Reference no: EM132987695

BIT362 Digital Forensics

Part A (700 words)

1. Convert your student number to the MD5 hash.

2.Save hash in a notepad file.

3.Record the hash of the file.

4.Does either of the following change the hash? Why/Why not.
(i) Change Attributes (Read-Only/Hidden)
No change
(ii) Change Permissions (Full Control/Modify/Read/Write)
No change
(iii) Change extensions (e.g., *.txt to *.exe)
MD5 hash cannot be found.
(iv) Chang email to yourself and download it.
No change
(v) Append the file with spaces.
No change
(vi) Remove the spaces (in (v))
No change
(vii) Delete the file and recover it with forensics software (e.g. Autopsy)
File recover using autopsy but no change to MD5 hash.

(viii) Delete the file and recover it with backup software (e.g., photorec)

Complete the following:
(ix) In Wireshark what was the sender and destination IP?

(x) What is the hash of the packet?

(xi) What is the hash of the content?

(xii) Did the destination reply?

1. Does either of the following change the hash? Why/Why not.
Send the file 10 times.
Does the hash of the packet change?

2.Does the hash of the content change?

3.Import the notepad file as a Hash Import to Forensic Software. Search for all occurrences of the hash. Does it search for the file or content of a file? Explain.

4. Open the content of the packet use a Reserve MD5 hash. What was the end value?

5. View and explain the history of your network traffic with Wireshark.

6. View and explain the history of your system using a forensic tool such as Autopsy (or Event Viewer - explain what you have done on a system).

PART B:

REFLECTION:

Digital forensics is one of the rare units in which we must examine everything to look for the results. To Identify and monitor a cybercriminal, as well as aid in criminal prosecution. How to construct an investigation properly and legally, and how to recognize and protect evidence, are covered in digital forensic.

We have understood the involvement of law enforcement in an investigation of cybercrime, as well as how these professionals collaborate with and complement the work of a cybersecurity expert throughout a digital forensics' investigation.

Digital forensic is not about easy or hard, it is about the willingness and interest of the person. It involves critical analysis which is interesting but sometimes it gets complicated because of tangled cases that require a lot of time to solve.

An autopsy is a powerful hard drive investigative tool that includes features such as multi-user events, timeline analysis, registry analysis, keyword check mail analysis, media playback, EXIF analysis, malicious data detection, and more. Since autopsy generates results in real-time, it is more compatible than other forensics methods.

For future, digital forensics is used for data recovery from hard drives that have been destroyed or deleted, Hacker tracing, Collecting and protecting evidence, Investigative reports are written and reviewed, Working with computers and other electronic devices is a common occurrence, Working in near collaboration with other cops and detectives, securing a device or computer to prevent it from being tampered, Depending on the type of case we have to investigate, we'll need to use a variety of forensic instruments and software to retrieve and analyse evidence, as well as deal with extremely sensitive or confidential data or photographs, Recover files that have been damaged or removed, or gain access to files that have been locked, secured, or encrypted, unlock digital photos that have been password-protected to conceal the identity of a location or individual.

As the world is changing drastically, so to cope up with the challenges and crises we are facing right now we have to practice this.

Attachment:- Digital Forensics.rar