CHAPTER ONE

INTRODUCTION

1.1 BACKGROUND OF STUDY

Forensic science is the application of science to criminal and civil laws, mainly on the

criminal side during criminal investigation, as governed by the legal standards of admissible

evidence and criminal procedure.Forensic scientists collect, preserve, and analyze scientific

evidence during the course of an investigation. While some forensic scientists travel to the scene

of the crime to collect the evidence themselves, others occupy a laboratory role, performing

analysis on objects brought to them by other individuals. In addition to their laboratory role,

forensic scientists testify as expert witnesses in both criminal and civil cases and can work for

either the prosecution or the defense. While any field could technically be forensic, certain

sections have developed over time to encompass the majority of forensically related

cases.Forensic science is the combination of two different Latin words: forensis and science. The

former, forensic, relates to a discussion or examination performed in public. Because trials in the

ancient world were typically held in public, it carries a strong judicial connotation. The second,

of course, is science, which is derived from the Greek for knowledge and is today closely tied to

the scientific method, a systematic way of acquiring knowledge. Taken together, then, forensic

science can be seen as the use of the scientific methods and processes in crime solving. The use

of and need for computer forensics has grown as fast as the widespread use of personal

computers. Computer forensics began in the 1980s as a new tool to help both law enforcement

officials and civil litigators gather and present evidence. The use and variety of both computer

and other digital devices has grown exponentially, especially in the last decade to the point

where almost everyone has their own personal data device that they carry with them at all times.

1
While this growth has been a boon to telecom industry and to the lives of individuals, it has also

created significant and, some think, massive challenges to forensic investigators. Different types

of investigations are needed in different cases. For example, investigators use different

techniques to solve arson, murder and kidnapping. In various cases, investigators must be able to

find and analyze evidence, locate suspects and identify victims. Training in proper investigative

procedures and access to tools and resources can help an investigator close a case successfully.

Despite common misconceptions, forensic investigation has been practiced, in one form or

another, for thousands of years. Before the discovery and impact of DNA in the early 1980s, the

advent of fingerprinting in the early 1800s and even before photographs were used in the late

1800s to capture images of killers on a victim's eyeballs, as was the case during the investigation

of the world's first documented serial killer, Jack the Ripper, criminal investigators were using

the science of forensics to solve crimes. In ancient times, the manner of death was naturally

assumed by where and how the victim had been found. For example, a man found in a body of

water would naturally have drowned, while a man found lying broken and bloodied along the

side of a road would have naturally fallen and possibly been dragged by a horse.The discovery

that fingerprints were unique to each individual and could provide identification of a particular

individual, urged the state of forensic crime investigation to the forefront in 1788 when Dr.

Nathaniel Grew published an illustrated anatomy book in which he claimed that "the

arrangement of skin ridges is never duplicated in two persons." Decades later, William Herschel,

a Briton working and living in British India, demanded that his contracts be "signed" with

fingerprints so that it would be "impossible to deny or forge. The impression of a man's finger on

paper cannot be denied by him" he stated. Naturally, he was scoffed at.Across the miles, another

Briton living in Japan had come to the same conclusion. Henry Faulds was curious whether or

2
not fingerprints remained the same despite efforts made to erase such fingerprints. He

experimented with volunteers, introducing pumice stone, sandpaper and even acids to determine

if fingerprints would appear different after new skin growth. They didn't.In a paper published in

the 1880 scientific journal called Nature, Faulds wrote that bloody fingerprints or impressions on

a variety of surfaces could be used for "the scientific identification of criminals." Today, this is

known as ‘Dactylography’. Unfortunately, both men tried, without success to get police forces

around the world interested in such discoveries. It wasn't until later discoveries by Sir Francis

Galton that police authorities around the world recognized that three major fingerprint

identification patterns could be broken down into eight different types:

 Plain Arch

 Tented Arch

 Simple Loop

 Central Pocket Loop

 Double Loop

 Lateral Pocket Loop

 Plain Whorl

 Accidental

In 1888, during the reign of England's most notorious serial killer, Jack the Ripper, the use of

crime scene photographs were extensively studied in an effort to detect clues and criminal

profiling of the vicious murderer. Scotland Yard is the first to have attempted criminal profiling

as a result of the Ripper's savage modus operandi.By the early 1900s, the field of forensic

investigation achieved major developments, due to the design and use of modern forensic

3
methods and discoveries such as Benzidine, a chemical compound used to develop a universal,

presumptive test for blood.By the beginning of the 19 th century, the study of hairs, fingerprints

and blood thrust the development of forensic investigation to new heights. Locard, the forensic

professor at the University Of Lyons, France, created the first crime laboratory for use by police

and other law enforcement personnel.Around the world, advancements in document

authentication, forgery and ballistic methods were expanded and developed. Chemical tests were

developed to further advance studies of biological fluids and blood types. By 1916, a Californian

was the first to use a vacuum to collect trace evidence and manufacturing data regarding various

weapons was catalogued. By 1930, an American Criminalist named Luke May had developed

tool mark striation analysis and observations and published in the American Journal of Police

Science an article discussing the importance of discerning identification and differences in

knives, tools and other instruments.Just prior to the Second World War, a German named Walter

Specht developed a chemical reagent called luminal, still used to this day as a presumptive test

for the presence of blood.The years following the war exploded with developments, including

techniques for lifting fingerprints using a tape-lifting method, voiceprint identification and

perhaps the most famous discovery in the history of forensic science, the discovery of the unique

structure of DNA by Watson and Crick in 1953.By the mid-1960s, forensic developments led to

the identification of firearm residues left on skin and clothing, Breathalyzer tests to determine

sobriety and determinations of post-mortem cooling had been perfected. By 1975, the U.S.

Supreme Court disseminated the Federal Rules of Evidence, which were enacted by a

congressional statute. These rules stated that scientific evidence must be deemed relevant and not

prejudicial for presentation in any criminal case. A mere two years later, the FBI began to use

computerized scans of fingerprint cards from thousands of individuals in their Automated

4
Fingerprint Identification System, more commonly known by law enforcement personnel today

as AFIS. Advancements in research of DNA profiling and blood analysis perfected methods such

as RFLP (restriction fragment length polymorphism) and PCR (polymerase chain reaction)

testing made it possible to identify victims as well as suspects in a process commonly known as

DNA Fingerprinting, the most famous of forensic discoveries of the 20th century.

1.2 STATEMENT OF PROBLEM

The problem to be addressed is the development of a centralized database for keeping records

of forensic investigationswhere information about a specific individual can be stored and

retrieved. These individuals would be of two categories namely; convicted and un-convicted.

1.3 AIMS AND OBJECTIVE OF STUDY

The aim of this project is to develop a centralized database for an effective forensic

investigation. The objective includes:

i. Understand the concepts of forensic investigation

ii. To evaluate the type of forensic investigation

iii. To develop a database that will be used to store results from forensic investigations

1.4 SIGNIFICANCE OF STUDY

The use of and need for computer forensics has grown as fast as the widespread use of

personal computers. Computer forensics began in the 1980s as a new tool to help both law

enforcement officials and civil litigators gather and present evidence. The use and variety of

both computer and other digital devices has grown exponentially, especially in the last

decade to the point where almost everyone has their own personal data device that they carry

with them at all times. While this growth has been a boon to telecom industry and to the

5
 lives of individuals, it has also created significant and, some think, massive challenges to

forensic investigators.

1.5 SCOPE OF STUDY

The scope of this project is limited to record keeping of forensic investigation. In other words

this study is also about the documentation of various ways in which forensic investigation is

being carried out and how the records of the investigations is been stored into the database.

1.6 METHOD OF STUDY

This project work would be performed and carried out through the following;

i. Checking past project related to this study

ii. Surfing the internet.

iii. The use of library, to consult relevant textbooks, reports and journals for data and

materials needed for the study.

1.7 METHODOLOGY

Computerizing a system requires an intensive understanding of such system. This project

learns the investigation and study of existing system or method of forensic investigation. The

method below will be employed in carrying out this project work;

i. Gathering relevant information and understanding how forensic investigation is been

carried out.

ii. Derive the required input parameter for querying the user interface.

iii. Developing a database to keep the record of convicted individuals and nonconvicted

individuals.

6
 iv. Development of centralized database for forensic investigation alongside with a web

interface for searching, updating and retrieving individuals with Microsoft SQL Server

Database and ASP.NET MVC C#.

1.8 ARRANGEMENT OF WORK

The arrangement of this project goes thus; Chapter one is the introduction to the study, Chapter

Two is Literature Review, Chapter Three is the Methodology of the study, Chapter Four is

Design and Implementation, while the last chapter is the Chapter Five is the conclusion and

recommendation.

