e- crime repoter by GFSU

7/30/2019 e- crime repoter by GFSU

1/6Courtesy : Directorate of Forensic Science, Gandhinagar

Case of the Tampered CD...

Dr. M. S. Dahiya

Dr.(Mrs.) S. L. Vaya

Prof. Y. K. Agrawal

Dr. M. S. Rao

Mr. Mehul K. Dave

Advisory Boar

Dr. J. M. Vyas

Mr. Kumar D. Shah

Mr. Nilay R. Mistry

Mr. Jaismin R. Shah

Mr. Nayan P. Dave

Miss. Pree Chandel

Mr. S. G. Khandelwal

Mr. R. N. Guna

Mr. H. P. Sanghvi

Mr. H. J. Trivedi

Mr. S. J. Mistry

Editorial Board Miss. Kajal Singh

Mrs. Astha Chaturvedi

Newsletter Commit

From the Editors Desk:Dear Readers,

Wishing you all a very MerryChristmas & a Prosperous New Year!Hope 2011 was a great year for youand this trend will continue in 2012 aswell This is the last issue of Volumeone of our newsletters; with this, wereach the end of one whole year. onlyto start afresh and mark a new begin-ning We really appreciate the kindsupport that youve extended allthrough Thanks so much! This issues

eme is: the quite less explored area of CD/DVD Forensics; currently

merging as one of the important aspects of digital investigations. Hopeoull enjoy it. Do keep sending us your valuable comments, towardse betterment of our publications. Wish our bonding will continue toow, in times to come Lectura Feliz !!

- Kajal Singh

Volume 1 Issue 4 December 2011

E-Crime Reporter

A scientific equipment manufacturing company informed the local police, thatthey fear an original CD-ROM, containing their clients detail; order details;

invoice bills; equipments price information; equipment quotation, was tampered.

An FIR was registered and the case was forwarded to a forensic laboratory for

analysis.

The query was, whether the files contained on the CD were original or modified?

The CD-ROM was analyzed using relevant forensic tools and checked for theDirectory Entries. Normally Directory Entries for file system ISO9660,

contain the Last Modifiedtime for the file. In case of original CDs, ISO9660

file system is not intended to be updated. Therefore, the File Createdtime of

the files on the disc, is always equal to the Last Modifiedtime. Moreover, NO

Last Access time is recorded.After checking the above details, it was

found that no modification was done in theCD in question.

This case indicated that things like: CDs/DVDs can act as very important evidentiary

clues, as far as digital investigations are

concerned. Moreover, this also proved that it

is possible to obtain a lot of information fromCDs/DVDs itself and a Hard Disk is not

required every time.

Case Study INews/Courses/Tips/Facts IIR&D/Tricks/Book Review IIIConference/Job IVOur Expert & Q/A VPuzzle VI


2/6II

FFORTS OF GREATER MANCHESTER POLICE;

EAD TO ARREST OF SIX, INDULGING IN

COUNTERFEITING OF CDs AND DVDs

28 Nov 2011, United Kingdom

Greater Manchester Police in the UK succeed in

rresng six market traders; suspected of

producing and selling large quanes of

ounterfeit CDs and DVDs. The recovered

pirated CDs and DVDs were found to be worth

ens of thousands of pounds and included new

music releases, yet to be released in the UK.

Other items retrieved included: imitaon

rearms, knives, and Class A drugs. The suspects

re currently out on bail, pending further

nvesgaons. These kinds of illegal trading

ects the livelihoods of legimate traders and

businesses and harm the hard working people,

working in the concerned industries. For further

nformaon, visit our online reference:

hp://www.fact-uk.org.uk/site/latest_news/

ndex.htm

B.Sc. (Hons) in Computer Forensics - Univeof Sunderland, Sunderland - United Kingdo

Course Mode: Full me

Course Duraon: 3 or 4 Years.

For more details see the

Online Link:

hp://www.sunderland.ac.uk/course/617

/computer_forensics

MS in Digital Forensics University of CentFlorida, Orlando Florida, USA.

Course Mode: Full me/Part Time

Course Duraon: Varies.

For further informaon, visit:

hp://www.graduatecatalog.ucf.edu/

programs/program.aspx?id=1160

M.Sc. - Electronic Security and Digital ForenDegree, Middlesex University London, UK

Course Mode: Full me/Part Time

Course Duraon: 1-2 Years.

For further details, visit:

hp://www.mdx.ac.uk/courses/postgraduacompung_and_it/elec_secu_digi_forensic

msc.aspx

Audio/Video Quality diers from HD.

Discs made via process of burning & n

pressing.

