FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.

Slides:



Advertisements
Similar presentations
DOCUMENT TYPES. Digital Documents Converting documents to an electronic format will preserve those documents, but how would such a process be organized?
Advertisements

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Technology for Computer Forensics by Alicia Castro.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.
The Concept and Advantages of Creating an eBook Business Presented by Milt Zee SCORE Chapter 476 Staten Island, NY.
Capturing Computer Evidence Extracting Information.
Creating a Web Page HTML, FrontPage, Word, Composer.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Using LIRN® Guide Click here to continue. Click here to exit. Click here to go to the Table of Contents.
Create a Website on the CWU network Find “How to Post a Web Page with a PC”
The SAU Website Workshop. Using the site Website Management The Campus Directory Form Manager Other available resources.
Teaching Digital Forensics w/Virtuals By Amelia Phillips.
Copyright © 2008 Pearson Prentice Hall. All rights reserved. 1 Exploring Microsoft Office Word 2007 Chapter 8 Word and the Internet Robert Grauer, Keith.
Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.
CSCI 1101 Intro to Computers 7.1 Learning HTML. 2 Introduction Web pages are written using HTML Two key concepts of HTML are:  Hypertext (links Web pages.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
8 Using Web Graphics Section 8.1 Identify types of graphics Identify and compare graphic formats Describe compression schemes Section 8.2 Identify image.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Introduction to web development and HTML MGMT 230 LAB.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
Project Two Adding Web Pages, Links, and Images Define and set a home page Add pages to a Web site Describe Dreamweaver's image accessibility features.
Files Chapter 4.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
AGB 3/26/121 ++=. 2 Yes, believe it or not this is a complete webpage. It has a Head, Title and Body between the start and end HTML Tag.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
By: Kem Forbs Advanced Google Search. Tips and Tricks Keywords: adding additional terms or keywords can redefine your search and make the most relevant.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.
Lindsey Velez, Director of Instructional Technology Single Sign-On One Click.
INTRODUCING THE PBLA ONLINE RESOURCE BANK. WHAT IS THE ONLINE RESOURCE BANK? A Place to Find Resources Easy access to general knowledge primers, legislation,
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Reference Management Module I: Introduction By Rehema Chande-Mallya(PhD)
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
Creating Section 508 Compliant Documents & Presentations
Introduction to Scanners
PhD Oral Exam Presentation
Instructor Materials Chapter 13: The IT Professional
How to get started with RefWorks
Chapter 3 Image Files © 2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website,
HTTP AND ABSTRACTION ON THE INTERNET
Encase Overview.
The Internet Industry Week Two.
Computing Fundamentals
CaRT eCapacity Initiative Ghana Productivity Apps
Legal, Regulations, Compliance and Investigations
How to get started with RefWorks
Chapter 3 Image Files © 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
IMAGE SIZE AND RESOLUTION
Adding Assignments and Learning Units to Your TSS Course
Digital Literacy Computational Thinking and Coding
Computer Forensics Discovery and recovery of digital evidence
Acquisition and Examination of Forensic Evidence
Creating Section 508 Compliant Documents & Presentations
Creating Transcripts of Your Narrated PowerPoints Richard Oliver Department of Information Systems 2018 Quality in Online Education Conference.
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Interpreting Binary Data
Topics Introduction Hardware and Software How Computers Store Data
Creating Section 508 Compliant Documents & Presentations
File Extension Mini-Lesson
Exam Information CSI5107 Network Security.
Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall.
Ad Hoc Phase Structured Phase Enterprise Phase
File Management Staying Organized.
ICT Word Processing Lesson 1: Introduction to Word Processing
Chapter 13: The IT Professional
Hashing files Searching files for keywords
Presentation transcript:

FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device

IF the above data is in a .doc, .html, .txt THEN convert hex to ASCII ASCII to Hex: A  41 B  42 C  43 D  44 42 IF the above data is in a .doc, .html, .txt THEN convert hex to ASCII IF .docx, .pdf THEN the content of the file has to be ‘mounted’ before being interpreted