7
 CHAPTER TWO

LITERATURE REVIEW

2.0 OVERVIEW OF DIGITAL FORENSIC

Computerdevicesandnetworkshaveincreasinglybecomepartofnormalhumanlifeandinevitab

lybecamepartofvirtuallyallhumanactivities.Humanactivitiesaremadefaster,saferandmoreexciting

bytechnology.Weusedevicestoshop,communicate,createintellectualproperty,plantrips,perfor

mbusinesstransactionsetc.Thecombinationofcomputerdevicesandnetworksenableuserstomake c

ontinuous useofthesedigitaldeviceslikepersonaldigitalassistants(PDAs),cellphones,smartphone

s,wirelessconnectiondevicesandotherdeviceswithconnectivitytotheInternet.Ascomputersbec

omesobroadlyinvolvedinhumanactivitiestheyareincreasinglyconnectedtoincidentsofcrime.There

fore,itshouldbenosurprisethatthedigitalevidencebroughtbeforecourtsareincreasingdramatically(

M.MeyersandM.Rogers,2012).

Numerousexpertsandauthorshaveattemptedtodefinedigitalforensicsbasedontheirknowl

edgeandexperience.Theresultisaspectrumofdefinitionsthatsharesomecommonelements,butdodif

ferfromoneanother.

(Vacca,2005)describeddigitalforensicsasthecollection,preservation,analysisandpresentationo

fdigital-

relatedevidence.Vaccausestheforensicprocesswithinhisdefinitionwhichusuallyincludesthesefour

processes. (Ray, 2008)

usedvarioussourcesofdigitalforensicdefinitionstofindcommondenominatorsfromwhichtobuildane

wdefinitionofdigitalforensics.Heconcludedthatdigitalforensicsistheneedforaforensicprocesstoma

ximizetheevidentiaryweightoftheresultingelectronicevidence.Raydescribesascientificdefinitionof

digitalforensicswhichfocusesonthefinalresultofthedigitalforensicprocess. (Pollit,

8
1995)providedadefinitionofdigitalforensicsalmosttwodecadesagowhichstatesthat“digitalforens

icsistheapplicationofscienceandengineeringtothelegalproblemofdigitalevidence.Itisasynthesisofs

cienceandlaw.Atoneextremeisthepurescienceofonesandzeros.Atthislevelthelawsofphysicsan

dmathematicsrule.Attheotherextremeisthecourtroom.”Pollit’sdefinitionpaintsaveryrealisticpic

tureofwhatdigitalforensicsis.Attheoneextremeisthephysicalbinarydatathatneedstobesearchedf

ordigitalevidence.Attheotherextremeisacourtroomthatneedstoconsiderthisdigitalevidence.T

hereisa

considerabledistancebetweenthephysicalbinarydata,andthecourtroomwherehumaninterpretat

ionandhumanemotionsareinvolved.Theevidenceneedstobefoundinthebinarydatainawaythatens

uresthattheintegrityoftheevidencewasnot

lost.Additionally,thedigitalevidencemustbepresentedinawaythatisunderstandableincourt.

2.2 REALWORLD INCIDENTS

Thissectionwilldescribevariousexamplesofrealworldincidentswheredigitalforensicswasreq

uired.

2.2.1BankHackerandtheSwiftExploit

OnJanuary25,2003thesystemadministratorofaregionalbankthoughtitwillenhancetherule

ofthebank’sCiscorouterbysettingthefirstruleoftheroutertoIPpermitANYANY[3].Thischangeremov

edallaccessrestrictionsfromtherouterthatwasusedasanInternetdemilitarizingzone(DMZ).Amont

hlaterthesystemadministratorrealizedthattheInternetconnectionbecameveryslow.Aninvestigati

onbythesystemadministratorrevealedthatlargeamountsofdatawerebeingtransferredtoandfromth

e File Transfer Protocol

(FTP)serveroftheDMZrouter.TheFTPserverpermittedanonymousFTPwithreadandwriteaccess.

9
Commonlythiskindofexposureisexploitedbysoftwarepiratesandmedialoverstostoremoviesandilleg

alsoftwareprograms.TheadministratorfoundmoviesontheserversuchasTombRaiderandStarWars.U

suallytheinvestigationforanadministratorwillendhere.Theaccesssettingsoftherouterwillbecorr

ectedandanonymousFTPaccesswillbestopped.However,becausethisexploitoccurredinabankingenv

ironmentwithverysensitivedata,afurtherinvestigationwasrequiredtodeterminewhetherthesensitivei

nformation wasaccessed.Furtherinvestigationrevealedthefollowingexploits.Thewebserverand

FTP server

wereconfiguredtohavethesamerootdirectory.Thismeansthatfilesanddirectoriesthatwereaccessible

viatheFTPserverwerealsoaccessibleviathewebserver.TheFTPserverdid

notallowfilestobeexecuted,butnowthefileswereexecutedbymakinguseofthewebserver.Now files

could be uploaded and executed on the server.The FTP log

wasinvestigatedandrevealedthatseveralActiveServerPages(ASPs)wereexecutedontheserver.At

thispointitwasclearthattheserverwascompletelycompromisedfromtheInternet.

2.2.2 Bind Torture Kill (BTK)KillerandtheInvestigationSuccess

ThedigitalforensicinvestigationthatledtothearrestoftheBTKserialkillerisprobablyoneofthe

mostfamouscasesthatwassolvedbymakinguseofasimpledigitalforensicinvestigation.TheBTKk

illerwasresponsibleforthedeathsoftenpeopleinWichita,Kansas,USA(Dennis

Rader,2007).SeveralyearslateraseriesofcommunicationwasreceivedfromtheBTKkillerandone

ofthecommunicationmethodsusedwasafloppydisk.Thepoliceauthoritiesfoundinformationinth

emetadataofadeletedMicrosoftWorddocumentonthefloppy.Themetadataincludedaname“Den

nis”aswellasalinktotheLutheranChurch.Whenthepolicesearched“DennisLutheranChurchWichit

a”ontheInternet,theywereabletoidentifyasuspect.UponfurtherDNAtestsDennisRaderwasposi

10
tivelyidentifiedastheserialkillerandRaderhimselfconsequentlyconfessedtothekillings.Raderw

assentencedtoaminimumof175yearsinprison.

Thisexampleillustrateswhatavitalpartdigitalforensicsisofinvestigationsbecauseofthefact

thatdigitaldeviceshavebecomesuchanimportantpartofpeople’severydaylife.People(includingcrimi

nals)usecomputers,networksandotherelectronicdevicestocommunicate,tostorevitaldataonandtopro

cessvariouseverydaytasks.Inthisexampledigitalforensicsdidnotprovidethesubstantialevidenceofw

hospecificallythesuspectis,butitprovidedthehintwhichledtheinvestigatorstothesuspect.It seems

thatinvestigatorsarestilljustafterthestory,butthecomputercanbeawitnessnow(Dennis Rader,2007).

2.2.3 OperationOplanBojinkaandtheConcern

DuringFebruary1993aminibusfilledwith500kgofexplosiveswasdrivenintotheparking

areabeneaththeWorldTradeCentreTowersinNewYork(Mohay,

2005).Theexplosionclaimedthelivesofsixpeople,injuredaroundathousandpeopleandwasestim

atedtohavecauseddamageworth$300million.AnumberofsuspectsweresoughtafterbytheU.S.inv

estigators.AmongstthelistofsuspectsthenamesofRamziAhmedYousefandAbdulHakimMuradap

peared.TwoyearslaterafirebrokeoutinasuspectedterroristsafehouseinManilainthePhilippines.Inth

esafehouseitisbelievedthatthetwosuspects(YousefandMurad)preparedexplosivedevices.Youse

ffledthePhilippinesandMuradreturnedtotheapartmenttoremoveevidenceoftheiractivities.Thepol

icearrivedattheapartmentandarrestedMurad.Thepolicesearchedtheapartmentandrecoveredevidenc

ethatrangedfromexplosivedevicestoalaptopcomputer.Aforensicinvestigationofthelaptopbothamaz

edandapprehendedtheinvestigators.ThelaptopbelongedtoYousef,andcontainedinformationofbo

thpastandfutureterroristactivities.Thisinformationincludedairlineflightschedules,detailedplanspe

rtainingtoapastattackonaPhilippinesairlineanddetailsofprojectOplanBojinka.Thedetailsofproj

ectOplanBojinkawasparticularlydisturbing.Theprojectinvolvedthekidnappingofcommercialairlin

11
ersflyingtotheUSAandusingtheairlinerstoattackkeytargets.ThementionedtargetsincludedtheFBI

headquartersandCIAheadquarters.Thesuccessoftheinvestigationwastherecoveryofinformationp

ertainingterroristattacks,butoutofadigitalforensicinvestigationperspectiveaconcernwasraised.T

hemajorityofinformationonthelaptopwasencryptedandcouldnotbeinvestigated.Theconcernwasrais

edthatlawenforcementneededtokeepupwithtechnologyandthatthewidespreaduseofrobustencr

yption ultimately will devastate the ability to fight crime

andterrorism.Digitalforensicsshouldenhanceastechnologyenhances.