Unlike Original CDs/DVDs; Data on pirat

ones can easily be copied.

w to recognize a pirated CD/DVD?

Costs around ten mes lesser than original CDs.

Low/Poor quality packaging, when compared to

the original ones.

Track list details, are modied in most cases.
http://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.graduatecatalog.ucf.edu/programs/program.aspx?id=1160http://www.graduatecatalog.ucf.edu/programs/program.aspx?id=1160http://www.graduatecatalog.ucf.edu/programs/program.aspx?id=1160http://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.mdx.ac.uk/courses/postgraduate/computing_and_it/elec_secu_digi_forensics_msc.aspxhttp://www.graduatecatalog.ucf.edu/programs/program.aspx?id=1160http://www.graduatecatalog.ucf.edu/programs/program.aspx?id=1160http://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.sunderland.ac.uk/course/617/computer_forensicshttp://www.fact-uk.org.uk/site/latest_news/index.htmhttp://www.fact-uk.org.uk/site/latest_news/index.htm


3/6II

CD and DVD Forensics By Paul Crowley

Publisher: Syngress; 1st edion (November 28, 2006)

Language: English

This is one of the very few books on the subject; a must read, which covers all facets of handli

examining, and processing CD and DVD evidence. Data forensics has recently emerged as an integ

requirement of law enforcement, and corporate security agencies.

This book provides readers with knowledge regarding dierent tools that can be used to open CD

DVDs, in order to obtain any evidenary clues that it may contain. It is divided into four basic pa

(a) CD and DVD physics dealing with the history, construcon and technology of CD and DVD me

(b) le systems present on CDs and DVDs and how these are dierent from that which is found

hard disks, oppy disks and other media, (c) consideraons for handling CD and DVD evidence

both recover the maximum amount of informaon present on a disc and to do so with

destroying or altering the disc in any way, and (d) using the InnaDyne product CD/DVD Inspecto

examine discs in detail and collect evidence.

eard of the tool

D DVD Inspector (Version 4.1):rofessional soware for intensive analysis and extracon of data from

D-R, CD-RW and all types of DVD media - including HD DVD and Blu-Ray.

seful for data recovery, forensics, and law enforcement. Based on the data

covery technology in CD/DVD Diagnosc, it has detailed displays and

nhanced media search abilies. It also now includes a exible report

enerator; improving its performance and usability.

can generate printed reports containing more than 50 items, in one go. It

so has features for prinng thumbnails of pictures and can sort reports on

e basis of data items.
http://www.amazon.com/s/ref=ntt_athr_dp_sr_1/185-2368833-2635611?_encoding=UTF8&search-alias=digital-text&field-author=Paul%20Crowleyhttp://www.amazon.com/s/ref=ntt_athr_dp_sr_1/185-2368833-2635611?_encoding=UTF8&search-alias=digital-text&field-author=Paul%20Crowleyhttp://www.amazon.com/s/ref=ntt_athr_dp_sr_1/185-2368833-2635611?_encoding=UTF8&search-alias=digital-text&field-author=Paul%20Crowley


4/6V

Computer Forensics InternSAIC, McLean Virginia, USA.

Job Type: Full Time

Applicaon Deadline: See Link.

To View details & apply,visit: hp://jobs.saic.com/job/McLean-

Computer-Forensics-Intern-Job-VA-

22101/1474852/

Computer Forensic Analyst

IntaForensics, Nuneaton - Warwickshire -

UK.

Job Type: permanent,

Applicaon Deadline: See Link.

To View details & apply,

visit: hp://www.intaforensics.com/

Careers.aspx

ICDF 2012: The Eighth Internaonal

Conference on Digital Forensicsat

Paaya Thailand.

Between March 12-13, 2012.

For further informaon,

See: hp://www.waset.org/conferences/201

paaya/icdf/index.php

CSCFE - Cyber Security & Computer Forensic

Exchangeat Fort Lauderdale, Florida USA.

Between May 14-16, 2012.

For more informaon,

Visit: hps://www.exchangeevents.net/cscfeindex.php

CYBER SEC12: The First Internaonal Confere

on Cyber Security, Cyber Warfare and Digita

Forensicat University Putra Malaysia,

Kuala Lumpur - Malaysia.

Between June 26 - 28, 2012.

