.png)
Computer Forensics
Digital Forensic Examination Project
In the digital forensics project, our goal is to uncover a suspicious user on a device and investigate any substantial evidence of illegal activities found on it. I also investigated the user's digital footprints to uncover any suspicious activities that may have occurred. Furthermore, I identified any possible plans or bad actors that may provide crucial leads for the ongoing investigation of the suspicious user.
01
Identification of Primary User
In the forensic investigation of the recovered computer linked to the Perry Winkler case, we conclusively identified Perry Winkler as the primary user. Using tools like FTK Imager and Registry Explorer, we traced user profiles and system metadata, including the computer's name ("PERRYWINKLER-PC") and specific user identifiers (SID), affirming his association with the device.
02
Evidence of Illegal Activities
The examination unearthed compelling evidence suggesting involvement in illegal activities. I discovered incriminating images such as drugs, money, and credit cards, along with a detailed Excel file cataloging customers and transactions. Additionally, the presence of software like "Eraser" and the Tor Browser indicated attempts to erase traces of illicit behavior and engage in activities potentially linked to the dark web.
03
Attempts to Cover Tracks
Furthermore, the findings revealed deliberate efforts to cover tracks and delete evidence. Emails discussing the removal of sensitive files, alongside deleted items recovered from the recycle bin, underscored systematic attempts to conceal incriminating activities.