SlideShare a Scribd company logo

Cyber&digital forensics report

Download as DOCX, PDF
Y
yash sawarkar

This document is a report on cyber and digital forensics submitted by three students from G.H. Raisoni College of Engineering in Nagpur, India. The report discusses digital forensic methodology, tools used in digital analysis like Backtrack and Nuix, techniques such as live analysis and analyzing deleted files, analyzing USB device history from the Windows registry, and concludes that digital forensics is an evolving field with no set standards yet and constant updates are needed to investigate modern cyber crimes.

Technology
1 of 9
Downloaded 44 times
1
2
3
4
5
Most read
6
Most read
7
8
Most read
9
CYBER & DIGITAL FORENSICS Yash sawarkar kunal kawale Anup Singh Student of IT department, Student of IT department, student of ITdepartment, G.H. Raisoni college of engineering, G.H. Raisoni college of engineering, G.H.raisoni college of Nagpur, India. Nagpur, India. Nagpur,india.
G.H.RAISONI COLLEGE OF ENGINEERING (AN AUTONOMOUS INSTITUTION UNDER UGC ACT 1956) A REPORT ON “CYBER & DIGITAL FORENSICS” TEACHER ASSESSMENT EXAM NAME: KUNAL KAWALE (83) : YASH SAWARKAR (82) : ANUP SINGH GAHLOD SECTION:A BRANCH: INFORMATION TECHNOLOGY
INDEX 1. Title……………………………………………………………………..1 2. Abstract……………………………………………………………….2 3. Introduction ……………………………………………………….2 4. Methodology……………………………………………………….3 5. Digital analysis tools……………………………………………3 6. Technique …………………………………………………………..4 7. Related work………………………………………………………..5 8. Analysis………………………………………………………………..6 9. Conclusion…………………………………………………………..15 10. Reference………………………………………………………….16
2. ABSTRACT In this Report we show how to conduct digital forensics on computers, Now days internet continues to grow in day to day life of every human for social networks, information source, research, communication and all that thinks that made easy to do. Due to its rapid development and lacking of proper regulation the cyber crime increase in recent past years and investigators have been facing the difficulty of digital evidence.Digital evidence is stored in computer can play a major role in a wide range of crimes including murder, rape, hacked pc’s and servers etc.Digital forensics can be classified into live and dead analysis a live can be performed while the system is being running or not shutdown and dead analysis can be performed after the machine goes to off condition in that case the data can also be lost. 3. INTRODUCTION The increasing criminal activities using digital information as the means or target warrant for a structured manner in dealing with them. As more information is stored in digital form it is very likely that the evidence needed to process the criminal is also in digital form. For this paper computer or digital forensics is defined as the use of an expert to preserve, analyse and produce data from volatile and non volatile media storage. Computer forensics is in the early stages of development and as a result problems are emerging forensic analysis of computer system is a field that has been focused on a digital investigation of any source of information. forensics investigation techniques has focused mostly on evidence contained within the hard disk. But recently there has been demand for more tools and technique to be developed for capturing memory images and analysing their content that is because user input information that may be recovered from memory allocation.
4. METHODOLOGY Defining computer forensic require one more clarification. Many argue about whether computer forensic is a science or art the argument is unnecessary, however the tools and methods are scientific hence the word technique is often used to sidestep the unproductive science/art dispute. 5. DIGITAL FORENSIC TOOLS A number of open source and commercial tools exist for computer forensic typically analysis include a manual review of material on the media, reviewing the windows registry for suspect information discovering and cracking password. 1>Name- backtrack 5r2 (linux operating system)-This OS has many forensic tools for analysis of any compromised system or find security holes in that a large amount of open source bundled packages are installed in that OS. 2>Ophcrack-This tool use to crack the hashes which generated by sam files of windows this tools use rainbow tables to crack the hashes. 3>registry recon-That rebuild windows registry from anywhere on a hard drive and parses them for deep analysis. 4>Nuix-A fraud prevention software. Full text search extract emails, credit cards numbers, emails, ip address, URL’s skins tone analysis.
