Scribd
Upload
3K views9 pages

Applying The Daubert Standard To Forensic Evidence 4e - Hrijuta Chakraborty

The document outlines a lab report on applying the Daubert Standard to forensic evidence, detailing hands-on demonstrations, evidence extraction, and hash code verification using various tools like FTK Imager and Autopsy. It confirms the integrity and authenticity of the evidence files through matching hash values across different platforms. The report includes specific tasks, screen capture requirements, and results from the analysis of evidence files.

Uploaded by

cifevop644
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3K views9 pages

Applying The Daubert Standard To Forensic Evidence 4e - Hrijuta Chakraborty

The document outlines a lab report on applying the Daubert Standard to forensic evidence, detailing hands-on demonstrations, evidence extraction, and hash code verification using various tools like FTK Imager and Autopsy. It confirms the integrity and authenticity of the evidence files through matching hash values across different platforms. The report includes specific tasks, screen capture requirements, and results from the analysis of evidence files.

Uploaded by

cifevop644
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Applying the Daubert Standard to Forensic Evidence (4e)

Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

Student: Email:
Hrijuta Chakraborty [email protected]

Time on Task: Progress:


3 hours, 17 minutes 100%

Report Generated: Monday, January 27, 2025 at 10:14 PM

Section 1: Hands-On Demonstration


Part 1: Complete Chain of Custody Procedures

7. Make a screen capture showing the contents of the search warrant in Adobe Reader.

Page 1 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

14. Make a screen capture showing the completed Chain of Custody form in Adobe Reader.

Part 2: Extract Evidence Files and Create Hash Codes with FTK Imager

34. Make a screen capture showing the contents of the 0002665_hash.csv file.

Page 2 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

37. Make a screen capture showing the contents of the RecycleBinEvidence_hash.csv file.

38. Make a screen capture showing the contents of the MyRussianMafiaBuddies_hash.csv


file.

Page 3 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

39. Make a screen capture showing the contents of the Nice guys_hash.csv file.

Part 3: Verify Hash Codes with E3

14. Make a screen capture showing the MD5 and SHA1 values for the
MyRussianMafiaBuddies.txt file.

Page 4 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

16. Make a screen capture showing the MD5 and SHA1 values for the Nice Guys.png file.

17. Describe how the hash values produced by E3 for the incriminating files compare to those
produced by FTK. Do they match?

Yes, the hash values match. After examining the hash values of both the incriminating files produced
by E3 and FTK Imager it was found to be identical thus confirming the integrity of the files and that no
alterations have been made to the individual files maintaining the authenticity of the evidence.

Page 5 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

Section 2: Applied Learning


Part 1: Extract Evidence Files and Create Hash Codes with FTK Imager

5. Make a screen capture showing the contents of the suspicious email file in the Display
pane.

Page 6 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

16. Make a screen capture showing the two hash values for the suspicious email file.

Part 2: Verify Hash Codes with Autopsy

11. Make a screen capture showing the MD5 field in the Result Viewer.

Page 7 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

12. Describe how the hash value produced by Autopsy compares to the values produced by FTK
Imager for the two .eml files.

After examining the hash values of both the incriminating .eml files produced by Autopsy and FTK
Imager it was found to be identical thus confirming the integrity of the .eml files and that no alterations
have been made to the individual files maintaining the authenticity of the evidence.

Part 3: Verify Hash Codes with E3

7. Make a screen capture showing the MD5 value produced by E3.

8. Describe how the hash value produced by E3 compares to the values produced by FTK
Imager for the two .eml files and the value produced by Autopsy.

After examining the hash values of both the incriminating files produced by E3 and FTK Imager it was
found to be comparable thus confirming authenticity of the evidence files. Later, these hash values
were compared to the hash value results produced by Autopsy which were again similar hence
confirming the authenticity of the evidence.

Page 8 of 9
Applying the Daubert Standard to Forensic Evidence (4e)
Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01

Section 3: Challenge and Analysis


Part 1: Verify Hash Codes on the Command Line
Make a screen capture showing the hash values for the Evidence_drive1.001 file.

Part 2: Locate Additional Evidence


Define the original file names and file paths for each of the three files.

$R354ELH.xlsx - G:\VIP Info21DrugSales.xlsx$RBQEOTL.doc - G:\Students\manual-testing-fresher-


resume-1.doc$RX3177E.pdf - G:\Work Doc\hr letter for visa.pdf

Page 9 of 9
Powered by TCPDF (www.tcpdf.org)

You might also like