1 a). MAC times in computer forensic are forms of metadata used to record files when they are created, modified as well as approached as well as are depicted as follows; created time: ctime, Modified time: mtime, and Access time: atime depict AndreaFortuna article of (2017). However, MAC times dissent by file systems and operating systems and therefore capable of influencing a forensic exploration if development periods are needed to inqure from operating systems of UNIX and Windows. These metadata are stored in two attributes, these are; $standard_ info and $file_name. $Standard_info ($SI) stores file metadata like the file SID, flags, the file and holder a sert of MAC timestamps. Within the timestamp, Vanderburg (n.d) identifies that $SI are collected by window explorer, fls, timestomp, mactime, find as well as alternative applicabilities linked to the exhibit of timestamps. The $file_name feature entail legally appealing bits, like MACB times, file name, file length and others. By application of Windows machine frameworks, they document the time and date when the file was developed as the ctime, and further these systems can be configured to halt pursuing the adjustment MAC time by altering the value of a registry key that is between 0 to 1. These features provide the potential to solve digital crimes and keeping track of time by presenting a positive integer. For those needing additional guidance, computer science dissertation help can be invaluable in navigating these complex aspects.
b). The Model was proposed back in the year 2001 as a general purpose digital forensic framework. According to Baryamureeba and Tushabe (2004), it entails six main phases, and they include; Identification, Preservation, Collection, Examination, Analysis and Presentation. Beginning with the initial phase of Identification, it entails occurrence or atrocity discovery, agreeing autograph, system monitoring, abnormal discovery, financial record scrutiny and several others. In this particular stage, proof is changed completely from computerized configuration to a human comprehension form. The second stage is the Preservation which entails setting up a appropriate event administration, where picture automations are applied, as well as all other measurements are undertaken to make sure that an correct and agreeable series of supervision. Note than preservation is a circumspect standard transversely all forensic stages. Collection is the third stage in DFRW, where important information is fetched established on the accepted patterns, software, as well as hardware. In this stage, there are various techniques used to recovery and lossless compression. There follows examination and analysis stages. In them, proof traceability, design corresponding is assured, then concealed information ought to be found and drawn out, and at this juncture, data mining and timeline are undertaken. The last stage is presentation, and involves documentation, explanation, quest effect declaration, guidance as well as remedy are captured and specialist affidavit.
However, according to INFOSEC (n.d) there are other models being introduced and updated since smart accessory are evolving into more accountable for computerized duplicity and electronic-atrocities, as more data is stocked in computer forms. Such models include; Abstract Digital Forensics Model of 2002 developed by Clint Carr, Mark Reith and Gregg Gunsch, made up of nine phases. Then there was Integrated Digital Investigation Process of 2003 developed by Spafford and Carrier that consisted of 17 phases, and several other models to mention a few.
2. a) Johnson (n.d) defines Steganography is the act of concealing mystery messages in any case non-mystery mediums. It is an antiquated practice, where spies during the progressive war utilized it to write in imperceptible ink or when Da Vinci installed mystery significance in an artwork that was steganography. It is applied in the computerized period, where a record like a picture can be subtly encoded with data, for example, pixel esteems, splendor and channel settings for a picture are regularly changed to influence the picture's tasteful look. Programmers can control them dependent on a mystery code with no respect for how the sources of info make the picture look outwardly.
Rountree (2013) researches that steganography can be incredibly difficult to detect, because it uses microdots, hollow heels invisible ink as well as other size-reduction forms to hide a classified text. Yari and Zargari (2017) identify that data in from of file, image, text, video or audio, and then the stego-object is directed via a known transmission avenue outside any wariness. In a case where P and C are the plaintext and Ciphertext: E and D are the encryption and decryption rules respectively, whilst k is the key used for the encryption and decryption transformation, then this process of communication becomes difficult to detect since it obscures and conceals the general equation of steganography which is depicted as Stego medium = cover medium + secret message + stego key, but depend on the number of stego keys used.
b).