2.3 THEDIGITALFORENSICPHASES

Inordertocompleteaforensicinvestigationthatwasrequiredinthethreeexamplesdiscussedinthe

previoussection,theforensicinvestigatorswererequiredtoworkthroughseveralphases.Traditionaldi

gitalforensicscanbedividedintofourphases,namelythecollection,preservation,analysisandpresent

ationphases.Thesephasesareusedbynormalforensicsaswellasdigitalforensics.Thesefourdigitalforen

sicphasesfulfiltheneedsofreactivedigitalforensicswhereanincidenthasalreadyoccurredandthes

ceneoftheincidentneedstobesearchedforevidenceInthissectionamorecompleteprocessisdiscuss

ed,asdescribedby

(Cohen,2010)whoconsiderstheidentification,collection,storage,analysis,reconstruction,present

ationanddestructionofdigitalforensicevidence.However, ThemodelproposedbyCohen will be

consideredduetoitspotentialrelevancetothefieldofdatabases.

2.3.1 Identification

Digitaldevicesneedtobesearchedtoidentifyrelevantevidence.Itiscommonthatanenormousamo

untofpotentialevidenceisidentifiedandthatalargeamountofevidenceisnever

12
discovered.Toillustratethatitisdifficulttoidentifyallevidence,considerasituationwhereanetworkdev

icehasdonesomemaliciousactivitythatneedstobeinvestigated(Cohen,2010).Theevidencecanexis

tonaremotedeviceofwhichwedonothaveknowledgeandwhichislocatedontheothersideofearth.Toi

dentifythisevidencemighttakealongtimeandbythetimetheevidenceisdiscovered,itcaneitherbedes

troyedortheevidencemaynotberelevantanymore.

Ontheotherextremeahugeamountofevidencemaybeidentifiedwhenwetakeintoconsideration,f

orexample,thatasingleexecutedtaskonadigitaldevicecantriggertheprocessorsandmemoryofthatdi

gitaldevicetointeractwithfilesorwiththefilesystem,andproducelogsandaudittrails.Theidentificatio

nprocessmayalsoentailreducingtheamountofdatatobeinvestigated(Casey, 2004).

2.3.2Collection

Thecollectionphase,alsofrequentlycalledtheacquisitionphase,isthephasewhendigitalmedia

arecollectedtobeexamined(Cohen,

2010).Thedigitalmediaincludephysicalharddrives,opticalmedia,storagecardsofdigitalcameras

,mobilephones,chipsfromembeddeddevices,documentfiles(Mckemmish, 2008)etc.The manner

in which the evidence is collected

isimportant,becausethecollectedevidenceshouldpreserveitsintegritytobeconsideredforuseincourt.

Thechainofcustodyshouldbepreservedinordertokeepapapertrailoftheconditionsunderwhichtheevid

encewascollectedandpreserved.Evidencethatiscollectedisdrivenbywhatisidentified.Thechunkso

fdataorlogsthathavebeenidentifiedduringtheidentificationphaseareusedtocollecttheactualevidence

thatcouldbeusedincourt.Thisisnotaneasytaskandweneedtoconsiderthatmanysystemstodayca

nnotaffordtopausetheirusualfunctionsinordertomaketimeforaforensicinvestigation.Consider

thesituationwherean Internet

serviceprovider(ISP)needstopauseoneofitsconnectioncriticalserversforaninvestigationorw

13
hereanInternetonlinestoreneedstomakeoneofitspurchasecriticalserversavailableforaninvesti

gation.Thiscancostthecompanythatassistsintheinvestigationagreatsumofmoney.Therefore,the

methodofevidencecollectionneedstobethoughtthrough.

Themethodsthatareusedtocollectevidencehavebeenthecenterofdebateinthedigitalforensicsc

ommunityforyearsandwillprobablyremainapointofdiscussionforyearstocome.Tocomplicatethemat

terfurther,thecollectionmethodologymightalsobeinfluencedbytheclientoranemployer(Wiles &

Reyes).However,thedebate about

collectionmethodologymainlycontendsbetweenliveevidencecollectionsopposedtostaticevidencec

ollection.Imagineaforensicsinvestigationdoneatatheftcrimescene(maybeaninvestigationcorr

ectlyorincorrectlydoneatacrimesceneinmanyatelevisionseriesormovie)whereevidenceiscollected.

Theinvestigatorsarriveonthecrimesceneafterthecrimeeventhasoccurred.Theinvestigatorswillsear

chtheareatoidentifyevidence.Onceevidenceisidentifiedithastobecollected.Canweconsiderthisc

ollectionasliveforensicsorpost-mortemforensics?

Ifahairsampleisextractedfromthecrimescenetobeexaminedinalaboratory,thehairsampleiscollecte

dinawaythatdoesnotcompromisethesampleinanyway.Thisisatypicalpost-

mortemforensicsexample.Justlikethehairsampleisextractedfromthecrimescene,wemayextracta

digitaldevicefromthecrimesceneforapost-

mortemforensicinvestigation.Thebigdifferenceliesinthefactthatourmethodofcollectionmightinf

luencetheevidence.Ahairsampleforinstancecannotbeinfluencedwhenpickedupwithtweezersands

toredcorrectly,butwhenadigitaldeviceisshutdown(pulledtheplug)whenitiscollecteditmightinfluenc

etheevidence.Thisisthebigdebateconcerningliveversuspost-mortemforensics.

Digitaldevicesfrequentlykeepdataintheirvolatilememorywhichrequiresanelectronicsourceatalltim

estomaintainthestateofthememory.Ifthedevicelosestheelectronicpowersourcethememoryislost.

14
Thistypeoftechnologyisusedbecauseitismuchfasterthannon-

volatilememories.Therefore,evidencemightbelostwhenthedigitaldeviceispluggedout[107].Anot

herfactisthatinsomesituationsitmightjustbebettertoconductaliveforensicanalysis.Despitethisfact,t

hepost-

mortemwayofconductingaforensicanalysishasbeenacceptedasthebestpracticemethodology,mainl

ybecausealiveforensicanalysismightinfluencetheevidenceevenmorethanpullingtheplugdoes[133].

Theharddrive,filetimestamps,registrykeys,swapfiles,memoryandthecompletemd5hashoftheeviden

cearesomeofthepiecesofevidencethatmightbeinfluencedbyaliveforensicanalysis(Cohen,

2010).Thisposesagreatcaseforpost-mortemdigitalforensics.

Therearesituationswherepost-

mortemdigitalforensicsbecomesverydifficultoralmostimpossibleandlivedigitalforensicanalysisis

theonlyoptionoramuchmoreeffectiveoption(Casey,

2010).Manyorganizationsdonothaveonelocationwherealltheirserversareheld.Theserversmightbelo

catedacrossacity,countryorcontinent.Thismakesitadaunting(orfinanciallyimpractical)taskforafor

ensicinvestigatortocollectalltheevidenceonlocation.Noteventomentionthattheorganizationrelies

onsomeoftheseserverstomakemoneyandthatremovingtheseservers(forevenjustawhile)willcosttheo

rganizationalotofmoney.

2.3.3Transportation
Digitalevidencesometimesneedstobetransportedfromthecrimescenetobekeptina

securelocation(Vacca,

2005).Thetransportmethodsrangefromphysicallyremovingthedigitaldevicefromthecrimescene

andtransportingitbyvehicletothesecurelocationtocopyingtheevidenceoveranetworktothesecurelo
15
cationbyensuringthatthedigitalevidencepreservesitsintegrity(Cohen,

2010).Copiesoftheevidenceareusuallykeptinasecurelocationinorderfortheevidencetobereferenc

edanytimeduringlegalproceedings.Evidenceisincreasinglybeingtransportedelectronicallyfromp

lacetoplaceandthesmallesterrorcancausetheevidencetoarriveincorrectlyatthesecurelocation.Achai

nofcustodymustbekepttoreportonhowtheevidencehasbeentransportedandwitnessesmustbeabl

etotestifyhowtheintegrityoftheevidencehasbeenpreservedduringtransportation.

2.3.4Storage

Thedigitalevidencemustbestoredintherightconditions(Casey,

2010).Dependingonthemediatheseconditionscanbethecorrecttemperaturerange,correcthumidi

tyrange,correctpowersupplyetc.Thedigitalevidenceisrequiredtobestoredandmaintainedforth

eremainderofthetrailuntothetimethattheevidenceisnolongerrequired.Manydifferentsortsofthingsc

angowrongduringstorage,suchasevidencedecayingovertime,beingphysicallyharmed,conditionc

hangesthatinfluencethestoredevidencelikefires,floods,etc.