6. TECHNIQUE Live incident response-Collects all of the revelent data from the system that will be used to confirm whether that incident occurred. Live incident response include collecting volatile and non volatile data. Volatile data is information we would lose if we walked up to a device and disconnected the power cord. Nonvolatile data includes data that would be very useful to collect during digital forensic collection such as system event logs, user logons, and patch levels, among many others. Volatile vs. Nonvolatile data- Some of the volatile data that should be collected includes system date and time, current network connections, open TCP and UDP ports, which executables are opening UDP and TCP ports, cached NETBIOS name table, users currently logged on, the internal routing table, running processes, scheduled jobs, open files, and process memory dumps. This list is not all inclusive as a forensic investigator must consider any and all possible variables during collection. However, one thing that all these have in common is that they would be lost if the power were removed from your target machine. Cross-drive analysis- A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection Live analysis- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged before the computer is shut down. Deleted files- A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials. Steganography- One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. This process is often used to hide pornographic images of children as well as information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image While the image appears exactly the same, the hashchanges as the data changes.
7. RELATED WORK UNIX Live Response- Any forensic investigator should be prepared to encounter non-windows operating systems such as DOS, Linux, and UNIX. This section will concentrate on UNIX live response. In order to collect volatile data, we can utilize the following commands during a UNIX live response: a. System date and time – date b. Current network connections – netstat View USB History in Windows- 1. Windows stores information in the registry about every USB device plugged into the box. We can view this information with the following command c:userab>reg query hklnsystemcurrentcontrolsetenumusbstor /s 1>now open ur power shell command prompt 2>if to read the name is more complicated then use this command in power shell PS c:> Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetEnumUSBSTOR**' | Select FriendlyName 2. for user friendly view PS c:> Get-ChildItem HKLM:SYSTEMControlSet001EnumUSBSTOR | Select-Object PSChildname
8. ANALYSIS The approach for a digital investigation is performed on the basis of the physical crime scene investigation process In the present case, a digital crime scene involves software- and hardware- based digital environment. The process consists of three key stages: system preservation, evidence searching and event reconstruction. These stages do not require occurring one after one, and their flow is depicted in Figure 2 Moreover, it is possible to use this procedure during investigation of both live and dead systems Dead analysis works with trusted application in a trusted operation system in order to find the evidence. Dead analysis seems to be better since the live analysis may result in obtaining false information Figure 2 9. CONCLUSION It is hoped that this papers are helpful in introduction to computer forensic and the digital forensic methodology. Currently there is still no authoritative technology standered so a large quantity of thinks is waiting to be done This article and flow chart may serve as useful tool to guide discussion among personal making forensic cyber crime lab in the computer crime and intellectual property section is always available for consulation a combination of new techonology and changing habits of use means that the forensic examiner must strive too keep up to date with the latest development this paper has illustrated some of the technique to ensure a greater understanding of the value of the the digital evidence available to ensure a stronger case for the prosecution.
10. Reference link M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence. Retrieved 2 August 2010. Carrier, Brian D (2007). "Basic Digital Forensic Investigation Concepts" Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN 0-07-162677-8. Retrieved 27 August 2010.

