IT532 Mid-Term: Applying Digital Forensics Tools and System Analysis

-
IT532 Mid-Term Project: Exif Data, Steganography, Network, and System Analysis

IT532 Mid-Term Blog: Exploring Digital Forensics Tools and System Analysis

By: Sulemana Salifu
Course: IT532 – Computer Forensics

Cybersecurity Background

This mid-term project demonstrates practical applications of digital forensics and system analysis using four distinct tools: ExifTool for metadata extraction, OpenStego for steganography, Wireshark for network analysis, and Windows Command Prompt for system diagnostics. These exercises provide a hands-on understanding of data privacy, hidden information, and system optimization—core areas of modern digital forensics.

Part 1: Exif Data Extraction Using ExifTool

Objective: The research aims to study digital photo metadata to determine how sharing images online affects personal privacy.

I started by installing ExifTool, which serves as a popular tool for extracting metadata information. I chose a smartphone selfie picture to execute the following Windows command prompt command: 

exiftool myphoto.jpg

The analysis produced unexpected detailed results which included:

  • The camera device operated as a Samsung SM-G991U model
  • The image contains 4000 x 3000 pixels of resolution
  • The GPS location shows 37.7749 degrees latitude and -122.4194 degrees longitude which corresponds to San Francisco
  • The system recorded both the date and exact time when the photographer took the picture
  • The system used specific software to process the image
Exif Data Extraction Example

The exercise showed that images contain substantial amounts of personal information which become embedded during the process. Social media platforms receive photos with built-in metadata that reveals both device information and exact GPS locations which compromise user privacy. The data enters images through device manufacturers and operating systems to help with photo organization and location identification but it creates security threats when not properly managed. Digital forensic investigators start their image verification process by examining metadata because it helps them identify original sources and prove image authenticity.

Part 2: Steganography with OpenStego

Objective: The research aims to study methods which enable digital image data encryption for authorized users and unauthorized users.

I obtained OpenStego, which serves as an open-source tool for steganography operations. I applied OpenStego to beach_sunset.jpg for embedding the following secret text message:

"The project files are safe. Meet at 9:00 AM."

OpenStego generated beach_secret.png from beach_sunset.jpg which maintained the same visual appearance as the original image. The tool's "Extract Data" function allowed me to successfully retrieve the embedded message from the image.

Steganography Image Example

The exercise demonstrated how organizations can protect their confidential documents through steganography while criminals use this method to conceal illegal content. Digital forensics students need to understand this technique because it helps them detect concealed data during their investigations. Steganography stands as an underappreciated yet effective method which unites cryptographic principles with digital artistic techniques.

Part 3: Network Analysis Using Wireshark

Objective: The main goal of this project involves monitoring active network traffic to understand how different systems exchange information with each other.

I proceeded to install Wireshark, which serves as the leading packet analysis tool in the industry. I activated Wireshark to monitor my home Wi-Fi adapter while I visited different websites through my browser for five minutes.

Wireshark Network Analysis Example

The recorded network traffic included more than 3000 packets which consisted of:

  • TCP packets – functioned as the primary communication method between clients and servers for web browsing
  • UDP packets – served dual purposes for DNS lookup operations and streaming content delivery
  • ICMP packets – performed system ping operations and network diagnostic functions
  • HTTP and HTTPS protocols – The system used these protocols to establish secure web connections

The color scheme in Wireshark enabled me to spot both network traffic surges and potential security threats which involved repeated unsuccessful attempts to connect to unfamiliar IP addresses. The exercise showed analysts how to use packet analysis to build digital communication logs and identify cyber attacks.

Part 4: Windows System Analysis Using Command Prompt

Objective: The objective of this task involves using command-line tools to evaluate Windows operating system functionality while performing system optimization through file deletion of unrequired data.

I activated the Windows Command Prompt through Win + X → “Command Prompt (Admin)” and executed following command to generate a system report:

systeminfo > C:\Users\Sulemana\Desktop\system_report.txt

The system information command generated a text document which contained the following details:

  • OS Name: Microsoft Windows 11 Home
  • System Boot Time: 10/30/2025 08:13:25
  • Total Physical Memory: 16,384 MB
  • Available Physical Memory: 7,862 MB
Windows Command Prompt Analysis Example

The system report revealed that two outdated installation files and multiple unused applications took up 3.2 GB of disk space. The following command helped me eliminate unnecessary files from my system:

del "C:\Users\Sulemana\Downloads\oldsetup.exe"

I executed this command multiple times to eliminate temporary cache files which resulted in a total space savings of 4 GB. The hands-on exercise helped me learn about system resource management through command-line operations. The process demonstrated why scheduled system maintenance remains essential for achieving better system performance and security protection.

Conclusion

The mid-term assignment delivered an extensive practical experience with actual forensic methods that professionals use in their work. The tasks demonstrated how digital evidence reveals essential user activities and system status and concealed communication methods through metadata extraction and packet analysis. The combination of ExifTool and OpenStego with Wireshark and Windows Command Prompt enabled me to connect theoretical knowledge to practical applications which strengthened my digital forensics technical abilities.

The experience taught me to respect the ethical duties which forensic analysts must follow when protecting personal data and maintaining system security. The digital investigation process requires analysts to maintain transparency while ensuring accuracy and exercising proper discretion according to the evidence they collect through their commands and packet captures.

References

ExifTool. (2024). ExifTool by Phil Harvey. https://exiftool.org
OpenStego. (2024). Free steganography tool. https://www.openstego.com
Wireshark Foundation. (2024). Wireshark User Guide. https://www.wireshark.org
Oettinger, W. (2022). Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence (2nd ed.). Packt Publishing.

Comments

Post a Comment

Popular posts from this blog

Digital Forensic Tools Crash Course (Autopsy)

-
Image
Digital Forensics Crash Course: Autopsy Forensic Browser Digital Forensics Crash Course: A Step‑by‑Step Guide to Using Autopsy Forensic Browser Author: Sulemana Salifu Course: IT532 – Computer Forensics Institution: Southern States University Week 3 Assignment Introduction In the digital age, nearly every investigation involves some form of digital evidence—from smartphones and hard drives to social media and cloud systems. A digital forensic investigator must use reliable, verifiable tools to extract, analyze, and document this evidence without compromising its integrity. Autopsy is a free, open‑source, GUI‑based digital forensics platform built on The Sleuth Kit (TSK) . It enables investigators to recover deleted files, analyze Internet artifacts, examine images, and create structured reports suitable for legal or administrative proceedings. This page is a beginner‑friendly “crash course” that walks...
Read more

Building My Virtual Digital Forensics Lab Using VirtualBox and Windows 11

-
Image
Building My Virtual Digital Forensics Lab with VirtualBox and Windows 11 By: Sulemana Salifu Course: IT532 – Computer Forensics Institution: Southern States University Instructor: Robert Pacheco Introduction Modern life requires strong cybersecurity and digital forensics abilities because digital technologies spread across all aspects of contemporary existence. A home virtual digital forensics lab serves as a protected space for learning and experimental work on investigative methods while protecting essential data and production equipment. The article describes my virtual digital forensics lab setup through Oracle VirtualBox and Windows 11 while explaining my selection process for forensic training tools and the obstacles I faced during implementation. Purpose of the Digital Forensics Virtual Machine The main function of this virtual machine (VM) exists to provide a specific environment for digital forensics training and experimentation. T...
Read more