Learning Goal: I’m working on a computer science project and need guidance to he

Learning Goal: I’m working on a computer science project and need guidance to help me learn.Project 4: EnCase Investigations One of the most common commercial digital forensic tools is EnCase, an integrated tool used in many types of digital forensic investigations, with a focus on computers and servers.Additional Access Data tools that are commonly used include Password Recovery Toolkit (PRTK) and Registry Viewer. There are three steps in this project. In those steps, you will use EnCase and other tools to image two computers and a thumb drive or USB stick. Each step in the project requires you to respond to detectives’ questions based on computer images.The final assignment is a paper that helps detectives better understand the use of EnCase to access and image computers and thumb drives. In Step 1, you introduce detectives to the basics of forensic digital investigation by creating an image using EnCase. Step 1: Create an Image in FTK ImagerOne of the first steps in conducting digital forensic investigations involves creating a forensic image of the digital evidence disk or drive. Digital forensics evidence can be found in operating systems, disk drives, network traffic, emails, and in software applications. To help the detectives in your department to better understand the digital forensics investigation process, you have offered to show them how you create an image using FTK Imager. Media investigations of digital storage devices can include audio files, pictures, videos, words, portions of files, graphic files, and information about a file. Graphics files can be a rich source of forensic evidence.Because you are pressed for time, you go to the virtual lab and decide to create an image of the “My Pictures” directory on your computer. This process is similar to making a full computer image, but it takes only a few minutes rather than several hours. You are preparing a report describing the steps that you follow so the detectives can refer to it later. You will include a screenshot and text file (DFC620_Lab1_Name.ad1) that document your imaging process with information such as hash values. Step 2: Process an Image From the Suspect Mantooth’s ComputerIn the previous step, you imaged a directory for a forensic report using FTK Imager. Now the detectives have requested additional analysis, so you decide to go to the virtual lab and use EnCase to access user account information for the image from a computer owned by a suspect named Mantooth. Detectives don’t yet have the suspect’s first name and are seeking more information.Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering. Step 3: Process an Image From the Suspect Washer’s ComputerThe Mantooth image has provided a lot of new information, but the detectives want more. EnCase is the tool that can uncover it. An image has been taken of the hard drive in a computer belonging to a suspect named Washer.Key words: examining metadata, file systems, hexadecimal, ASCII, operating systems, report writing, file system information gathering. Step 4: Submit Final PaperThe time has come to combine work products from the earlier steps into a final paper summarizing the use of EnCase. You submit it to the detectives (your instructor) and cross your fingers that it contains everything they need to know about the tools available for accessing and imaging forensic data.
Requirements: 10

Leave a comment

Your email address will not be published. Required fields are marked *