More Related Content

PPTX
Autopsy Digital forensics tool
Sreekanth Narendran
 
PDF
Introduction to Threat Sharing
David Sweigert
 
PDF
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
Victoria Schiffer
 
PPTX
Metasploit
henelpj
 
PPTX
Cryptography
Abhi Prithi
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
PDF
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
PPTX
Take-Grant Protection Model
Raj Kumar Ranabhat
 
Autopsy Digital forensics tool
Sreekanth Narendran
 
Introduction to Threat Sharing
David Sweigert
 
(Open Sourced) Cyber Scavenger Hunt - Gamified Security Awareness, even on a ...
Victoria Schiffer
 
Metasploit
henelpj
 
Cryptography
Abhi Prithi
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
Take-Grant Protection Model
Raj Kumar Ranabhat
 

What's hot (20)

PPTX
Wazuh Security Platform
Pituphong Yavirach
 
PPTX
Computer security concepts
Prachi Gulihar
 
PPT
Indian perspective of cyber security
Aurobindo Nayak
 
PPTX
Nodejs buffers
monikadeshmane
 
PPTX
Nginx
Dhrubaji Mandal ♛
 
PPTX
Message digest 5
Tirthika Bandi
 
PDF
introduction to Azure Sentinel
Robert Crane
 
PPTX
Threat Hunting with Splunk
Splunk
 
PPTX
Security Testing.pptx
osandadeshan
 
PDF
Lattice-based Signatures
OnBoard Security, Inc. - a Qualcomm Company
 
PPT
Malware forensics
Sameera Amjad
 
PPTX
Session Hijacking ppt
Harsh Kevadia
 
PDF
Nessus Software
Megha Sahu
 
PDF
Corporate threat vector and landscape
yohansurya2
 
PPTX
kali linux.pptx
AdityaKumar1548
 
PPTX
Computer and network security
Karwan Mustafa Kareem
 
PDF
MySQL Security & GDPR
Mark Swarbrick
 
PPT
Virtualization
Chandan Varadaraj
 
PPTX
Machine Learning and the Cloud
Andrew Bogard
 
PPTX
Artificial Intelligence (AI) in Cybersecurity.pptx
Dr.A.Prabaharan Professor & Research Director, Public Action
 
Wazuh Security Platform
Pituphong Yavirach
 
Computer security concepts
Prachi Gulihar
 
Indian perspective of cyber security
Aurobindo Nayak
 
Nodejs buffers
monikadeshmane
 
Nginx
Dhrubaji Mandal ♛
 
Message digest 5
Tirthika Bandi
 
introduction to Azure Sentinel
Robert Crane
 
Threat Hunting with Splunk
Splunk
 
Security Testing.pptx
osandadeshan
 
Lattice-based Signatures
OnBoard Security, Inc. - a Qualcomm Company
 
Malware forensics
Sameera Amjad
 
Session Hijacking ppt
Harsh Kevadia
 
Nessus Software
Megha Sahu
 
Corporate threat vector and landscape
yohansurya2
 
kali linux.pptx
AdityaKumar1548
 
Computer and network security
Karwan Mustafa Kareem
 
MySQL Security & GDPR
Mark Swarbrick
 
Virtualization
Chandan Varadaraj
 
Machine Learning and the Cloud
Andrew Bogard
 
Artificial Intelligence (AI) in Cybersecurity.pptx
Dr.A.Prabaharan Professor & Research Director, Public Action
 
Ad

Similar to Cyber&digital forensics report (20)

PPTX
Digital forensics
yash sawarkar
 
PPT
Digital forensics
Nicholas Davis
 
PPT
Digital Forensics
Nicholas Davis
 
PDF
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
PDF
computerforensicppt-160201192341.pdf
Gnanavi2
 
PPTX
Computer forensic ppt
Priya Manik
 
PPTX
Analysis of digital evidence
rakesh mishra
 
PDF
Computer forencis
Teja Bheemanapally
 
PDF
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
PPTX
Computer forensics
deaneal
 
PDF
180 184
Editor IJARCET
 
DOCX
Computer Forensics
Shreya Singireddy
 
PPT
Introduction to computer forensic
Online
 
PPTX
Computer forensics libin
libinp
 
PDF
Cyber Forensics training by Forensic Academy
Forensic Academy
 
PPTX
Computer forensics toolkit
Milap Oza
 
PDF
Forensics
Ghariani Tewfik
 
PDF
Digital Forensics
Vikas Jain
 
PPT
Computer forensics
Shreya Singireddy
 
PPTX
Digital forensics
vishnuv43
 
Digital forensics
yash sawarkar
 
Digital forensics
Nicholas Davis
 
Digital Forensics
Nicholas Davis
 
A Review on Recovering and Examining Computer Forensic Evidences
BRNSSPublicationHubI
 
