BN309 Computer Forensics | My Assignment Tutor

BN309 Computer Forensics Laboratory 12: E-mail Investigations and Mobile Device Forensics Submission Due: End of laboratory class, submit the file on Moodle at least 10 minutes before the end of laboratory class. Total Marks   = 10 marks for 10 weeks (DIT and BNet)                         = 5 marks for 10 weeks (GDNet and MNet) Marks will be given only to students who attend and participate during 2 hours laboratory class. Submission on Moodle is mandatory as an evidence of participation. Description of the laboratory exercise: In this lab, you will use WinHex, and SimManager. You will find these software under “Software for Labs” folder in Moodle. You will find other necessary files under Lab10 folder. Activity 1: Using a Hex Editor to Carve E-mail Messages The attorney for Superior Bicycles, Ileen Johnson, has asked you to examine Martha Dax’s Evolution e-mail data for any messages referring to the words “special projects.” To perform this task, you need Hex Workshop ( under Software for Labs folder and the martha-evolution.tar (Under Lab 10 folder) file. Follow these steps: 1. Start Hex Workshop. Click File, Open from the menu, navigate to your work folder, and double-click martha-evolution.tar. 12 2. Click the Find toolbar button. In the Find dialog box, click the Type list arrow, and then click Text String. In the Value text box, type special projects, and then click OK. 3. In the main Hex Workshop window, scroll up until you find the first occurrence of From:. Click the letter F, and then drag down in the right pane, highlighting all text until you reach the next From: statement. 4. Right-click the text highlighted in the right pane and click Copy. 5. Start Notepad. Click Edit, Paste to copy the selected text into a new text document. Click File, Save As from the menu, save it as Special-projects1.txt in your work folder, and then click Save. Click File, Print from the menu to print this document. Close the file, and leave Notepad open. 6. Continue the search by clicking the Find Again toolbar button in Hex Workshop and repeat Steps 2 through 5 (without restarting Notepad). 7. Exit Hex Workshop and Notepad when you have finished your searches. Submit the recovered e-mail messages you printed to your instructor. Activity 2: In this activity, you analyse the phone records of two suspected drug dealers. 1. Start Excel, and open the Messages_Sebastian’s_phone.xls and Messages_Nau’s_phone.xls files. 2. These two employees are suspected of drug dealing. If the messages aren’t currently in chronological order, change the display to sort them in this order. 3. Establish the timeline for what transpired between the two. Note items such as when they respond to each other’s messages, dates and times, and what numbers they call. 4. Write a short report summarizing the data you examined and stating any conclusions you can draw from the SMS messages. Activity 3: In this activity, you use SIMManager to examine SIM Cards. 1. Install SIMManager and start the program. If you get a message stating that this copy of the program isn’t registered, click OK. 2. Click the Open toolbar icon, navigate to your work folder, click the Phonebook_Sebastian’s.phn file, and click OK. 3. Click to select Phonebook_Sebastian’s on the left; his name and the cell phone number are then displayed on the right. 4. Click the SMS Messages icon on the left. Examine the messages displayed on the right. 5. Click the Print toolbar icon to print the messages. Accept the default selections, and then click Print. 6. Examine the menu items, and notice that this tool is used for altering or updating a SIM card, not for investigative purposes. Click File, Close from the menu. 7. Click the Open toolbar icon, navigate to your work folder, click the Phonebook_Nau’s.phn file, and then click OK. 8. Determine Nau’s full first name. Next, click the SMS Messages icon on the left. 9. Notice that two different SMS Centers are listed on the left. Draw a conclusion as to what the difference might be. 10. Print the messages, following the procedure in Step 6. 11. Compare the two sets of messages, and correlate the timestamps. Create a timeline based on this information. 12. Write a short report on your findings and any relevant conclusions.


Leave a Reply

Your email address will not be published. Required fields are marked *