2.3.5Analysis

Theanalystresponsibleforinterpretingtheevidenceshouldconsiderallpossibleexpl
anationstodeterminewhatactuallyhasoccurredandhowcertainheisofhisassumptions(
Casey,
2010).Itisacommonoccurrencethatsupposedexpertsdrawconclusionswhicharen
otjustified.Ananalystwilltypicallystrivetoreportincourtthataccordingtoevidenceavail
able,itappearsXdidYproducingZ,whereXisapersonoraprogramandYistheactionwhic
hproducedtheevidenceZ.Italsohelpsifallalternativeexplanationsthatcouldhaveprodu
cedZareexploredandprovedinconsistent.Inordertoprovethatalternativeexplanatio
nsareinconsistent,seeminglyuselessevidencemightprovetobeveryuseful.Forexam
ple,aseeminglyirrelevantlogfilemayprovethatthedigitaldevicewasnotshutdownandth
atmightdisproveapossiblealternativeexplanation.

16
 Powerfulandsophisticatedtoolshavebeendevelopedtoanalyzedigitalandstora
gedevices,andtoextractpotentialevidencefromthesedigitalmedia.Somedigitalforen
sicsuites(EnCase,iLook,FTKetc.)havebeendevelopedtorevolutionizethewayinwh
ichevidenceisanalyzedondigitalmedia.
Withgraphicaluserinterfacesthetaskofanalyzingdigitalmediaismadesimplerbyena
blingtheanalysttoextractpotentialevidencewithasoftwaresingletool.Examplesofpote
ntialevidencethatcanbeextractedbythesetoolsincluderecoveringdeletedfiles,searchi
ngfilesandslackspace,extractingandprocessingemail,parsinglogfiles,analyzingthe
Windowsregistry,performingmetadataandtiminganalyses,andcreatingreports(Kornb
rust,2011).

2.3.6Reconstruction

Crimereconstructionistheprocessofgainingacomprehensiveunderstandingbymakinguseofa

vailableevidence.Forensicexaminersperformareconstructiontodeterminehowaparticularsystem,d

eviceorapplicationworksinordertobetterunderstandapieceofdigitalevidenceorhowthecrimeco

uldhaveoccurred(Casey,

2010).Theexaminermighthavetocreateanexactreplicaofthesysteminordertoperformareconstructio

n.Reconstructionisoftenusedbyforensicexaminerswhenthecrimehasoccurredalongtimeagoandtheo

nlydigitalevidencemightnotbeavailableanymore.Itisimportanttoconsiderifthehardwareorsoftwarei

sexactlythesamemodelorversionwhenconductingthereconstruction.Ifthe

hardwareorsoftwareofthereconstructionisnotthesameastheoriginalhardwareorsoftware,itshou

ldbeprovedthattheoriginalhardwareofsoftwarewouldhavedeliveredthesameresultasthereconstructe

dhardwareorsoftware.

2.3.7Presentation

Jurorsorjudgesoftenhavelittleknowledgeabouttheparticulartechnologyrelatedtothecourtca

seandthisposesachallengetothepresenterofevidencetomakehisfindingscomprehensible to the

17
court.The digital evidence presentation phase includes

thesummarizationoftheconclusiondrawnduringtheanalysisphaseaswellasanexplanationofthecollec

tionandexaminationtechniquesused(Cohen,

2010).Evidenceisusuallypresentedintheformofexportreports,depositionsortestimonies.

2.3.8Destruction

Courtsoftenorderevidenceandrelatedmaterialtobedestroyedorreturnedafteritisnotneededfo

rthepurposesofthecourtanymore.Thisappliestotradesecrets,confidentialpatents,client-

relatedinformation,copyrightedworksandinformationthatorganizationsusuallygetridofbutwaspre

servedforlegalpurposes.

2.4 DIGITALFORENSICTOOLS

Thissectionwilldiscussdigitalforensictoolsbecausetheyareoftenrequiredtoassistaforensi

cinvestigatorthroughthephasesofdigitalforensicsdiscussed in theprevioussection.Digital

evidence isoftenlatentinnature,meaningthatitis

present,butnotapparent.Therefore,digitalforensictoolsareregularlyrequiredtoassistaninvestigatori

ngatheringevidence.Thelegalsystemmainlyallowsforensictoolsthathavebeenproperlyappliedbyex

pertswhoknowhowtousethetoolsproperly(Cohen,

2010).Whenmakinguseofdigitalforensictools,theinvestigatorneedstounderstandwhatfunctionis

carriedoutbytheforensictool.Hethusexaminestheresultofthetoolforanomaliesbeforedeclaringthere

sultsofthetooltobepreciseandaccurate.Ifinconsistentresultsaredeliveredbytheexpertwhohasma

deuseofaforensictoolandtheexpert’sconclusionsareproventobeincorrect,theexpertmightbeexclud

edfromtheremainderofthelegalprocessandthereputationoftheforensictoolcouldbeharmed.

EnCaseisaforensictoolthathasbuiltupagoodreputation.EnCasefirstappearedonthemarketin1998atat

18
imewhenmostexaminersmadeuseoftheDOScommandprompttoconductmostoftheirforensicinvesti

gations.Manyneverimaginedthatthesoftwaretoolwillbecometheleadingdigitalforensictoolin2000(

Casey, 2010).EnCasewasuniqueinthesensethatitmountedabit-

streamofforensicimagesasvirtualread-

onlydevices.EnCasethenreconstructedthefilesystembyreadingdatafromtheforensicimages,thusens

uringnottoalterdataonthesuspectmachine.EnCasecausedmanyexpertstoconvertfromcommand-

lineevidencesearchingtoaforensictoolwithaGUI.

Manyforensictoolsexisttoday,bothGUIandcommandlinebased.Alistisprovidedby(Casey, 2010)

ofmorethan300forensictoolsavailabletoday.Thetoolsaredividedintothesectionsthatincludethefollo

wing:

 Slackspaceanddatarecoverytoolsassistintherecoveryofdeletedfilesordata,andtherecover

yoffilefragmentslocatedinslackspaceonafilesystemsupportedbyWindows.OntrackandDri

veSpyarebothexamplesofslackspacerecoverytools.

 DatarecoverytoolsmayrecoverfilesfrommanysourcesincludingPDA,mobiledevices,cam

erasanddiskdrives.DeviceSeizureaidsinforensicallyrecoveringmessages,photos,calllo

gs

andotherdatafromcellphones,smartphonesandPDAs.FurtherdatarecoverytoolsincludeD

irectorySnoopandForensicSorter.

 Fileintegritycheckershelpinvestigatorsprovethatacopiedfilecanbeconsideredtonotbealtered

.Thesetoolsmakequickanalysisofsystemstoensurethatthestateofthesystemisthesame.

 Diskimagingtoolscreatebit-mapimagesofstoragedevicesorothermedia.SnapBack,

DatArrest obtains images of different operating systems and

makesbackupsofdataonaharddisk.

19
  PartitionmanagerslikePartImagecanstorepartitionstoanimagefileandwritetheimageofthepar

titionontoanothersourcetobecollectedaspotentialevidence.

 SeveralLinuxorUNIXtoolscanbeusedtoassistinforensicinvestigations.Ltoolsmakeuseofse

veralcommandlinetoolswhichcouldbeexecutedonWindowssystemstobeusedinasimil

arfashionthannormalLinuxtools.SimilartoolsincludeMtoolsandTctutils.

 Passwordrecoverytoolsaretoolsthatexecuteahugelistofregularlyusedpasswordsanddiction

arywords.Sometimestheplaintextneedstobehashedtorecover a password.Most

password recovery tools (like @Stake,

DecryptionCollectionEnterprise,AIMPasswordDecoder)areusedforpasswordauditing

purposes.

 MultipurposetoolslikeMareswaremaycoveralargerangeoffeaturestoassistinforensicinvestig

ations.Thelistoffunctionalitiesisexhaustiveandcanbefoundin[19].

 Toolkitsofferacompilationofforensictoolsinonesoftwareprogram.Examplesoftoolkitsinclu

deNTITools,StealthSuite,DataEliminationSuite,TextSearchSuite,SafeBack,R-

Studio,EnCase,ForensicToolkit(FTK)etc.

