Image Source: thecomputerforensics.info. DAY ONE (Monday) › Lecture and TWO activities Activity...

Image Source: thecomputerforensics.info

DAY ONE (Monday)› Lecture and TWO activities

Activity One: Who are you? Activity Two: Digital Forensic Cases

DAY TWO (Tuesday)› Lecture and ONE activity

Activity Three: Acquiring an Image of Evidence Media and Recovering a Deleted File

DAY THREE (Wednesday)› Lecture and THREE activities

Activity Four: Cookies and Grabbing Passwords with Wireshark Activity Five: Encryptor and Decryptor Activity Six: Steganography

DAY FOUR (Thursday) Activity Seven: Digital Photo Scavenger Hunt Activity Eight: Writing a wrap-up report Activity Nine: Preparing the Friday Presentation

DAY Five (Friday) Presentation in the closing session

Summer Bridge Program at Radford University 2

Activity TwoBy: Aqurra C. , Autumn P. , Que J., Tiyana M.

BTK Killer

In January 1975 , he killed

four family members: Joseph

Otero, 38/ Julie (his wife), 34/

Joseph II and Josephine (his

two kids), 9 and 11

Over 15 years killed 6 other

females

He killed his 4 family

members by strangling them

and then took a radio and

watch

More About BTK Killer

In 1974 he started to go under

the name BTK Strangler and he

sent teases to the police about

his killings (BTK: bind , torture ,

strangle )

After sending the floppy disk

to the police they were able

to track him down and

capture him.

Chat History

Advantages You can talk to anyone

online about whatever you want and not be judged.

You can feel safe behind a computer screen.

You can remain anonymous.

You can go by a nickname.

Its fun, free, quick, and easy.

Good for shy people. Good for people who

wants to learn new things about people all around the world.

People can empty out their souls without being under pressure.

Chat History

Disadvantages

People can lie about their identity.

Can lead to a plethora of scams.

Lack of emotion. Can be dangerous if

the personal details are passed on.

Can go offline without warning.

Young ones could easily be fooled by older people.

Could be a place for foul language and cyber sex.

Summary In this activity we learned that many

sources of digital evidence can be used in solving a crime.

Almost ever crime involves a type of digital evidence. Without forensic experts and scientist, we wouldn’t be able to identify the criminals.

This class has been a great experience for us all and gave us a lot of new information and insights in this field.

Thank you!

MY TEAM!!!

Allejah, Anu, Sophie, Tamara

• Activity Three allowed us to copy a drive and

obtain deleted files that had not yet been

overwritten by the computer

• When a file is “deleted” it is put away from user view, but

it still exists in the computer’s memory

• It will cease to exist when the computer replaces it with

other data when storage is needed

• The purpose of Activity Three was to make a copy

of the contents of a flash drive

• We had to do this to preserve the original data on

the drive

• It is important to keep the information untouched

so that it can be used as evidence if needed – this

is an integral principle of forensic analysis

• Make an image of the drive from which you want

to recover a file (create physical drive) – We used

AccessData FTK Imager

• Go through the copy of the evidence

• Identify which documents you would like to

recover or access

• Right-click on the deleted files that still retain data

and export them to your hard drive

• We exported the data into the Raw Destination Form

• The unallocated, or ‘empty’, space is very important to

Forensic Analysts – it may contain deleted files which

have not been replaced

• The data can be separated into files of varying size

• The hashes can indicate if the data is modified

• Digital Forensics requires analysis of evidence

stored using technology – either the hard drive or

external storage

• The analysts cannot modify the original data, but

by making a copy, they can look through the files

and recover deleted files to be used as evidence.

Briana, Simone, Nikki, Nadia

Activity Four

Activity Five Encryptor and Decryptor

Terminology EncryptionEncryption

the process of encoding messages in such a way that hackers can not read it.

DecryptionDecryption the process of converting ciphertext (encrypted data) into plaintext.

AlgorithmAlgorithmmathematical steps to convert the plaintext into ciphertext.

Process

PKI Demo Applet

Encryption

Decryption

Usages● Make sensitive information harder to find

and understando For example, passwords on a database might be

encrypted in case it get hackedo Encrypting the passwords also make it more

complicated for hackers to know what the passwords are even if they find the database if they do not have the key

● Criminals can also use encryption to conceal incriminating evidence

Activity 6: Steganography

Ann Tay

Elizabeth

Background from- http://www.gfi.com/blog/threats-steganography/

Steganography is hiding a secret message within a picture

Encryption can also be used when hiding messages in pictures. Encryption is the use of a variety of symbols and numbers to hide a message that can later be translated into plain English

Decryption is the process that is used to reverse encryption or translate the encrypted message back into plain text

Which picture has the hidden message?

Which picture has the hidden message?