For further details,

Refer: hp://www.sdiwc.net/CyberSec2012/page.php?id=2
http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://www.intaforensics.com/Careers.aspxhttp://www.intaforensics.com/Careers.aspxhttp://www.intaforensics.com/Careers.aspxhttp://www.intaforensics.com/Careers.aspxhttp://www.waset.org/conferences/2012/pattaya/icdf/index.phphttp://www.waset.org/conferences/2012/pattaya/icdf/index.phphttp://www.waset.org/conferences/2012/pattaya/icdf/index.phphttps://www.exchangeevents.net/cscfe/p_index.phphttps://www.exchangeevents.net/cscfe/p_index.phphttps://www.exchangeevents.net/cscfe/p_index.phphttp://www.sdiwc.net/CyberSec2012/page.php?id=2http://www.sdiwc.net/CyberSec2012/page.php?id=2http://www.sdiwc.net/CyberSec2012/page.php?id=2http://www.sdiwc.net/CyberSec2012/page.php?id=2http://www.sdiwc.net/CyberSec2012/page.php?id=2https://www.exchangeevents.net/cscfe/p_index.phphttps://www.exchangeevents.net/cscfe/p_index.phphttp://www.waset.org/conferences/2012/pattaya/icdf/index.phphttp://www.waset.org/conferences/2012/pattaya/icdf/index.phphttp://www.intaforensics.com/Careers.aspxhttp://www.intaforensics.com/Careers.aspxhttp://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/http://jobs.saic.com/job/McLean-Computer-Forensics-Intern-Job-VA-22101/1474852/


5/6

Mr. Yogesh Khatri has 7 years of experience praccing Digital Forensic

the US and has been involved in working on cases worldwide, in pla

like US, Canada, South Korea, Japan, Taiwan and Singapore.

He holds a Bachelors degree (BE) in Electronics from Mumbai Univer

a Masters degree (MS) in Computer Engineering from Syracuse Univety in New York, USA and a number of industry recognized cercaon

forensics and security like EnCE, SANS GREM, GCIA and GPEN. He

been a speaker at several conferences and a trainer to corporates

police ocers.

He is the Founder of Swi Forensics, now operang out of Mumbai

can be reached at [email protected]. Hell answer our read

queries in the secon below.

V

Q1 - Some of my CDs have many scratches and have become unreadable. Is there any way to FIX this?

Ritu Singh, Vishakhapatnam - Indi

Expert Says -If the CD has many scratches and does not read properly, it may need treatment t

emove those scratches. CDs are read by a laser which penetrates the plasc layer from the boom

and is reected back from the data layer. Theorecally, when a drive tries to read a CD with

cratch, the laser hits the scratch, think of it is a ny dent or crack and does not reect bacorrectly. If the scratch is lled with a suitable substance which aens out the dent, so the lase

an reect cleanly, the CD at the very least becomes workable. Think of it as lling a pot hole on

oad; its no longer a bumpy ride now. There are some o the shelf products available to do these

all of which require lling the scratch with some gel like substance. Also there are many hom

emedies which people have gured out that work with mixed results, just Google for "remov

cratches from CDs" Whatever you do, never rub/clean any CD or DVD in a circular moon. Alway

lean in straight lines from the center of the disc outwards.

Q2 - Is the serial number on a CD guaranteed to be unique?

Nicholas Jonathan, Florida - USA

Expert Says - The number found on the clamping area (near the center) of a CD is common

mistaken to be a unique serial number by forensic examiners. CDs are manufactured by a numbe

of independent companies and there is no specied standard for this number. As a result most o

he CDs just have a batch number or lot number, a number that helps them trace the CD back to i

batch for quality control. Not every CD is tested, just a few in a batch, so when a CD from a batc

goes bad, that batch can be marked as bad. Should forensic examiners sll note down th

numbers? Yes, but don't be surprised if once in a while some other CD in the same case also ha

he same number.


6/6V

ss:2.Bootable,4.Sector,6.Disk,7.EPRom,9.Crystalline

n:1.Dataarea,3.Rewritable,5.CDPiracy,6.Decoding,8.Caddy

3 - Are CD/DVDs a good medium for archiving or backup of data?

Elias Wayne, Manchester - U

xpert Says- CDs and DVDs burned in regular CD/DVD burners in laptops and desktops are genera

ot a good idea for long term storage of important data. It is oen heard that disks lose their bu

er a year or so, although there are no scratches or cracks on the CD. This phenomenon occuore frequently in cheap low quality CDs, however it occurs even in the more expensive brand

edia. CDs are aected by heat and humidity. Extreme heat, temperatures in excess of 48oC w

amage the dye in CD-R disks which is used as the recording substrate. But even prolonged exposu

lesser heat, usually because of improper storage of CDs can damage and ulmately destroy t

ata on the CD. Ideally CDs must be stored in as cool a place as possible and away from moisture.

e- crime repoter by GFSU

Documents

Transcript of e- crime repoter by GFSU