Raw data
80 20 21 00 07 7E 25 19 00 08 00 00 00 32 05 00
Solution
The first byte indicates whether the partition of bootable or not. That is, if it set to 0x80 it means it is bootable while 0x00 if not. In this case, it is bootable. (additionally, length in decimal (bytes) = 4, byte range = 0x8-0xf- LBA address of the starting sector.
Breakdown
80:- Partition bootable
20 21 00:– The CHS address starting position
07:- Partition byte
25 19 00:- CHS address ending partition
08 00 00 00- LBA address
00 32 05 00:- 16 byte entry counts
The head (has 8 bits) =
0x20 =32
Sector (6 bits)
(100001)2 =33
Therefore
CHS address
Starting address
C =0, H=32, S =33
Ending address
C= 1023, H = 254, S = 63
Number of sectors in a partition = 18808832 sectors in decimal
Size of the partition each partition is 512 bytes long
Size of the partition
18808832*512 = 8.96875 GB
3. a) According to Seo et al. (2015), Memory Dump can be depicted as the process of taking information in Random Access Memory (RAM) and is writing it to a storage drive. It is used by developers to gather diagnostic data at the time of a crash to assist them troubleshoot problems and learn more about the occurrence. Data that is produced by the memory dump can assist developer to rectify errors in Operating System (OS) as well as other programs of all types. Memory Dump can also be used in forensic offering insight in such runtime system activity such as crime scenes. In this case, according to a article posted by ADFSolutions of (2018) RAM capture is applied so as not to leave valuable evidence behind. Shipley et al. (2006) identify that catching unstable information in a PC's memory dump encourages agents to do a full memory investigation and access information just as history perusing, encryption keys, talk messages, clipboard substance, run-time framework action, open system associations, as of late executed orders and procedures, infused code sections and memory put away before shut down or crash. Along these lines, the act of RAM Capture is an imperative factor of memory legal sciences that can be applied during a computerized scientific examination of crime, inside assaults, digital wrongdoing, or hacking. It is as an explanation where aggressors in some cases create malware that lone lives in memory that makes it difficult to recognize if irregular access memory isn't caught.
b) The Association of Chief Police Officers (ACPO) Good Practice Guide that has been embraced by law enforcement forces across England, North Ireland and Wales, that was yeilded by the ACPO Crime Business Area and certified back in the year 2007, was to offer advice not only to aid police force but also to aid in investigating cyber-crime incidents and crimes (Williams, 2012). The good practice guide applies four principles depicting that no changes of the data that can be relied on the court, an individual accessing data ought to be qualified enough to admit prototype information, all digital data created should be preserved and individual accountable for the examination has a general obligation to ensure that the law and standards are clung to. It is to portray that advanced proof is material to same standards and laws that apply to narrative proof. Thusly, the computerized proof delivered in a court is no pretty much now than when it was first taken into the ownership of law implementation. Be that as it may, it can't be precluded that some working frameworks and different projects are much of the time adjusted, and can happen naturally without the client essentially staying alert that the information has been changed. Nonetheless, Shashidhar and Novak (2015) argue that the use of digital media are vital and the data collected can be of vital importance in search of a crime scene, say for instance, the closed-circuit television cameras have the potential; to hold data that may of value to the investigation, thus to achieve best evidence, these items must be handled and seized appropriately, and should be treated with the much care as any other item that is to be forensically evaluated.
4. User Interfaces are interfaces that allow users to interact with machines, in this case, computers. They include all operating elements that a user identifies on interact with, ranging from text-based command lines to graphical user interfaces. Focusing on the latter; a blog by ComputerHope (2019) Graphical User Interface (GUI), they are the established standard, where software is conducted by graphical commands and symbolic images that are in most instances constructed to be items from the actual world. With GUI, icons have shifted to the digital world, like desktops, individuals’ windows and trash can. The pointed out features can be chosen by use of a mouse or by tclicking on the touchscreen. GUI objects use cursors, icons and buttons, which can also be enhanced with sound or visual effects such as drop shadows and transparency. Being a user friendly than other UI, it can undertake commands like deleting, moving files or opening files. But then it must be navigated by use of a mouse, a keyboard shortcuts or arrow keys. Therefore, it can be used to delete or recover Internet browsing history. As an example, if one wants to delete the Internet browsing history on a GUI system, one would move the mouse pointer, select the tool button, point to Safety, and then select Delete browsing history.