computerforensicppt-160201192341.pdf
Gnanavi2
 
Computer forensic ppt
Priya Manik
 
Analysis of digital evidence
rakesh mishra
 
Computer forencis
Teja Bheemanapally
 
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
Computer forensics
deaneal
 
180 184
Editor IJARCET
 
Computer Forensics
Shreya Singireddy
 
Introduction to computer forensic
Online
 
Computer forensics libin
libinp
 
Cyber Forensics training by Forensic Academy
Forensic Academy
 
Computer forensics toolkit
Milap Oza
 
Forensics
Ghariani Tewfik
 
Digital Forensics
Vikas Jain
 
Computer forensics
Shreya Singireddy
 
Digital forensics
vishnuv43
 
Ad

Recently uploaded (20)

PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 

Cyber&digital forensics report

  • 1. CYBER & DIGITAL FORENSICS Yash sawarkar kunal kawale Anup Singh Student of IT department, Student of IT department, student of ITdepartment, G.H. Raisoni college of engineering, G.H. Raisoni college of engineering, G.H.raisoni college of Nagpur, India. Nagpur, India. Nagpur,india.
  • 2. G.H.RAISONI COLLEGE OF ENGINEERING (AN AUTONOMOUS INSTITUTION UNDER UGC ACT 1956) A REPORT ON “CYBER & DIGITAL FORENSICS” TEACHER ASSESSMENT EXAM NAME: KUNAL KAWALE (83) : YASH SAWARKAR (82) : ANUP SINGH GAHLOD SECTION:A BRANCH: INFORMATION TECHNOLOGY
  • 3. INDEX 1. Title……………………………………………………………………..1 2. Abstract……………………………………………………………….2 3. Introduction ……………………………………………………….2 4. Methodology……………………………………………………….3 5. Digital analysis tools……………………………………………3 6. Technique …………………………………………………………..4 7. Related work………………………………………………………..5 8. Analysis………………………………………………………………..6 9. Conclusion…………………………………………………………..15 10. Reference………………………………………………………….16
  • 4. 2. ABSTRACT In this Report we show how to conduct digital forensics on computers, Now days internet continues to grow in day to day life of every human for social networks, information source, research, communication and all that thinks that made easy to do. Due to its rapid development and lacking of proper regulation the cyber crime increase in recent past years and investigators have been facing the difficulty of digital evidence.Digital evidence is stored in computer can play a major role in a wide range of crimes including murder, rape, hacked pc’s and servers etc.Digital forensics can be classified into live and dead analysis a live can be performed while the system is being running or not shutdown and dead analysis can be performed after the machine goes to off condition in that case the data can also be lost. 3. INTRODUCTION The increasing criminal activities using digital information as the means or target warrant for a structured manner in dealing with them. As more information is stored in digital form it is very likely that the evidence needed to process the criminal is also in digital form. For this paper computer or digital forensics is defined as the use of an expert to preserve, analyse and produce data from volatile and non volatile media storage. Computer forensics is in the early stages of development and as a result problems are emerging forensic analysis of computer system is a field that has been focused on a digital investigation of any source of information. forensics investigation techniques has focused mostly on evidence contained within the hard disk. But recently there has been demand for more tools and technique to be developed for capturing memory images and analysing their content that is because user input information that may be recovered from memory allocation.
  • 5. 4. METHODOLOGY Defining computer forensic require one more clarification. Many argue about whether computer forensic is a science or art the argument is unnecessary, however the tools and methods are scientific hence the word technique is often used to sidestep the unproductive science/art dispute. 5. DIGITAL FORENSIC TOOLS A number of open source and commercial tools exist for computer forensic typically analysis include a manual review of material on the media, reviewing the windows registry for suspect information discovering and cracking password. 1>Name- backtrack 5r2 (linux operating system)-This OS has many forensic tools for analysis of any compromised system or find security holes in that a large amount of open source bundled packages are installed in that OS. 2>Ophcrack-This tool use to crack the hashes which generated by sam files of windows this tools use rainbow tables to crack the hashes. 3>registry recon-That rebuild windows registry from anywhere on a hard drive and parses them for deep analysis. 4>Nuix-A fraud prevention software. Full text search extract emails, credit cards numbers, emails, ip address, URL’s skins tone analysis.
