FODEA FORENSIC: PRACTICAL’S (Optional)

Monday 2 September 2013

PRACTICAL’S (Optional)

Online Courses and Self Study may lack in practical experiences, so- We provide Practical Summer Trainings to our Students in special batches / workshops. This course provides an introduction to the field of Forensic Sciences and allied subjects / branches; we also provide optional hands-on practical experience using state-of-the-art landscape analysis tools.

This exercise is going to be a little more theoretic because I cannot share the data that I have and I have no ability to make additional data for sharing.

So here is the scenario (BTW, it's a real scenario). Local police detectives have responded to the scene of a homicide. During their investigation they have discovered that there is a CCTV system that may have caught the entire event on video. Being conscious of preserving the data, they called the security company responsible for installing the CCTV system, who promptly responded and shut down the CCTV system. The technician pulled the hard drive out and gave it to the detectives, who has now given it to you with one simple request: "find the evidence". They want you to extract the videos so they can review them to see if it is useful in helping solve the case. Sounds simple eh?

Being the energetic examiner that you are, you quickly image the hard drive and begin an initial analysis. Once imaged, you load the image into EnCase and see a single 100GB FAT32 volume containing hundreds of files in the root directory of the volume. There are no subdirectories (other than some file system generated directories that contain no data). Information about the volume looks like this:

The files in the root directory look like this:

The video data from each day is recorded and stored in one or multiple files depending on the amount of data recorded. Each file has the extension of "XBA". The file header looks like this:

You then export several files out to your local working drive and attempt to view them using a freely available video viewer. Each attempt to view fails and the viewer reports the file is corrupted. A quick look at the exported files show they are each 32,768 bytes in length, even though EnCase reports a different size for each file you exported.

Ideas?..........Let the questions begin... please use the comment function below so everyone can benefit from questions and answers already given.

Fodea Forensic

We provide complete assistance to our clients and students through comprehensive easy to read lectures notes and for the professional, work-flow during Investigation with strict Chain of Custody Management, Forensic analysis of cases till reporting, and follow up to the Court.
We also work on every case after the creation of investigation plan. And since our students are members of Forensic Digital Examiners Association (FODEA), we monitor their progress after certification through appropriate feedback mechanism.

Social Icons

Pages

Monday 2 September 2013

PRACTICAL’S (Optional)

About Me

Fodea Forensic

ICFE TRAINER ADVERT

Blog Archive

Address

Address