If user account accessed from the subject system like an email account and authentication password to protect web site logins can be stored by Internet explorer, and this information can be gathered by GUI utility protected Storage PassView (pspv.exe), easy software such as Stellar BitRaser for File that have been developed to suite the Windows 10 Operating System, and has the capacity to permanently delete search history in a single click identifies Dennis (2020). It is compatible to different versions of Windows and various internet browsers such as Internet Explorer, Chrome, and Mozilla Firefox. This simple and easy-to-use graphical user interface has offered a click option ‘Erase Now’ providing one with a ‘Yes’ or ‘No’ options for a permanent basis in a single pass.
Recovery of Internet search history is provided as option by browsers such as Chrome after accidentally deleting them. But then according to Bell (2014), these Internet browsers do not offer GUI options to restore them, but software such as hetmanrecovery offer a single click leading to recovery of browser history from any internet browser. The software and several other of their nature are compatible with all Internet browsers such as Mozilla Firefox, Chrome browser, or Microsoft Edge in recovery after an accidental Shift-Delete or cleaning of Recycle Bin, VMWare, VirtualBox or Hyper-V virtual machine crashes and several other products that might have been visited in a computer installed in Windows PCs.
Beside the Stellar BitRaser for File and Internet Browser history eraser and recovery as well as hetmanrecovery there are other such as History Eraser, Clear Browsing History- Cleaner and several other software and applications that have been developed that erases previous visited internet sites and leave less evidence, or can be used to recover data.
Dig deeper into Emergency Nursing Ethics and Practice Analysis with our selection of articles.
Baryamureeba, V. and Tushabe, F., 2004. The enhanced digital investigation process model. Digital Investigation.
Rountree, D., 2013. Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure. Newnes.
Seo, J., Lee, S. and Shon, T., 2015. A study on memory dump analysis based on digital forensic tools. Peer-to-Peer Networking and Applications, 8(4), pp.694-703.
Shashidhar, N.K. and Novak, D., 2015. Digital forensic analysis on prefetch files. International Journal of Information Security Science, 4(2), pp.39-49.
Shipley, T.G., CFE, C. and Reeve, H.R., 2006. Collecting evidence from a running computer. SEARCH, The National Consortium for Justice and Internationals Standards, p.6.
Williams, J., 2012. ACPO Good Practice Guide ACPO Good Practice Guide for Digital Evi-dence. Groot-Brittanië: Association of Chief Police Officers.
Yari, I.A. and Zargari, S., 2017, June. An overview and computer forensic challenges in image steganography. In 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 360-364). IEEE.
Academic services materialise with the utmost challenges when it comes to solving the writing. As it comprises invaluable time with significant searches, this is the main reason why individuals look for the Assignment Help team to get done with their tasks easily. This platform works as a lifesaver for those who lack knowledge in evaluating the research study, infusing with our Dissertation Help writers outlooks the need to frame the writing with adequate sources easily and fluently. Be the augment is standardised for any by emphasising the study based on relative approaches with the Thesis Help, the group navigates the process smoothly. Hence, the writers of the Essay Help team offer significant guidance on formatting the research questions with relevant argumentation that eases the research quickly and efficiently.
DISCLAIMER : The assignment help samples available on website are for review and are representative of the exceptional work provided by our assignment writers. These samples are intended to highlight and demonstrate the high level of proficiency and expertise exhibited by our assignment writers in crafting quality assignments. Feel free to use our assignment samples as a guiding resource to enhance your learning.