Investigation team has been able to detect and collect few pieces of evidence
on which they can easily detect the suspect of series of kidnappings happened
lately. The international stuffed slave market has become the main source where
all the illegal activities been taking up. The Toy story Investigation Response
(TSIR) team has finally recorded all the evidence.
The TSPD has collected
few items from the suspect to which he claimed he is innocent. The possible
objectives are the data which was stored and what data were stored in the hard
drive of the computer, also the registry and the browser history and files for
which the data can collect of the last few days. The Investigation team can
determine the suspicious activities by logging into the data and decoding the
files by inserting commands that will give the exact information loaded into
The TSIR team can
investigate all the data which would help them more and will help them in
reaching to the main suspect behind this kidnapping. Sherriff Woody has made
the list of all possible suspects and is collecting data. The Investigation
will clarify if the suspect they have detained is the main culprit behind it or
other sources are also there which has been working on his system in his
The software which the
investigation team has developed will be able to detect all the files and
folders stored in the disks and registry that is connected to the current
activity. The team requires tools to generate the metadata should have TSK (The
Sleuth Kit) File system that would help to investigate metadata.
The management system
of TSK The TSK organizes the information inside database system in the 5
different classes: Data Unit, System File, data stored as Metadata, the subject
of the file and the application of it. This chain stores all information such
as recent access information of items required authorization and pointers to
the information data that is linked with the file directory of the system.
The detailed related to
the key file can be obtained but difficult to memorize the numerical secret
number or coding of it. Hence, all statistics which is its data only has been done
in device is kept which needs to be taken out with the help of TSK system. The
Deleted files can be restored using the same tool which is advanced in
retrieving information i.e. all the previously mentioned techniques can be
merged alone by the TSK System.
The System will detect
all the directories and will flash all the names it detected. It will not display
those names that are unallocated or marked unallocated it will not flash them
up. The unallocated information can be easily found with the help of F.L.S. by
scraping into the M.F.T that will resend into the address list called as the
directory of it.
This will make easier
to explain and detect the files removed by the suspect and in what way they
were displayed in data system in Master File Table. This is very easy to tell
the difference between that information which was deleted because the files
that were recovered from M.F.T shows a “-” sign in their name such as -/ab than
ab/ab. The file carving of the fragmented file can be done by using the tool
Scalpel. Based on the data fragment types or data file prototype, the
operations are performed by Scalpel. These prototypes are based on general
expressions and binary strings. Various default prototypes are stored in the
configuration file which is stored in “scalpel.conf”. Scalpel
supports the comments in the configuration file which is used to explain the structure
of file carving prototypes.
The data can be retrieved by carving with which reads data from Top and Bottom of
page which then match all raw files, images etc. It can easily carve all files
types like NTFS, FATx or raw partitions as well. All kinds of services like
file recovering or even investigation can be easily done by this application.
Firefox SQLite Manager Addon can easily detect all those sites which have been
used regularly without knowledge of the Admin and can show all details loaded
on the screen. It will inform the investigator about how many files were
accidentally opened or casually opened.
History file will also
be detected during the same time. The intent and the occurrence behind data
searched will get loaded into it verifying the intent or the purpose from the
history of the browser. Regripper is the tool that will help in identifying the
registry information Win32R which is registry component which is used to access
the registry information. This operation is done in an object-oriented manner.
The Registry key nodes
within the hive file can be detected including the data and value node as well.
The last name can be easily retrieved by the key node access, and it enables
after parsing it to an investigator in the easiest form to understand it. The
best feature of this is that it enables the function and passes reports in a
readable manner to understand easily. Wireshark has the immense good role in
identifying activities inside the system. In the detection data such as emails
and links inside them are generated by this system which could become the
potential evidence for the digital forensics team.
No one can be able to cheat ever by fraud like
stealing someone’s connection by any malfunction in his or her IP address. The
activities of a person can be easily detected by using Wireshark, it enables to
detect IP and MAC addresses of suspicious person. It will help in restoring all
the information behind the screen such as emails and links that were used and
deleted. The power of Wireshark can be enhanced by using tools like aircrack_ng
which is used to examine the wireless network’s traffic, this enables Wireshark
a powerful tool.