2.5 DATABASE FORNSICS

Database Forensics (DBF) is a field of digital forensic investigation that addresses database contents and

their metadata (Olivier M.S., 2009). It is considered a significant field by which to identify, detect,

acquire, analyze, and reconstruct database incidents and reveal intruders’ activities. DBF has suffered

from several issues, which has resulted in it becoming a heterogeneous, confusing and unstructured

20
domain. Examples of these issues include a variety of database system infrastructures; the

multidimensional nature of database systems; and domain knowledge effectively being scattered in all

directions (Khanuja H.K and Adane D., 2012). A variety of database system infrastructures with

multidimensional natures has enabled the DBF domain to address specific incidents. Therefore, each

database management system (DBMS) has a specific forensic investigation model or approach.

Consequently, the issues of different concepts and terminologies in terms of the forensic

investigation process and the scattering of domain knowledge in all directions have produced other

challenges for DBF investigators and practitioners. This knowledge (such as models, processes,

techniques, tools, frameworks, methods, activities, approaches, and algorithms) is neither organized nor

structured. Furthermore, it is universally dispersed, such as in the Internet, books, journals, conferences,

online databases, book chapters, dissertations, reports, and organizations. Consequently, there is a lack of

generic/standardized models by which to unify concepts and terminologies that may be used to reduce

confusion and assist in organizing and structuring domain knowledge. This study discusses the DBF

domain from several perspectives to highlight, extract, compare, merge and derive common concepts of

the domain as well as to harmonize and reconcile concepts and definitions, such as i) the Database

Dimensions perspective; ii) Database Forensic Technology perspective; and iii) Database Forensic

Investigation process perspective.

2.6EXISTINGDIGITALFORENSICFIELDS

Althoughthefieldofdatabaseforensicshasnotreceivedalotofattentionoverrecentyears,othersub

sectionsofdigitalforensicshaveenjoyedmoreattention.Someexistingfieldsofdigitalforensicspote

ntiallyhavecommoncharacteristicstodatabasesanddatabaseforensicsmightbesolvedinasimilarway.

21
Therefore,thissectionwillfocusonfilesystemforensics,networkforensics,mobiledeviceforensics,a

ndInternetandemailforensics.

2.6.1FileSystemForensics

Thisstudywillultimatelydealwithdatabaseforensicswhichiscloselyrelatedtofilesystem

forensics(Olivier,

2009).Filesystemsrelyheavilyonmetadatatoorganizethedatastoredinmemory,justlikedatabasemana

gementsystemsdo.Therearethreecomponentstoproperfilesystemforensicanalysis:

 Tounderstandthefilesystem;

 Tounderstandtheartefactswithintheoperatingsystemandhowtofindthemandinterpretthem,

 Tomakeuseofproperforensicsoftware(Olivier, 2009).

2.6.2NetworkForensics

Hardlyadaygoesbywithoutnewsofamajornetworkintrusionofamajorcompanyorgovern

ment(Sammons,

2011).Thenetworkintrusionindustryhasgrownextensivelyinrecenttimesandhasalsobecomeacri

ticalmatterofnationalsecurity.Successstoriesofnetworkforensicsinclude:

 DeterminingwhereastolenlaptopwaslasttracedbyinterconnectedWAN(orHotspot)devi

cesinahospital(Sammons, 2011);

 tracingacorporateuserwhopiratesfilmsbytracingtheIPaddressfromswitches

ofothernetworkingdevices;and

 DeterminingtheextentofabruteforceattackonahackedgovernmentserverbyanalysingSS

Hlogs.

22
2.6.3 MobileDeviceForensics

Manypeoplequestionhowtheyhaveevermanagedwithoutacellphone,butitislessthantwodeca

desagothatthecellphonehasbecomeavailable.MostpeoplehaveacellphoneorPDAofsomesorttoday.

CellphonesandPDAshaveevolvedintosmartphonesand tabletPCs.Similarly

todatabases,thesemobiledeviceshavebecomesuchaninterconnectedpartofpeople’slivesthatmanyc

rimes(digitalandnon-

digital)cannotbefullyinvestigatedwithoutinvestigatingmobiledeviceslinkedtothecrime.Thesemo

biledevicesmayholdcommunicationinformation,locationinformationandcouldevenbeattacked

toretrievepersonalinformation.AmobiledeviceorPDAnowhasroughlythesamecomputingpower

ofacomputermanufacturedwithinthelastfiveyears(Davidoff, 2012)

Mobileforensicsholdsvariousnewchallengesinaforensiccontextwhichinclude:

 Frequentchangeofoperatingsystems,interfacemethods,hardwarestandardsandStoragetech

nologies;

 Variousdifferentmobiledeviceplatforms;and

 Wirelesstechnologieswhichareusedtocommunicate.

2.6.4 InternetandEmailForensics

TheInternetisatypeofnetworkandcouldthereforebecategorizedasnetworkforensics.However,theInte

rnetandemailtechnologieshaveestablishedtheirownresearchfieldduetothehighuservolumesofthese

technologies.TheInternetandemailtechnologieshave

becometargetsforvariousattacksonenduserswhomakeuseofthesetechnologies.Theseattacksinclude

spamming,phishing,viruses,worms,andtheconvergenceofvirusesandspam.

23
 CHAPTER THREE

METHODOLOGY

3.1 Project Analysis

In this chapter, more emphasis is laid on how the aim of the project was achieved. This

project is aimed at developing a centralized database management system for effective forensic

investigation. This project work will also include a user friendly web interface for interaction

between the users and the system. The methodologies used in achieving the aim of the project

are listed as follow:

1. Identification of concepts within the digital forensic domain.

2. Identifying the relationship between the concepts.

3. Designing the forensic database schema.

4. Developing a database for effective forensic investigation with a user-friendly web

interface.

The above tasks required the analysis of the basic information needed about how forensic

investigation record is been kept before the project work is carried out. The analysis began

with consideration of the intended outcome of the project as stated in the aim and objectives

in Chapter one and as listed above. Some of the objectives were achieved via database object

modelling and designs, while some in designing interactive web interface to interact with the

designed database to give result to the user’s request. Developing n developing a centralized

database management system for effective forensic investigation that will model categories

of crime scene and how the investigation was carried out. The database is designed based on

24
 the classification of crime, how the convict was arrested, who arrested the convict, when the

incident happened and who was in charge of the investigation.

3.2 Components Architecture

The following components provided different aspect of functionality to which the

database supplies forensic investigation information;

 The web application which provides a user interface for accessing this information

 Microsoft Visual Studio is an integrated development (IDE) from Microsoft. It is used to

develop computer programs for Microsoft windows as well as websites, web application

and web services.

 ASP.NET MVC gives you a powerful, patterns-based way to build dynamic websites

that enables a clean separation of concerns and that gives you full control over markup

for enjoyable, agile development. ASP.NET MVC includes many features that enable

fast, TDD-friendly development for creating sophisticated applications that use the latest

web standards.

How the above mentioned components interact is demonstrated in figure 3.1 and figure

3.2.

25
Figure 3.1: A high level diagram demonstrating the level of interaction among the software

component

26
Figure 3.2: Architecture analysis and design of Forensic Investigation System.

27
3.3 Acquisition of relevant information

The information of forensic investigation used in the project work was acquired basically

by two methods: The first step is Visitation of CIA and FBI Website where some of the

information used in the system was gotten from. The website contain list of some convict and ex-

convict and some information about them which includes, their names, address, and crime

committed, etc.

3.4 Development Method

This development method explains the methods/steps used in the design of the Forensic

database.

3.4.1 Database Design

3.4.1.1 IntroductiontoPhysicalDatabaseDesign

Asdatagrowdramaticallyduetotheexpansionandubiquitoususeofnetworkedcomputersinho

mes,businessesandtheindustrialworld,gooddatabasedesignbecomesmorevital.Thedifferencebet

weenbaddatabasedesignandgooddatabasedesigncanbeupto50timeswhenrunningqueries.Theneedf

ordatabasedesignstemsfromlargevolumesofdata.Bestpracticedesign,liketheuseofindexes,willhave

novisibleeffectonatablewith20rows,butasthevolumeinthedatabaserises,thedatabasedesignbecomes

criticalinorderforthedatabasetodeliverresultsintime.The database life

cycleincorporatesthebasicstepsinvolvedindesigningaglobalschemaofthelogicaldatabase.

Thedatabaselifecycleconsistsofthefollowingphases(van der Lans, 2007)

28
  Requirementanalysis.Thisphasenecessitatesthedesignertoproducearequirementspecificati

onwithalistofdatabaserequirementsconsistingofdatarequiredforprocessing,datarelation

ships,andthesoftwareplatformfordatabaseimplementation.

 Logicaldesign.Aconceptualdatamodeldiagramthatshowsallthedataandtheirrelationship(cal

ledaglobalschema)isdevelopedwithtechniquessuchasERorUML.Thisdesignisultimatelyt

ransformedintonormalizedtables.

