Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Forensics 2 Lecture 8:Digital artefacts Presented by : J.Silaa Lecturer: FCI 25 Oct 2017.

Published byBrice Branden Chapman Modified over 6 years ago

Similar presentations

Presentation on theme: "Digital Forensics 2 Lecture 8:Digital artefacts Presented by : J.Silaa Lecturer: FCI 25 Oct 2017."— Presentation transcript:

1 Digital Forensics 2 Lecture 8:Digital artefacts Presented by : J.Silaa Lecturer: FCI 25 Oct 2017

2 Objectives Introduction Digital artifact types
Common Digital artifact locations Source location file systems Alteration Conclusion

3 Digital artifact Digital artifact is an artifact that is of a digital nature or creation. For example, a gif is such an artifact. Digital Forensics Focuses on preservation against undesired or unintended alteration when data is introduced in a digital process by an involved technique and technology. Digital artifact content can be of any content types including text, audio, video, image, animation or a combination

4 Digital artifact types
The following artifacts can be extracted from various locations Office documents, Registries, Important System files encrypted files , pictures ,videos mobile apps SQLite databases instant messenger charts,Social network charts(FaceBook,twitter etc),charts from multi-player online games and Web Artifacts such as s,browsing history, bookmarks, and cookies from Firefox, Chrome, and IE

5 Common Digital artifact locations
All imaginable source of data Storage device- Hard drives and removable media Disk images EnCase(including Ex01).FTK,X- Ways,raw(DD),SMART Logical images- L01,Lx01 Mobile devices - iPhone/iPad,Android and Blackberry backups Mobile dumps – UFED dumps,JTAG/chip-off dumps Virtual machines- VMWare,Virtual PC,Virtual Box,XenServer,cloud Volatile memory- Live RAM dumps Fragmented memory set (analysis with belkaCarving) Virtual memory – Hibernation files and page files SMART Disk Image Converter - Convert your disk image to various file types. JTAG =Joint Test Action Group UFED Reader is a software tool which allows users to share analysis reports with other authorized personnel including colleagues, other investigators, lawyers etc. Features Include: - Advanced Analyzing Capabilities: Search and Entity bookmark functionalities

6 Artifacts:Source location file systems
FAT,FAT16,FAT32,extFAT NTFS HFS,HFS+ APFS Ext1,ext2,ext3 YAFFS,YAFFS2 JFFS2 Etc The Mac OS Extended Volume Hard Drive Format, otherwise known as HFS+, is the file system found on Mac OS 8.1 and later, including Mac OS X. It is an upgrade from the original Mac OS Standard Format known as HFS (HFS Standard), or Hierarchical File System, supported by Mac OS 8.0 and earlier. Apple File System (APFS) is a proprietary file system for macOS, iOS, tvOS and watchOS, developed and deployed by Apple Inc. It aims to fix core problems of HFS+ (also called Mac OS Extended), APFS’s predecessor on these operating systems Yaffs (Yet Another Flash File System) is an open-source file system specifically designed to be fast, robust and suitable for embedded use with NAND and NOR Flash. It is widely used with Linux, RTOSs, or no OS at all, in consumer devices and critical infrastructure. JFFS2 is a log-structured file system designed for use on flash devices in embedded systems. Rather than using a kind of translation layer on flash devices to emulate a normal hard drive, as is the case with older flash solutions, it places the filesystem directly on the flash chips.

7 Digital artifacts alteration
, memorhi, cabling malfunctions, etc., corrupts data. Are vulnerable to; Editing: resampling, resizing and rotations Transformation Image enhancement: smoothing, contrasting algorithm flaws such as decoding/encoding audio or video, Lossy Compression Pixelization or aliasing Software malfunctions -Algo flaws such as decoding/encoding audio or video Texture corruption and T-vertices in 3D graphics, and pixelization in MPEG compressed video. Aliasing: Digital imprecision generated in the process of converting analog information into digital space is due to the limited granularity of digital numbering space. In computer graphics, aliasing is seen as pixilation

8 Conclusion Comay be genera a result of the use lossy compression techniques. To establish a sound forensics evidence its necessary to know the source/location of digital artefacts Digital artifacts like any other forensics evidences are susceptible to alteration One example is the artifacts seen in JPEG and MPEG compression algorithms that produce compression artifacts. Aliasing: Digital imprecision generated in the process of converting analog information into digital space is due to the limited granularity of digital numbering space. In computer graphics, aliasing is seen as pixilation . Rolling shutter, the line scanning of an object that is moving too fast for the image sensor to capture a unitary image. Error diffusion: poorly-weighted kernel coefficients result in undesirable visual artifacts

9 Reference https://www.youtube.com/watch?v=ZA4kAAeuCw0&t=2312s
Rivest, Shamir, and Adelma :RSA encryption

Download ppt "Digital Forensics 2 Lecture 8:Digital artefacts Presented by : J.Silaa Lecturer: FCI 25 Oct 2017."

Similar presentations

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 6A Operating System Basics PART II.
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 7. Systems Software 1 System Software This software is used to provide the.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 7. Systems Software 1 System Software This software is used to provide the.
Web Design Vocab 3 PNG, JPG, GIF, MP3, MPEG.

Web Design Vocab 3 PNG, JPG, GIF, MP3, MPEG.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
File Management Chapter 3

File Management Chapter 3
Sounds, Images & Other Objects Website Production.

Sounds, Images & Other Objects Website Production.
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.

Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 6: Operating Systems and Data Transmission Basics for Digital Investigations.
October 2001Sheffield Hallam University1 Raster Graphics Raster formats used for storing digitized photographs, scanned artwork. comprised of individual.

October 2001Sheffield Hallam University1 Raster Graphics Raster formats used for storing digitized photographs, scanned artwork. comprised of individual.
Computers Are Your Future Eleventh Edition Chapter 5: Application Software: Tools for Productivity Copyright © 2011 Pearson Education, Inc. Publishing.

Computers Are Your Future Eleventh Edition Chapter 5: Application Software: Tools for Productivity Copyright © 2011 Pearson Education, Inc. Publishing.
I have lost all my vacation pictures due to memory card corruption. Can I get them back? I have accidently deleted some important Photos, Music files.

I have lost all my vacation pictures due to memory card corruption. Can I get them back? I have accidently deleted some important Photos, Music files.
Part A Multimedia Production Rico Yu. Part A Multimedia Production Ch.1 Text Ch.2 Graphics Ch.3 Sound Ch.4 Animations Ch.5 Video.

Part A Multimedia Production Rico Yu. Part A Multimedia Production Ch.1 Text Ch.2 Graphics Ch.3 Sound Ch.4 Animations Ch.5 Video.
HYPERTEXT MARKUP LANGUAGE (HTML)

HYPERTEXT MARKUP LANGUAGE (HTML)
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Skill Area 212 Introduction to Multimedia Internet and MultiMedia for SC 2.

Skill Area 212 Introduction to Multimedia Internet and MultiMedia for SC 2.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Chapter Three OPERATING SYSTEMS.

Chapter Three OPERATING SYSTEMS.
Your Interactive Guide to the Digital World Discovering Computers 2012.

Your Interactive Guide to the Digital World Discovering Computers 2012.
Unit 30 P1 – Hardware & Software Required For Use In Digital Graphics

Unit 30 P1 – Hardware & Software Required For Use In Digital Graphics
IC3 Chapter 8 Computer Fundamentals

IC3 Chapter 8 Computer Fundamentals
Lesson 6 Operating Systems and Software

Lesson 6 Operating Systems and Software

Similar presentations

Ads by Google