Scribd Logo
Upload

Welcome to Scribd!

  • Problem Based Task Computer Forensic

    Uploaded by

    Mysarah adriana
    3 views17 pages

    Original Title

    PROBLEM BASED TASK COMPUTER FORENSIC

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    3 views17 pages

    Problem Based Task Computer Forensic

    Uploaded by

    Mysarah adriana

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 17

    -

    CASE REPORT COMPUTER FORENSIC

    Conducted by:
    Name Matrix Number
    NURSHUHADA NAJWA BINTI MOHAMAD SHAFIE 01DDT22F1011
    NUR ALIYA SOFIA BINTI MOHD ZAIDI 01DDT22F1059
    MAISARAH ADRIANA BINTI MOHD SHAH RIZAN NIZAM 01DDT22F1057
    QUESTION 1
    Case Title: Digital Image Forensic Investigation – Metadata Analysis
    1. Go to any browser and search PhotoME. Then, click on Download. PhotoME is a
    digital photo metadata editor.

    2. Wait for a while until the download is done and start setup to use the tool.
    3. After the download has done, continue with the setup by click on Next.

    4. Then, select the destination of PhotoME should be installed and also for additional
    icons, click on create desktop icon.
    5. Click Install to continue the installation after the setup has ready to begin the
    installation on the computer.

    6. Finally, the installation of PhotoME has completed. Click on Finish to exit setup.
    7. Open PhotoME and click on the file icon in the file menu to open file browser and
    choose the file that you want to analysis.

    8. Then, choose any file and choose any picture that you want to perform metadata
    analysis investigation.
    9. After you choose, the photo will pop up in the thumbnail and it will display some
    information of the photo including the camera used, the date and time.

    10. This is the metadata of the date and time that the image was created and modified.

    From the overview, the information of the image metadata shows that the creation
    date of this image is on 13/7/2023 at 10:00 and the last modification is on 2/5/2024
    at 16:47. Also, it is also show the file type of this image which is JPEG.
    11. Next, this is the metadata information of camera make and model used to capture
    the image chosen.

    It also shows the camera make and the model used from this image information. The
    camera make is from Apple and the model is iPhone 11 is used to capture this
    image.

    12. Besides, there are more metadata information on this image as we can see in the
    picture below.

    From this image information, it also shows the software used to edit the image
    which is Instagram. But there are no GPS Coordinates were found in this picture.
    Document Findings
    Based on the analysis conducted on the metadata using PhotoME, the image appears to be
    authentic in terms of its creation details which is the creation and modification date and
    camera information. There are also editing software founded in the image. However, the
    absence of GPS coordinates limits our ability to verify the image origin.

    Potential Implications of the case


    Based on the findings from metadata analysis, it could have effects on the case because if
    there are signs that the picture was changed, it might not be trusted as evidence for the
    investigator. The details in the metadata could help by showing if people were where they
    said they were when the picture was taken. But if there's no location info, it's harder to be
    sure for the investigator to strong the prove.
    In conclusion, while the metadata analysis provides valuable insights into the authenticity of
    the image, further investigation is warranted to confirm its veracity conclusively. The findings
    presented in this report serve as a foundation for the ongoing investigation into the image's
    authenticity.
    QUESTION 2
    Case Title: Analyzing FTP Traffic using Wireshark
    1. Download Pcap file that have been given and open in Wireshark to start analyzing the
    traffic.

    2. After that, this is the interface of Wireshark that we open from Pcap file. It shows that
    there are TCP and also FTP traffic there.
    3. Then, go to filter box on the top bar and type “ftp” to display all the specific traffic of
    the FTP only.

    4. Next, go to Analyze menu on the top menu and select Follow then click and open the
    TCP Stream of the ftp pcap file to view the FTP session.
    5. Lastly, in the TCP Stream interface, it shows that the ftp command and the response
    changed during the session.
    Identify potential security threats or anomalies in the FTP Traffic.
    1. Username and Password Transmission: The transmission of the username
    "csanders" and password "echo" in plain text poses a significant security risk.
    This information could be intercepted by attackers using packet sniffing
    techniques, potentially leading to unauthorized access to the FTP server.

    2. Use of Weak Password: The password "echo" appears to be a weak password


    choice, which increases the likelihood of unauthorized access to the FTP
    server. Using weak passwords makes it easier for attackers to guess or brute-
    force their way into the system.

    LINK PRESENTATION: https://youtu.be/x9vEgyJW2pI

    You might also like