Investigating Illegal Possession of Images

In the scenario for this lab, a forensic investigation is carried out to find out if there have been illegal possession of rhino images. The evidence collected for the case are three network traces and USB key containing DD images; they are included below with the slides.

USB_Images

This is part of the evidence collected in relation to the case. It contains a DD image from one of the university’s labs. Note: DD image is a replica of a hard disk drive, created with an imaging tool called DD; it is used to investigate Linux hard disk drives on Windows OS.

lab_files

As part of the evidence for the case, this .zip file contains Wireshark network traces (log files) and what seems to be part of a diary entry. 

HTTP Wireshark Forensics text_1

A brief introduction to the concept of HTTP is provided. It discusses the feasibility of carrying out forensic investigations with just the knowledge of HTTP. It also examines HTTP traffic using Wireshark.

HTTP Wireshark Forensics image_2

This introduces the process of capturing HTTP traffic and provides an overview of the traffic. An analysis of the second HTTP get request/response yields the extraction of an image from the traffic.

Rhion Possession 1_File_Recovering

In this lab, a forensic investigation with the help of PhotoRec is carried out on a DD image to recover illegal images; the files used in the investigation are to be shredded.

Rhion Possession 2_Steganography

In this case, the images are hidden using steganography. Steps are taken to detect the tool for hiding images, crack the password and recover the illegal images.

Rhion Possession 3_FTP_Traffic_crackzip

This displays the steps taken to investigate FTP sessions regarding the aforementioned scenario. An idea on how to find the password of a zip file is also included.

Rhion Possession 4_HTTP_Traffic

This investigates HTTP traffic in search of .jpg, .jif and .exe files.

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 1 year ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 1 year ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 1 year ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 1 year ago

LATEST FORUM POSTS