Presentation is loading. Please wait.

Presentation is loading. Please wait.

FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.

Published byApril Copeland Modified over 6 years ago

Similar presentations

Presentation on theme: "FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device."— Presentation transcript:

1 FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device

2 IF the above data is in a .doc, .html, .txt THEN convert hex to ASCII
ASCII to Hex: A  41 B  42 C  43 D  44 42 IF the above data is in a .doc, .html, .txt THEN convert hex to ASCII IF .docx, .pdf THEN the content of the file has to be ‘mounted’ before being interpreted

3 “With the release of Office ‘07, Microsoft Word documents now use the same file format signature as a .ZIP file. If we were to view the entirety of the file with our HEX editor we would not uncover any legible ASCII characters. Why? The file structure and assembly instructions are contained within the file; thus, the file would need to be mounted by its native software in order for the contents to be viewed. Viewing and, more importantly, searching the contents of these “complex” files are possible once they are mounted. Forensic tools incorporate the software to mount these so that searching is possible”

4 4D The above code is the hex representation of a file Find out the file type (extension) (.txt,.doc,.zip,.html,.png,.jpg) What is the data stored in this file ?

5 HEX values represent pixel colors
.bmp file hex  color .png, jpg: same issue as .docx and .pdf File has to be mounted first, hex cannot be interpreted as colors

6

7 Go to the link above and follow the step by step instructions You will create a .bmp file by writing by writing hex code Step 1: and select new file Step 2: Paste the hex representation of the HEADER of a .bmp file Step 3: Choose a number of pixels that is divisible by 4: 4*4, 8*8, 16*16 Step 4: Create an image that looks like the image below

8 Take a Break This Photo by Unknown Author is licensed under CC BY-NC

9 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics IoT and Big Data Statistical analysis of data generated by IoT devices Machine learning and IoT data Research Paper Topics

10 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Research paper: 3000 words + Presentation References: At least three academic articles published in the last 5 years Reference: At least one theoretical chapter from a book or theoretical article explaining the concept you are investigating Research Paper Topics

11 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Specific Relevant Achievable within four/five weeks Topic 1: The dark web Topic 2: The selling/buying/sharing of illegal material on the Dark Web Topic 3: The uses of Dark Web by law enforcement to gather digital evidence Topic 4: Anti forensics Topic 5: Methods of wiping data Which topics are specific and which topics are NOT specific ? Research Paper Topics

12 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Specific Relevant Achievable within four/five weeks Write down 2 research topics that are NOT specific and one research topic that is specific Save your three topics to a file your list to LATER Research Paper Topics

13 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Choice of topic: Academic journals and Books

14 Legal and ethical issues
Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics “Timelining is a powerful tool for forensic analysis and contextual awareness. Many forensic tools can automatically structure files and data based on the time they were accessed, last changed, or deleted” (Arnes, 2018) Research Paper Topics

15 Legal and ethical issues
Conceptual Map Computer Forensics File Systems Forensics Network Forensics Mobile devices Forensics (Cyber)crimes The Dark Web Cybercriminals: Motivations and subcultures Legal and ethical issues Court admissibility Forensics and privacy rights Ethical issues in digital forensics Forensics Science Evidence preservation Writing forensics reports Anti forensics Create a conceptual map that summarizes the concepts related to file system forensics (Check the book, slides from class 8 and any other resources) Your map should include the following concepts: File carving, physical extraction, logical extraction, slack, partition table, file signature, file header, file mounting, RAM slack, drive slack, order of volatility Add to document, to Research Paper Topics

16 Purpose of examination Findings Conclusions
Writing Reports Case data Purpose of examination Findings Conclusions

17 Writing Reports “Case data, or similar in a criminal setting is simply information that describes the investigation that the examination is part of. Case data would include the name of the person that ordered the examination, some identifier information that identifies the evidence pieces that are subject to examination. Key point here is to maintain chain of custody or similar as well as being able to distinguish the examination from other examinations”

18 Writing Reports Examples of purpose of examination:
“The purpose of this examination was to identify if documents stolen during the break-in at samplestreet 41 was present on the computer. The suspect stated, in an interrogation, that the computer was hacked. Thus, the examination also included looking for evidence of remote control software, malicious software and evidence of intrusion” “The aim of the examination was to extract all pictures from the device”

19 Investigation of whether a suspect has used their laptop to visit a website where illegal services are advertised. (1) What is the case data, (2) Description of purpose of examination, (3) Findings and Conclusions.

20 C:\Windows\System32 \winevt\Logs\Security.evtx
Checking when a user logged on their device

Download ppt "FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device."

Similar presentations

DOCUMENT TYPES. Digital Documents Converting documents to an electronic format will preserve those documents, but how would such a process be organized?

DOCUMENT TYPES. Digital Documents Converting documents to an electronic format will preserve those documents, but how would such a process be organized?
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Technology for Computer Forensics by Alicia Castro.

Technology for Computer Forensics by Alicia Castro.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.

Encase Overview. What is Encase EnCase Forensic is the industry standard in computer forensic investigation technology. Encase is a single tool, capable.
The Concept and Advantages of Creating an eBook Business Presented by Milt Zee SCORE Chapter 476 Staten Island, NY.

The Concept and Advantages of Creating an eBook Business Presented by Milt Zee SCORE Chapter 476 Staten Island, NY.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Creating a Web Page HTML, FrontPage, Word, Composer.

Creating a Web Page HTML, FrontPage, Word, Composer.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 E-mail Investigations.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Using LIRN® Guide Click here to continue. Click here to exit. Click here to go to the Table of Contents.

Using LIRN® Guide Click here to continue. Click here to exit. Click here to go to the Table of Contents.
Create a Website on the CWU network Find “How to Post a Web Page with a PC”

Create a Website on the CWU network Find “How to Post a Web Page with a PC”
The SAU Website Workshop. Using the site Website Management The Campus Directory Form Manager Other available resources.

The SAU Website Workshop. Using the site Website Management The Campus Directory Form Manager Other available resources.
Teaching Digital Forensics w/Virtuals By Amelia Phillips.

Teaching Digital Forensics w/Virtuals By Amelia Phillips.
Copyright © 2008 Pearson Prentice Hall. All rights reserved. 1 Exploring Microsoft Office Word 2007 Chapter 8 Word and the Internet Robert Grauer, Keith.

Copyright © 2008 Pearson Prentice Hall. All rights reserved. 1 Exploring Microsoft Office Word 2007 Chapter 8 Word and the Internet Robert Grauer, Keith.
Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.

Plan My Move & MilitaryINSTALLATIONS May, 2008 Relocation Personnel Roles and Responsibilities MC&FP.
CSCI 1101 Intro to Computers 7.1 Learning HTML. 2 Introduction Web pages are written using HTML Two key concepts of HTML are:  Hypertext (links Web pages.

CSCI 1101 Intro to Computers 7.1 Learning HTML. 2 Introduction Web pages are written using HTML Two key concepts of HTML are:  Hypertext (links Web pages.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
8 Using Web Graphics Section 8.1 Identify types of graphics Identify and compare graphic formats Describe compression schemes Section 8.2 Identify image.

8 Using Web Graphics Section 8.1 Identify types of graphics Identify and compare graphic formats Describe compression schemes Section 8.2 Identify image.

Similar presentations

Ads by Google