Flower Girl case analysis final project Course Name and Number: ITN 276, Computer Forensics I, N280.E40M.FA18 Student Name: Instructor Name: Santwana Das Lab Due Date: 10/07/2018 I started my research by using Encase and Autopsy tools. I did take screenshots from both to investigate this case and I gathered all the information I found in this case. My research starts with screenshots and then my explanation through the evidence that I gathered and found useful to my investigation. Please see below the screenshots and my investigation explanation of the whole scenario. I did the analysis according to what I found during my investigation. Screen shot 1:

Screen shot 2: Screen shot 3:

Screen shot 4: Screen shot 5: Screen shot 6:

Screen shot 7: Screen shot 8:

Screen shot 9: Screen shot 10:

Screen shot 11: Screen shot 12:

Screen shot 13: The year and month Screen shot 14:

Screen shot 15: Screen shot 16:

My case investigation report and analysis: The first thing I did in my investigation is to use two different tools for this case, Encase and Autopsy, in the beginning of the forensics investigation in this case I had to measure the hash value of the image file to make sure that the evidence was not tampered with: Original MD5 of image file: MD5 Hash = 338ecf17b7fc85bbb2d5ae2bbc729dd5 Hash verification from FTK Imager: MD5 Hash = 338ecf17b7fc85bbb2d5ae2bbc729dd5 As I went through the case, I noticed that both hash values were a match. My second step in this investigation was to get a vast idea of the image file partition table, and I came with the following findings: Boot record format: MSWIN4.1 File Allocation Table format: FAT16 Three Partition Table was found on the image file: Slot Start End Length Description