Learning Outcomes: At the end of the project, students should be able:
• Task 1: To collect the evidence (data acquisition) from a USB drive which has been deleted by actor in order to remove all evidences against a crime they committed using Prodiscover tool.
• Task 2: To compare the originality of the contents of files in storage devices like USB, after appending some text into the original files, changing their extensions and changing their properties to hidden. You need to calculate MD5 or SHA-I to check the originality of files.
• Task 3: To capture and Carve an image (JPEG, GIF etc.) with a damaged header
Perform the above mentioned tasks by following all the steps required to generate the results and take screen shots of all steps performed and explain the steps with their screen shots.
Save all the results generated with the steps performed in a word file as proof of the steps being performed to generate the final outcome of all three (3) tasks assigned.
Submit the .docx file on blackboard highlighting all steps and findings of your work.
Use USB Drive to perform all steps
Format the USB drive before performing the project using NTFS file system
Capture the screen shots and save them in word file
Individual Deliverables (Research & Documentation by individual members)
1. Collect the evidence from USB drive of all the deleted files.
2. Compare the originality of files in USB drive by calculating MD5 or SHA-I, change their extensions, and changing their properties to hidden etc.
3. Capture and carve an image from a USB drive with a damaged header.
Notes:
All above tasks should include proper screen shots of all steps performed with their explanations explaining how they are performed.
Deliverables
Based on the above deliverables, you are required to: -
• These tasks performed must be provided in a summarized matrix table mentioning your task with your name. This should be inserted at the bottom centre of the coverpage of the document.
• Your report(s) must combine all the deliverables in one coherent document.