 Physicaldesign.Thisphaseinvolvestheselectionofindexes,partitioning,andclusteringof

data.De-

normalizationisalsodoneinthisphasetomakefrequentlyrequiredqueriesmoreefficient.

3.4.1.2 Stages involves in the design of the Database

Adatabasemanagementsystem(DBMS)isusedtoorganizethedataandenablesameansforauseroftheD

BMStoretrieveandaccessdataofthedatabase.Databasemanagementsystemsenableuserstoaccessand

storedatawithoutworryingabouttheinternalrepresentationofdatabases.The process involved is

subdivided into stages which are enumerated below:

Stage 1: Determination of the Objects Involved

In this case, the objects includes entity requirement for developing an effective forensic

investigation database which is as follows;

 Citizen

 Country

 Blood Group

 Genotype

29
  Hair Color

 Crime

 Status

 Gender

 Skin Color

Stage 2: Designing the Database Schema

This involves the use of the above listed object to design the database schema which

emphasizes on the table in which Citizens records are kept and each crime committed by each

citizen and how the citizen was captured.

Stage 3: Enumerate important tables of the database

On creating tables and properties related, a general list of all terms needed and relevant to

the domain and scope was produced to help initiate the process which includes; Citizen, Crime,

Genotype etc.

Figure 3.3: The Database Tables.

30
Stage 4: Definition of table properties

Using Microsoft SQL Server management studio, properties are meant to establish

relationship between tables and every component of the database. Figure 3.4 and 3.5 shows the

properties.

Figure 3.4: representation of table properties.

31
3.5 DATABSE SECURITY

Databasesecurityisconsideredtobeoneofthemostvitalinformationsecurityissuestobemanage
dbecauseourmostsensitivedataarestoredondatabases[64].Abreachofsecurityindatabasescanbedev
astatingforboththeindividualandthewidersociety.TherecentincreaseinWeb-
basedapplicationsandinformationsystemshasfurtheraugmentedtheriskofadatabaseexposureinsu
chawaythatdataprotectionismoreimportantthanever(Gollmann,
2002).ThissectionwilldiscussvariouskeydatabasesecuritycomponentsusedinDBMSs,suchasaccess
control,dataencryptionandstatisticaldatabasesecurity.

3.5.1 AccessControl
Akeycomponenttoensuredataprotectionindatabasesistheaccesscontrolmechanism.Thismec
hanismisusedtocheckwhetherasubjecthastheauthorisationtoperformactionsonthedata[66].Thetypic
aldatabaseaccesscontrolmechanismismorecomplexthantheaccesscontrolmechanismsofWindows
[67].Forexample,Oracle10ghas173systemprivilegesofwhichsixcanbeusedtotakecompletecontro
lofthedatabasesystem.Twodatabaseaccesscontrolmodelsarediscussedhere.Theyincludethediscre
tionaryaccesscontrolmodelandthemandatoryaccesscontrolmodel.

3.5.2 DataEncryption
Anothermethodofminimizingthreatsagainstthedatabaseisbydataencryption.Dataencry
ptionmayoccuratdifferentlevels,suchasdataencryptionwithintables,dataencryptionatrest(dataencry
ptedinstoredfilesintheoperatingsystem)anddataencryptiononthewire(dataencryptedwhencommuni
catingoveranetwork)[70].

Asageneralrulewecanassumethatthestrongerthedataencryptiontechniqueandthemoredatathatar
eencrypted,themoreCPUpowerwillberequiredtoencryptanddecryptthedataofthedatabase.Adatabas
eadministratorcaneitherdecidetoencryptdataorhashdata.Commonencryptionfunctionsusedindatab
asesinclude(fromweakesttostrongest)DES,TRIPLE_DES,RC4,DESXandAES256.ModernDB
MSslikeSQLServerandOracle11gmakeuseoftransparentdataencryption(TDE)wherethewhol
eDBMSissecuredbyaprotecteddatabaseencryptionkey(DEK).TDEperformsallcryptographicfu
nctionsattheI/O-
levelwithinthedatabaseandrelievesdevelopersofcreatingcustomcodestoencryptordecryptdatabas
edata(BouganimandGuo, 2011).

32
3.5.3 StatisticalDatabaseSecurity
Lastly,statisticaldatabasessecuredataaboutindividualsbyonlyallowingaccesstoaggregationfunctio
nsinqueriesandhenceonlydeliverstatisticalresultsasoutput.OnlyaggregationfunctionslikeSUM
,AVG,COUNT,MAXandMINcanbeusedtoselectdatainaquery.

3.6 ARCHITECTURAL DESIGN FOR THE SYSTEM

This section explains how the central database will be operated both by the administrator and the
cop/Detective.

3.6.1 USE CASE DIAGRAM

Figure 3.4:The System Use Case

33
 CHAPTER FOUR

SYSTEM DESIGN AND IMPLEMENTATION

This chapter explains the implementation issues as regards the methodology details in

chapter three and serves as the guide for the usage of the application to any clients or users of the

project.

4.1 SYSTEM ANALYSIS

This is where the analysis of the project is been explained.

Requirement Definition

1. Introduction

This program was built with the following tools;

 Microsoft visual studio 2013 as the integrated development environment (IDE).

 C# (csharp) programming language as the backend language for the web application.

 Microsoft SQL Server 2012 for the database implementation.

 CsharpHtml (.cshtml) as the frontend language of the web application.

 The Model View Controller (MVC) architecture was used in structuring the web files.

The user interface is a web application developed using the ASP.NET MVC C#, whereby

clients administrator can insert, update and delete criminal records and cops can search criminal

records based on country, Bvn No. and State.

2. Computer and operating system characteristics

34
 This application is designed with Microsoft visual studio 2013 which is an object oriented

programming language. Since it is a web-based application it can run on any operating system

but can only be hosted on servers compatible with visual studio with minimum requirement of

Pentium II class processor of 450 MHz and 32MB physical memory. There should be minimum

free space of not less than 60MB on the hard disk, a super VGA or any other supported

resolution monitor, a keyboard and a mouse.

3. Software Function

This project provides the following function:

 It enable administrators to input criminal details into the platform database.

 It enables administrators and cops to search criminal records.

 In enables administrator to login before performing any task on the website.

 It enables the cops to login before performing any task on the website.

4. Accuracy Constraint

The input parameter varies in data type. The data type used are nvarchars for names, address,

username and so on, integers are used for IDs.

5. Timing constraints

The input data are processed in few seconds and the output is generated immediately unless

there is an error which can occur if wrong data is entered or a compulsory input is omitted.

35
6. Response to undesired Events

I. If wrong username and password are supplied, access is denied.

II. If the required fields are not filled, processing will not be successful.

7. Basic function

The project basically enable to save and keep track of criminal record based on the country, the

state and the Bank Verification Number that was inserted into the database.

8. Function Assumption

The Administrator and cops should have access to internet connection and should be computer

literate enough to browse the website

9. Changes

Every form of changes can be made to the source code of this project work but not on the web

browser page

10. How to Use

To use this service, the following steps are to be followed

 Power on to boot-up the system

 Make sure there is workable IIS (internet Information Service) Server, SQL server, visual

studio ASP.NET on the system else install one.

For this project, the website is built in the IIS default website from the beginning; this gives you

easy access to it.

36
4.2 WORKFLOW OF THE WEBSITE

Homepage

Figure 4.1: Homepage

37
 The homepage is the default page that load for any user (either the administrator or the

cops) that access the website. The admin and the cops will have to login to have access to any

information on the website.

Login page

Figure 4.2: Login page

38
 This page is a page where the administrator or cops is able to login using an already

created username and password, logging in as a registered user is compulsory to be able access

the information on the website.

Registration page

Figure 4.3: User Registration Page

39
 This page is where the administrator can register any user and assign the specific user to a

role, as cops in the platform is a role. The administrator is also a role but the admin role is the

super role which assigns user to roles. This page is shown in figure 4.3.

Role manager page

Figure 4.4: The Role Manager Page

40
 This page is where the administrator assigns a registered user to a specific role and this

user can be assigned to either a cops or an admin role.

Suspect search page

41
Figure 4.5: Suspect search page

This page shows where the administrator and cops can search for suspect record and view

details of each record, this record can be searched based on country, bank verification number,

and state of origin. This page is shown in figure 4.5.

Crime search page

42
Figure 4.6: Crime Search page

This page shows where the administrator and cops can search for crime records and view

details of each record, this record can be searched based on country, crime, and name of

investigator. This page is shown in figure 4.6

.Crime search result page

43
Figure 4.7: Crime search result page

This page shows where the administrator and cops can view details of each record, this

record can be searched based on country, crime, and name of investigator.

