How to Install Digital Forensics Framework in System

DFF (Digital Forensics Framework) is a free and Open Source computer forensics software built on top of a dedicated Application Programming Interface (API).

It can be used both by professional and non-expert people in order to quickly and easily collect, preserve and reveal digital evidences without compromising systems and data.

To install DFF (Digital Forensics Framework), firstly install python from link given below

Python from Here.

Install PyQt4 from Here These both are prerequisite for DFF.

Now click on I Agree Option

Select the type of install & click on Next.

Choose Python Installation Folder & click on Install.

Now Install DFF from Here & click on Next.

Click on I Agree to proceed Further.

Now Choose Destination Folder to Install DFF 7 clicks on Next.

Now Choose Start Menu Folder & Click on Install.

Click on Finish to complete the installation.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]

How to Mount RAW Image and ISO Image as a Drive using OSF Mount

OSFMount allows you to mount local disk image files (bit-for-bit copies of a disk partition) in Windows with a drive letter. You can then analyze the disk image file with PassMark OSForensics by using the mounted volume’s drive letter.

First of all, we are clicking on My Computer option & it will show us all physical drives and removable storage drives.

First Download OSFMount from here and install in your pc then open OSFMount and click on Mount new button.

Now load the Evidence Disk Image by clicking on Browse Option.

Now it will show the mounted Image.

Now click on My Computer. It will show you the Mounted Image as a Drive.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]

Forensics Investigation of Facebook, Skype, and Browsers in RAW Image using IEF (Internet Evidence Finder)

Internet Evidence Finder is designed to find Internet-related data or files on a hard drive as part of a digital forensics investigation. In this regard, the purpose of this application really contrasts the simplicity of its design.

Features

  • Browser Activity
  • Instant Messaging
  • Chat Apps
  • Social Networking
  • P2P File Sharing
  • Web Search
  • Search Toolbar
  • Media Files
  • Webmail
  • Cloud Drive Mapping

First Download IEF from here and install the IEF & open the tool IEF. Now click images first.

Select the image file to load & click on open option.

It will show the image file. Click on Next.

Click on ok.

Now it will show the location and search type .Click on next.

Select the items which are to be investigated. Click on next

Click on browse to select the destination folder. Assign the case Name, case no. & Examiner’s name.Click on find evidence.

Now it will show us the processing status.

After process completion, IEF report. Now click on FaceBook URLs. It will show all the FaceBook URLs with date and time.

By clicking on Google Analytics URLs, it will show the details of URLs with page title and host name.

Now click on Google search, it will show the URLs with original search query.

By selecting Skype Chat Message, it will show the Message and identifier.

Now select FaceBook Chat Option. It will show the FacBook chat message.

By selecting FaceBook status update. It will show the updated status.

By clicking on any one of the Browser activity option such as opera/360 safe browser. It will show opera history.

By selecting IE inPrivate/Recovery URLs. It will show IE history.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]

How to Create Drive Image for Forensic Purpose using Forensic Replicator

Forensic Replicator is a bit-stream forensic image creation tool. Forensic Replicator is a Windows based tool that creates bit-by-bit raw DD images of hard drives and related media. You can also create images in PFR format to encrypt the image, compress it, or break it up into smaller pieces. Forensic Replicator gives you everything you would expect in a forensic imaging tool. 

 Features

  • Drive to Drive image option
  • Creates bit-stream images of removable media, partitions, or an entire physical hard drive
  • Creates images of USB micro drives
  • New explore function allows for preview of active FAT files–tree and detail view available
  • Allows for reprocessing of image files from Raw to Split or add compression as a new image file
  • Compresses image files on the fly
  • Encrypts data for secure storage of evidence-128 bit
  • Splits images into segments for portability
  • Generates self-extracting images
  • Formats and copies DMF/1.68 MB floppy
  • Creates ISO CDRom images and allows immediate browsing of data
  • Automates floppy imaging with convenient Batch Assistant mode

First Download Forensic Replicator from here and install the Forensic Replicator.

Now click on file option & select create physical drive image

It will show creating physical drive image window. Click on next.

Now choose the drive of the Suspect Evidence you want to make image.

Now browse location and name of physical image file to create. Select save in raw format option. Click on next.

Select the file format such as Text File, Html File or Xml File. Select information for inclusion in the report   i.e.  Image information, Time and Date of Acquisition, Export Partition structure & Add report header & click on Next

Now enter the details such as case no. , Evidence No. , Company /Agency etc. Click on Finish.

Now it will ask for File Name. Enter the file name & select the folder where report file is to be saved. Click on save.

Now it will create the raw image.

AuthorMukul Mohan is a Microsoft Certified System Engineer in Security and Messaging. He is a Microsoft Certified Technology Specialist with high level of expertise in handling server side operations based on windows platform. An experienced IT Technical Trainer with over 20 years’ Experience. You can contact him at [email protected]

Related Posts Plugin for WordPress, Blogger...