Investigating Illegal Possession of Images
In the scenario for this lab, a forensic investigation is carried out to find out if there have been illegal possession of rhino images. The evidence collected for the case are three network traces and USB key containing DD images; they are included below with the slides.
USB_Images
This is part of the evidence collected in relation to the case. It contains a DD image from one of the university’s labs. Note: DD image is a replica of a hard disk drive, created with an imaging tool called DD; it is used to investigate Linux hard disk drives on Windows OS.
lab_files
As part of the evidence for the case, this .zip file contains Wireshark network traces (log files) and what seems to be part of a diary entry.
HTTP Wireshark Forensics text_1
A brief introduction to the concept of HTTP is provided. It discusses the feasibility of carrying out forensic investigations with just the knowledge of HTTP. It also examines HTTP traffic using Wireshark.
HTTP Wireshark Forensics image_2
This introduces the process of capturing HTTP traffic and provides an overview of the traffic. An analysis of the second HTTP get request/response yields the extraction of an image from the traffic.
Rhion Possession 1_File_Recovering
In this lab, a forensic investigation with the help of PhotoRec is carried out on a DD image to recover illegal images; the files used in the investigation are to be shredded.
Rhion Possession 2_Steganography
In this case, the images are hidden using steganography. Steps are taken to detect the tool for hiding images, crack the password and recover the illegal images.
Rhion Possession 3_FTP_Traffic_crackzip
This displays the steps taken to investigate FTP sessions regarding the aforementioned scenario. An idea on how to find the password of a zip file is also included.
Rhion Possession 4_HTTP_Traffic
This investigates HTTP traffic in search of .jpg, .jif and .exe files.
Forum Search
Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...
By AP Malla, 11 months ago
How should I approach network forensic? Would you recommend learning tools like WireShark?
By AP Malla, 11 months ago
Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...
By AP Malla, 12 months ago