“With the release of Office ‘07, Microsoft Word documents now use the same file format signature as a .ZIP file. If we were to view the entirety of the file with our HEX editor we would not uncover any legible ASCII characters. Why? The file structure and assembly instructions are contained within the file; thus, the file would need to be mounted by its native software in order for the contents to be viewed. Viewing and, more importantly, searching the contents of these “complex” files are possible once they are mounted. Forensic tools incorporate the software to mount these so that searching is possible”

4D414453203639370000 The above code is the hex representation of a file Find out the file type (extension) (.txt,.doc,.zip,.html,.png,.jpg) What is the data stored in this file ?

HEX values represent pixel colors .bmp file hex  color .png, jpg: same issue as .docx and .pdf File has to be mounted first, hex cannot be interpreted as colors

http://magazine.art21.org/2011/09/13/how-to-create-a-bitmap-image-file-by-hand-without-stencils Go to the link above and follow the step by step instructions You will create a .bmp file by writing by writing hex code Step 1: https://hexed.it/ and select new file Step 2: Paste the hex representation of the HEADER of a .bmp file Step 3: Choose a number of pixels that is divisible by 4: 4*4, 8*8, 16*16 Step 4: Create an image that looks like the image below

Take a Break This Photo by Unknown Author is licensed under CC BY-NC

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics IoT and Big Data Statistical analysis of data generated by IoT devices Machine learning and IoT data Research Paper Topics

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Research paper: 3000 words + Presentation References: At least three academic articles published in the last 5 years Reference: At least one theoretical chapter from a book or theoretical article explaining the concept you are investigating Research Paper Topics

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Specific Relevant Achievable within four/five weeks Topic 1: The dark web Topic 2: The selling/buying/sharing of illegal material on the Dark Web Topic 3: The uses of Dark Web by law enforcement to gather digital evidence Topic 4: Anti forensics Topic 5: Methods of wiping data Which topics are specific and which topics are NOT specific ? Research Paper Topics

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Specific Relevant Achievable within four/five weeks Write down 2 research topics that are NOT specific and one research topic that is specific Save your three topics to a file Email your list to louai@fdu.edu LATER Research Paper Topics

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Academic journals and Books

Legal and ethical issues Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics “Timelining is a powerful tool for forensic analysis and contextual awareness. Many forensic tools can automatically structure files and data based on the time they were accessed, last changed, or deleted” (Arnes, 2018) Research Paper Topics

Legal and ethical issues Conceptual Map Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Create a conceptual map that summarizes the concepts related to file system forensics (Check the book, slides from class 8 and any other resources) Your map should include the following concepts: File carving, physical extraction, logical extraction, slack, partition table, file signature, file header, file mounting, RAM slack, drive slack, order of volatility Add to document, Email to louai@fdu.edu Research Paper Topics

Purpose of examination Findings Conclusions Writing Reports Case data Purpose of examination Findings Conclusions

Writing Reports “Case data, or similar in a criminal setting is simply information that describes the investigation that the examination is part of. Case data would include the name of the person that ordered the examination, some identifier information that identifies the evidence pieces that are subject to examination. Key point here is to maintain chain of custody or similar as well as being able to distinguish the examination from other examinations”

Writing Reports Examples of purpose of examination: “The purpose of this examination was to identify if documents stolen during the break-in at samplestreet 41 was present on the computer. The suspect stated, in an interrogation, that the computer was hacked. Thus, the examination also included looking for evidence of remote control software, malicious software and evidence of intrusion” “The aim of the examination was to extract all pictures from the device”

Investigation of whether a suspect has used their laptop to visit a website where illegal services are advertised. (1) What is the case data, (2) Description of purpose of examination, (3) Findings and Conclusions.

C:\Windows\System32 \winevt\Logs\Security.evtx Checking when a user logged on their device

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.