Unit 7 Project: Case Project 10-3 and 10-4
CJ317-01 Computer Forensics
During this investigation, you have come across a zip file which you believe to be a graphic file, a JPEG graphics file; this could very well be the needed evidence against an employee who has allegedly been sending non-appropriate photos through email attachments. At the attempt to open the file with an image viewing program, you are getting a message stating that the file is corrupt. There are tools for recovering files that are very important and often needed in order to continue your investigation(s). Case Project 10-3:
First you must understand that when graphics files are part of the investigation, you need to be able to locate and recover all and any graphics files on the suspect's computer. Images are not always saved in the normal graphics file formats; just as with any type of evidence, the bad guys will use any 'tool' they know of to hide what they are doing wrong! You must also understand how the compression ('zipping') works with files. In this situation, the file type is a ".zip" which tells you that it was created with a compression program and you should know that JPEG file formats use the "Loosy Compression" method. This method permanently deletes 'bits' of information from the file to compress the data; unlike "Lossless Compression" which uses techniques to reduce the file(s) size without removing data from the file(s). Since you are already well aware of how each compression method works, you must now 'recover' the suspected graphic file. By using forensics tools you have discovered this file you suspect to be a graphic file even though it is not stored as a standard graphics file, like a JPEG. You must also use tools to recover the graphics file. Since graphic files have headers with instructions on how to display them, the header...