Suspect search result page

44
Figure 4.8: Suspect search result page

This page shows where the administrator and cops can view details of each record, this

record can be searched based on country, bank verification number, and state of origin.

45
 CHAPTER FIVE

CONCLUSION AND RECOMMENDATIONS

5.1 CONCLUSION

This study makes it possible for investigators to conduct forensic investigation on a

compromised database management system. The DBMS can now be seen in a new light because

the DBMS is just a compilation of code and metadata. This study also helps the investigator to

understand how to approach an investigation on a compromised DBMS. This study allows for

secure collation of criminal details for future use instead of keeping records in a paper way, all

crime and suspect details are kept in the database for retrieval.

5.2 RECOMMENDATIONS

Anundiscoveredareaofthedatabaseforensicsfieldonwhichwehavenotfocusedisinasensethei
nverseofthisstudy.Ourstudyhasfocusedontransformingthelayersofthedatabasetoastatewherethe
layerprovidestheinvestigatorwithatruereflectionofwhatisintheDBMS.Afurtherstudymayneedtobec
onductedwherethedataormetadataofaDBMSarechangedinordertoviewhowacompromisedlayeri
nterpretsthechangeindataormetadata.

ThisstudyhastestedthemethodstoacertainextentbutfurthertestingisrequiredonDBMSs.The
Microsoft SQL Server DBMShasbeenusedtoimplement the
database,anditwillbeusefultotestthesamemethodsandprocessesonotherDBMSslikeOracle,M
ySQL, and
PostgreSQLetc.Thisstudyhasfocusedontheevidenceidentificationprocessofdatabaseforensics
butthereareseveralstagesoftheforensicprocessthatmayneedtobeexploredinaforensiccontextinfuture
.Thestagesoftheforensicprocessthatremaintobeexploredinthecontextofdatabaseforensicsarecollect
ionofevidenceafteridentification,transportation,reconstruction,analysisandpresentationincourt. In
further studies live web cam capturing will be implemented.

46
 REFERENCES

[1]C.J.Date,SQLandRelationalTheory.Sebastopol,U.S.A:O’ReillyMedia,2009.

[2]A.Basta,M.Zgola,D.BullaboyandT.L.Whitlock,DatabaseSecurity.Boston,

USA:CourseTechnology,2012.
[3]C.ProsiseandK.Mandia,IncedentResponse&ComputerForensics,2nded.Osborne,U.S.A:McGra
w-Hill,2003.

[4]M.MeyersandM.Rogers,“DigitalForensics:MeetingtheChallengesofScientificEvidence”inPro
ceedingsoftheIFIPInternationalConferenceonDigitalForensics,13-
16February,2005,Orlando,USA.Sensors,M.PollittandS.Shenoi,vol.1,IFIP11.9.Springer,2006,pp.4
3-50.

[5]G.Mohay, ComputerandIntrusionForensics,1sted.Norwood, USA:ArtechHouse,2003.

[6]A&E Television Networks,“Dennis Rader

Biography”,2007,http://www.biography.com/articles/Dennis-Rader-241487?
part=1.Lastaccessedon8August2010.
[7]E.Taub,“Deletingmaybeeasy,butyourharddrivestilltellsall”,2006,http://
www.theglobeandmail.com/news/technology/article819202.ece.

[8]D.Litchfield,TheDatabaseHacker’sHandbook,1sted.Indianapolis,USA:WileyPublishing,2005.

[9]E.Bertino andR.Sandhu,“DatabaseSecurity–
Concepts,Approaches,andChallenges”,IEEETransactionsonDependableandSecureComputing,vol
.2,no.1,pp.2-19,March2005.

[10] D.Gollmann,ComputerSecurity.NewYork,USA:JohnWileyandSons,2002.
[11]S.SumathiandS.Esakkirajan,FundamentalsofRelationalDatabaseManagement

Systems.Berlin,Germany:Springer,2007.
[12]
J.Vacca,ComputerForensics:ComputerCrimeSceneInvestigation,2nded.CourseTechnologyPTR,20
05.

[13] E.Cole,NetworkSecurityBible,2nd ed.NewYork,USA:JohnWiley&Sons,2009.

47
[14] S.RichmondandC.Williams,“MillionsofinternetusershitbymassiveSonyPlaystation
data theft”, 2011,http://www.telegraph.co.uk/technology/news.Lastaccessedon17July2011.

[15]R.McKemmish,“WhenisDigitalEvidenceForensicallySound?”inProceedingsoftheIFIPInt
ernationalConferenceonDigitalForensics,2008,Kyoto,Japan.Sensors,I.RayandS.Shenoi,vol.1
,IFIP11.9.Springer,2008,pp.3-15.

[16]
M.Pollit,ComputerForensics:AnApproachtoEvidenceinCyberspace,ProceedingsoftheEighte
enthNationalInformationSystemsSecurityConference,pp.487-491,1995.

[17] C.AltheideandH.Carvey,DigitalForensicswithOpenSourceTools.MA,USA:Syngress,2011.

[18]
F.Cohen,“FundamentalsofDigitalForensicEvidence”inHandbookofInformationandCommunicati
onSecurity.P.StavroulakisandM.Stamp,SanJose,USA:Springer,2010,pp.789-808.

[19]
J.WilesandA.Reyes,theBestDamnCybercrimeandDigitalForensicsBookPeriod.MA,USA:Sy
ngress,2007.

[20] E.Casey, Handbook of Computer Crime Investigation:Forensic Tools

andTechnology.London,UK:AcademicPress,2002.

[21]
M.Zelkowitz,AdvancesinComputers:InformationSecurity.SanDiego,USA:ElsevierInc.,2004.

[22] B.Carrier,FileSystemForensicAnalysis.NJ,USA:PearsonEducation,2005.
[23] M.Olivier,OnMetadataContextinDatabaseForensicsinDigitalInvestigations,vol.5,pp.115-
123,2009.

[24] E.Casey,DigitalEvidenceandComputerCrime–
ForensicScience,ComputersontheInternet,2nded.California,USA:ElsevierAcademicPress,2004.

[25]
M.L.Gillenson,FundamentalsofDatabaseManagementSystems,2 nded.NewJersey,USA:John
WileyandSons,2005.

48
[26]
S.K.Singh,DatabaseSystems:Concepts,DesignandApplications.NewDelhi,India:PearsonEdu
cation,2006.

[27] ITL
EducationSolutionLimited,IntroductiontoDatabaseSystems2008.NewDelhi,India:PearsonEd
ucation,2008.

49
 APPENDICES

SOURE CODES

MODELS

Person.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Person
{
[DatabaseGenerated(System.ComponentModel.DataAnnotations.Schema.D
atabaseGeneratedOption.Identity)]
[Key]
public int PersonId { get; set; }

[Required,Display(Name="First Name")]
public string FirstName { get; set; }

[Required,Display(Name="Last Name")]
public string LastName { get; set; }
[Required, Display(Name = "Middle Name")]
public string MiddleName { get; set; }
[Required, Display(Name = "Date Of Birth")]
public DateTime DateOfBirth { get; set; }

[Required, Display(Name = "State")]

public string State { get; set; }

[Required, Display(Name = "Address")]

public string Address { get; set; }

[Required, Display(Name = "Phone")]

public string Phone { get; set; }

[Required, Display(Name = "Email")]

50
public string Email { get; set; }

[Display(Name = "Passport")]
public string Passport { get; set; }

[Display(Name = "Country")]
public int CountryId { get; set; }

public virtual Country Country { get; set; }

[Display(Name="Gender")]
public int GenderId { get; set; }

public virtual Gender Gender { get; set; }

[Display(Name="Status")]
public int StatusId { get; set; }

public virtual Status Status { get; set; }

[Display(Name = "Genotype")]
public int GenotypeId { get; set; }

public virtual Genotype Genotype { get; set; }

[Display(Name = "Blood Group")]

public int BloodGroupId { get; set; }

public virtual BloodGroup BloodGroup { get; set; }

[Required]
[Display(Name="Convicted ?")]

public bool Convicted { get; set; }

[Display(Name = "Hair Color")]
public int HairColorId { get; set; }

public virtual HairColor HairColor { get; set; }

[Display(Name = "Skin Color")]

public int SkinColorId { get; set; }

public virtual SkinColor SkinColor { get; set; }

public DateTime Registered { get; set; }

public string IdentityNo { get; set; }

[Required,Display(Name="Bvn No.")]

