 2013, pp. 56–72.

[12] EnCase tool, https://www.guidancesoftware.com/encase-forensic.

[Accessed: 2- Oct- 2016].

[13] Digital Forensics Framework tool, http://www.arxsys.fr/features/.

[Accessed: 2- Oct- 2016].

[14] Pro-Discover tool, http://www.arcgroupny.com/services/computer-

forensics/. [Accessed: 2- Oct- 2016].

[15] X-Ways Forensics tool, http://www.x-ways.net/forensics/. [Accessed: 2-

Oct- 2016].

[16] Quest changeauditor tool, https://www.quest.com/change-auditor/.

[Accessed: 28- Oct- 2016].

[17] The Sleuth Kit, http://www.sleuthkit.org/autopsy/features.php.

[Accessed: 28- Oct- 2016].

[18] Computer Online Forensic Evidence Extractor, https://cofee.nw3c.org/.

[Accessed: 28- Oct- 2016].

10- Nov- 2016].

[20] WindoesScope, https://www.windowsscope.com/products/. [Accessed:

12- Nov- 2016].

[21] SANS Investigative Forensic Toolkit, http://digital-

forensics.sans.org/community/downloads. [Accessd: 20- Nov- 2016].

[22] Forensic Toolkit, http://accessdata.com/solutions/digital-

forensics/forensic-toolkit-ftk. [Accessed: 20- Nov- 2016].

[23] K. Barker, M. Askari, M. Banerjee, K. Ghazinour, B. Mackas, M. Majedi,

S. Pun, and A. Williams. A data privacy taxonomy. In BNCOD 26:

Proceedings of the 26th British National Conference on Databases, pages

42–54, Berlin, Heidelberg, July 2009. Springer Verlag.