  • 6. 6. TECHNIQUE Live incident response-Collects all of the revelent data from the system that will be used to confirm whether that incident occurred. Live incident response include collecting volatile and non volatile data. Volatile data is information we would lose if we walked up to a device and disconnected the power cord. Nonvolatile data includes data that would be very useful to collect during digital forensic collection such as system event logs, user logons, and patch levels, among many others. Volatile vs. Nonvolatile data- Some of the volatile data that should be collected includes system date and time, current network connections, open TCP and UDP ports, which executables are opening UDP and TCP ports, cached NETBIOS name table, users currently logged on, the internal routing table, running processes, scheduled jobs, open files, and process memory dumps. This list is not all inclusive as a forensic investigator must consider any and all possible variables during collection. However, one thing that all these have in common is that they would be lost if the power were removed from your target machine. Cross-drive analysis- A forensic technique that correlates information found on multiple hard drives. The process, still being researched, can be used to identify social networks and for perform anomaly detection Live analysis- The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems, for example, where the encryption keys may be collected and, in some instances, the logical hard drive volume may be imaged before the computer is shut down. Deleted files- A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Most operating systems and file systems do not always erase physical file data, allowing investigators to reconstruct it from the physical disk sectors. File carving involves searching for known file headers within the disk image and reconstructing deleted materials. Steganography- One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. This process is often used to hide pornographic images of children as well as information that a given criminal does not want to have discovered. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image While the image appears exactly the same, the hashchanges as the data changes.
  • 7. 7. RELATED WORK UNIX Live Response- Any forensic investigator should be prepared to encounter non-windows operating systems such as DOS, Linux, and UNIX. This section will concentrate on UNIX live response. In order to collect volatile data, we can utilize the following commands during a UNIX live response: a. System date and time – date b. Current network connections – netstat View USB History in Windows- 1. Windows stores information in the registry about every USB device plugged into the box. We can view this information with the following command c:userab>reg query hklnsystemcurrentcontrolsetenumusbstor /s 1>now open ur power shell command prompt 2>if to read the name is more complicated then use this command in power shell PS c:> Get-ItemProperty -Path 'HKLM:SYSTEMCurrentControlSetEnumUSBSTOR**' | Select FriendlyName 2. for user friendly view PS c:> Get-ChildItem HKLM:SYSTEMControlSet001EnumUSBSTOR | Select-Object PSChildname
  • 8. 8. ANALYSIS The approach for a digital investigation is performed on the basis of the physical crime scene investigation process In the present case, a digital crime scene involves software- and hardware- based digital environment. The process consists of three key stages: system preservation, evidence searching and event reconstruction. These stages do not require occurring one after one, and their flow is depicted in Figure 2 Moreover, it is possible to use this procedure during investigation of both live and dead systems Dead analysis works with trusted application in a trusted operation system in order to find the evidence. Dead analysis seems to be better since the live analysis may result in obtaining false information Figure 2 9. CONCLUSION It is hoped that this papers are helpful in introduction to computer forensic and the digital forensic methodology. Currently there is still no authoritative technology standered so a large quantity of thinks is waiting to be done This article and flow chart may serve as useful tool to guide discussion among personal making forensic cyber crime lab in the computer crime and intellectual property section is always available for consulation a combination of new techonology and changing habits of use means that the forensic examiner must strive too keep up to date with the latest development this paper has illustrated some of the technique to ensure a greater understanding of the value of the the digital evidence available to ensure a stronger case for the prosecution.
  • 9. 10. Reference link M Reith, C Carr, G Gunsch (2002). "An examination of digital forensic models". International Journal of Digital Evidence. Retrieved 2 August 2010. Carrier, Brian D (2007). "Basic Digital Forensic Investigation Concepts" Aaron Phillip; David Cowen, Chris Davis (2009). Hacking Exposed: Computer Forensics. McGraw Hill Professional. p. 544. ISBN 0-07-162677-8. Retrieved 27 August 2010.