Scribd
Upload
176 views18 pages

Assignment 2 - Digital Forensic Report

The Digital Forensic Report details an investigation of a Samsung tablet to analyze digital artifacts related to communications and multimedia. The findings reveal extensive multimedia content and connectivity logs, with no detected malware but notable gaps in keyword searches and app-specific data. Recommendations include analyzing carved audio files, expanding keyword searches, and reviewing social media activity for potential evidence.

Uploaded by

mawufemor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
176 views18 pages

Assignment 2 - Digital Forensic Report

The Digital Forensic Report details an investigation of a Samsung tablet to analyze digital artifacts related to communications and multimedia. The findings reveal extensive multimedia content and connectivity logs, with no detected malware but notable gaps in keyword searches and app-specific data. Recommendations include analyzing carved audio files, expanding keyword searches, and reviewing social media activity for potential evidence.

Uploaded by

mawufemor
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Digital Forensic Report

Case Title: Mobile Phone Forensics

Case Number: 13th April 2025 - 2

Date of Investigation: 13/04/2025

Organization: Group 7
TABLE OF CONTENT

1. Investigation Team................................................................................................................................................................
2. Executive Summary...........................................................................................................................................
3. Case Details............................................................................................................................................................................
4. Forensic Tools & Methods Used..........................................................................................................................................
5. Findings..................................................................................................................................................................................
5.1. Data Overview.............................................................................................................................................
5.2. Notable Observations.................................................................................................................................
5.3. Gaps & Limitations......................................................................................................................................
6. Conclusion..............................................................................................................................................................................
7. Recommendations...............................................................................................................................................
8. Attachments...........................................................................................................................................................................
1. Investigation Team

Name Index Number Role Contact

David Makafui Awanta 225073390 Technical Lead [Link]@[Link]

Prince Opoku Amaning 225069830 Principal [Link]@[Link].e


Forensic Officer [Link]

Michael Owusu 225069768 Forensic [Link]@[Link]


Officer

Emmanuella Lawrencia 225084058 Forensic [Link]@[Link]


Debrah Officer [Link]

Damien Akasoba 225069571 Forensic Officer [Link]@[Link]

Joshua Klubi 225074508 Forensic [Link]@[Link]


Officer

Justice Kpende 225071703 Forensic Officer [Link]@[Link]

2. Executive Summary

This forensic investigation aimed to analyze a mobile device image (samsung SM-X216B) using
Magnet AXIOM to recover and assess digital artifacts relevant to communications, multimedia,
financial data, and other activities. The goal was to identify potential risks, policy violations, or
security concerns tied to the device’s usage.

3. Case Details

● Incident Description: Analyze a student’s cell phone


● Device Information:
○ Device Type: Samsung Tablet
○ Operating System: Android
○ Storage Capacity: 128GB
○ Image Source: samsung SM-X216B Quick [Link]
○ Case File Path: C:\Users\opoku\Documents\GIMPA\Digital Forensics\Samsung
Tab A9\trial1\

4. Forensic Tools & Methods Used

● Tools

(i) Magnet AXIOM, Windows NT 10.0

● Methodology

The investigation followed a structured process:


1. Imaging & Case Setup: A mobile device image (samsung SM-X216B Quick [Link]
was loaded into Magnet AXIOM, with a case created using the date and a unique
identifier. Evidence was stored in designated folders to maintain integrity. Screenshots (8.
Attachments a-j)
2. Artifact Extraction: The tool processed the image, recovering artifacts such as social
media data, GPS locations, and multimedia files. Screenshots (8. Attachments k-o)
3. Analysis: Categories like Chat, Email, Web Related, and Mobile were to be examined to
map the student’s communications, online behavior, and stored data but with limited
features because of a trial Magnet Axiom version, we could not extract those categories
but instead we got Connected Devices, Account Information, Camera History, Carved
Audio, etc. Screenshots (8. Attachments p-r)

5. Findings

5.1. Data Overview

● Multimedia Content:
○ 778 Pictures: Potential personal, social, or evidentiary relevance (e.g.,
screenshots, camera photos).
○ 37 Videos: Includes recorded clips or saved media.
○ 8 Instagram Media Items: Likely posts, stories, or direct messages recovered.
○ 96 Camera History Entries: Frequent use of the device’s camera.
● Connectivity & Accounts:
○ 23 Accounts: Linked to apps/services (e.g., Google, social media, email).
○ 26 Wi-Fi Networks: Historical connections to various networks.
○ 5 Bluetooth Devices: Paired devices (e.g., headphones, speakers).
● Communication & Activity:
○ Android Artifacts: SMS/MMS, call logs, and messages from apps like WhatsApp,
Facebook Messenger, and Signal were processed but not quantified in results.
○ 2 Carved Audio Files: Recovered deleted or fragmented audio recordings.

5.2. Notable Observations

● Security Settings:
○ No Malware/Phishing URLs Detected: Searches for these categories returned no
results.
○ OCR Disabled: Text extraction from images/videos was not performed.
● Potential Areas of Interest:
○ Instagram & Social Media: Limited media recovered (8 items) suggests possible
deleted content or minimal activity.
○ Wi-Fi Logs: Multiple network connections could indicate locations visited or
device usage patterns.
○ Carved Audio: Requires further analysis to determine content (e.g., voice memos,
calls).

5.3. Gaps & Limitations

● No Keyword/Alerts Searches: Examiners did not apply custom keywords or alerts.


● Dynamic App Finder Disabled: Potential app-specific data (e.g., hidden vaults) may have
been missed.

6. Conclusion

The Samsung Tab A9 contained extensive multimedia content and connectivity logs, reflecting
routine use for social media, photography, and web browsing. While no overtly malicious
activity (e.g., malware, phishing) was detected, the carved audio files and high volume of
accounts warrant deeper scrutiny. The absence of keyword searches and OCR limits insight into
text-based evidence. We also believe we would get full features and more insight if we got a
premium version of the Magnet AXIOM application.

7. Recommendations
1. Analyze Carved Audio: Review the 2 audio files for potential evidentiary value.
2. Expand Keyword Searches: Investigate terms related to financial data, sensitive
communications, or case-specific concerns.
3. Audit Wi-Fi Networks: Correlate network logs with location data or timelines.
4. Review Social Media Activity: Focus on Instagram, WhatsApp, and other platforms for
deleted or hidden content.
5. Enable OCR in Future Analyses: Extract text from images/videos to identify sensitive
information (e.g., credentials, notes).
8. Attachments

a.
b.

c.
d.

e.
f.

g.
h.

i.
j.

k.
l.
m.
n.
o.
p.

q.
r.

You might also like