51
 public string Bvn { get; set; }
}
}

Investigator.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Investigator
{
[Key]
public int InvestigatorId { get; set; }
[Required,Display(Name="Investigator Name")]
public string InvestigatorName { get; set; }

}
}
Country.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Country
{
[Key]

public int CountryId { get; set; }

[Display(Name="Country Name")]
public string CountryName { get; set; }

[Display(Name = "Country Code")]

public string CountryCode { get; set; }

52
 }
}
Crime.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Crime
{
[Key]
public int CrimeId { get; set; }

[Display(Name="Crime Name")]
public int CrimeTypeId { get; set; }
public virtual CrimeType CrimeType { get; set; }
public string Description { get; set; }

[Display(Name="Investigator")]
public int InvestigatorId { get; set; }

public virtual Investigator Investigator { get; set; }

public int PersonId { get; set; }

public virtual Person Person { get; set; }

public string CrimeScene { get; set; }

public string CrimeLocation { get; set; }

}
}
CrimeType.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models

53
{
public class CrimeType
{
[Key]
public int CrimeTypeId { get; set; }

[Required,Display(Name="Crime Name")]
public string CrimeName { get; set; }
}
}
Gender.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Gender
{
[Key]
public int GenderId { get; set; }

[Required,Display(Name="Gender")]
public string GenderName { get; set; }

[Required, Display(Name = "Gender Code")]

public string GenderCode { get; set; }
}
}
Genotype.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class Genotype
{
[Key]
public int GenotypeId { get; set; }

54
 [Required,Display(Name="Genotype")]
public string GenotypeName { get; set; }
}
}
HairColor.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class HairColor
{
[Key]
public int HairColorId { get; set; }
[Required,Display(Name = "Hair Color")]
public string HairColorName { get; set; }
}
}
SkinColor.cs

using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;

namespace DatabaseForensic_App.Models
{
public class SkinColor
{
[Key]
public int SkinColorId { get; set; }
[Required,Display(Name = "Skin Color")]
public string SkinColorName { get; set; }
}
}
Status.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

55
using System.ComponentModel.DataAnnotations;

namespace DatabaseForensic_App.Models
{
public class Status
{
[Key]
public int StatusId { get; set; }

[Required,Display(Name="Status")]
public string StatusName { get; set; }
}
}
IdentityModel.cs

using Microsoft.AspNet.Identity.EntityFramework;
using System.Data.Entity;

namespace DatabaseForensic_App.Models
{

public class ApplicationUser : IdentityUser

{

public class ApplicationDbContext : IdentityDbContext<ApplicationUser

>
{
public ApplicationDbContext()
: base("DefaultConnection")
{
}
public DbSet<Person> Persons { get; set; }
public DbSet<Country> Countrys { get; set; }
public DbSet<BloodGroup> BloodGroups { get; set; }
public DbSet<Gender> Genders { get; set; }
public DbSet<Genotype> Genotypes { get; set; }
public DbSet<HairColor> HairColors { get; set; }
public DbSet<SkinColor> SkinColors { get; set; }
public DbSet<Status> Statuses { get; set; }
public DbSet<Crime> Crimes { get; set; }
public DbSet<CrimeType> CrimeTypes { get; set; }
public DbSet<Investigator> Investigators { get; set; }
}
}

56
CONTROLLERS

CrimeController.cs

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Mvc;
using DatabaseForensic_App.Models;

namespace DatabaseForensic_App.Controllers
{
public class CrimeController : Controller
{
private ApplicationDbContext db = new ApplicationDbContext();

// GET: /Crime/

[Authorize(Roles = "Admin")]
public ViewResult GetSuspect(string sortOrder, string searchStrin
g)
{
ViewBag.IdentityNoSortParm = String.IsNullOrEmpty(sortOrder)
? "identity_desc" : "";
ViewBag.CrimeNameSortParm = sortOrder == "CrimeName" ? "crime
name_desc" : "CrimeName";
ViewBag.CountrySortParm = sortOrder == "Country" ? "country_d
esc" : "Country";
ViewBag.IdentityNoSortParm = sortOrder == "IdentityNo" ? "ide
ntity_desc" : "IdentityNo";
var crimes = from c in db.Crimes
select c;
if (!String.IsNullOrEmpty(searchString))
{
crimes = crimes.Where(c => c.CrimeType.CrimeName.ToUpper(
).Contains(searchString.ToUpper())

||
c.Investigator.InvestigatorName.ToUpper().Contains(s
earchString.ToUpper())
||

57
 c.Person.Bvn.ToUpper().Contains(searchString.ToUpper
())
||
c.Person.Country.CountryName.ToUpper().Contains(sear
chString.ToUpper())
);

}
switch (sortOrder)
{
case "identity":
crimes = crimes.OrderByDescending(f => f.Person.Ident
ityNo);
break;
case "crimename":
crimes = crimes.OrderBy(f => f.CrimeType.CrimeName);
break;
case "country":
crimes = crimes.OrderBy(f => f.Person.Country);
break;

}
return View(crimes.ToList());
}
public ActionResult Index()
{
var crimes = db.Crimes.Include(c => c.CrimeType).Include(c =>
c.Investigator).Include(c => c.Person);
return View(crimes.ToList());
}
[Authorize(Roles = "Admin,Cops")]
public ViewResult Search(string searchString)
{
var crimes = from c in db.Crimes
select c;
if (!String.IsNullOrEmpty(searchString))
{
crimes = crimes.Where(c => c.CrimeType.CrimeName.ToUpper(
).Contains(searchString.ToUpper())

||
c.Investigator.InvestigatorName.ToUpper().Contains(s
earchString.ToUpper())
||

58
 c.Person.Bvn.ToUpper().Contains(searchString.ToUpper
())
||
c.Person.Country.CountryName.ToUpper().Contains(sear
chString.ToUpper())
);

}
return View(crimes.ToList());
}
// GET: /Crime/Details/5
[Authorize(Roles = "Admin")]
public ActionResult Details(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Crime crime = db.Crimes.Find(id);
if (crime == null)
{
return HttpNotFound();
}
return View(crime);
}
[Authorize(Roles = "Admin")]
public ActionResult ViewCrime()
{
var crime = db.Crimes.Include(c => c.Person);
return View(crime);

// GET: /Crime/Create
[Authorize(Roles = "Admin")]
public ActionResult Create()
{
ViewBag.CrimeTypeId = new SelectList(db.CrimeTypes, "CrimeTyp
eId", "CrimeName");
ViewBag.InvestigatorId = new SelectList(db.Investigators, "In
vestigatorId", "InvestigatorName");
ViewBag.PersonId = new SelectList(db.Persons, "PersonId", "Fi
rstName");
return View();
}

59
 [HttpPost]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult Create([Bind(Include="CrimeId,CrimeTypeId,Des
cription,InvestigatorId,PersonId")] Crime crime)
{
if (ModelState.IsValid)
{
db.Crimes.Add(crime);
db.SaveChanges();
return RedirectToAction("Index");
}

ViewBag.CrimeTypeId = new SelectList(db.CrimeTypes, "CrimeTyp

eId", "CrimeName", crime.CrimeTypeId);
ViewBag.InvestigatorId = new SelectList(db.Investigators, "In
vestigatorId", "InvestigatorName", crime.InvestigatorId);
ViewBag.PersonId = new SelectList(db.Persons, "PersonId", "Fi
rstName", crime.PersonId);
return View(crime);
}

// GET: /Crime/Edit/5
[Authorize(Roles = "Admin")]
public ActionResult Edit(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Crime crime = db.Crimes.Find(id);
if (crime == null)
{
return HttpNotFound();
}
ViewBag.CrimeTypeId = new SelectList(db.CrimeTypes, "CrimeTyp
eId", "CrimeName", crime.CrimeTypeId);
ViewBag.InvestigatorId = new SelectList(db.Investigators, "In
vestigatorId", "InvestigatorName", crime.InvestigatorId);
ViewBag.PersonId = new SelectList(db.Persons, "PersonId", "Fi
rstName", crime.PersonId);
return View(crime);
}

[HttpPost]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]

60
 public ActionResult Edit([Bind(Include="CrimeId,CrimeTypeId,Descr
iption,InvestigatorId,PersonId")] Crime crime)
{
if (ModelState.IsValid)
{
db.Entry(crime).State = System.Data.Entity.EntityState.Mo
dified;
db.SaveChanges();
return RedirectToAction("Index");
}
ViewBag.CrimeTypeId = new SelectList(db.CrimeTypes, "CrimeTyp
eId", "CrimeName", crime.CrimeTypeId);
ViewBag.InvestigatorId = new SelectList(db.Investigators, "In
vestigatorId", "InvestigatorName", crime.InvestigatorId);
ViewBag.PersonId = new SelectList(db.Persons, "PersonId", "Fi
rstName", crime.PersonId);
return View(crime);
}

[Authorize(Roles = "Cops")]

public ViewResult CopsGetSuspect(string sortOrder, string searchS

tring)
{
ViewBag.IdentityNoSortParm = String.IsNullOrEmpty(sortOrder)
? "identity_desc" : "";
ViewBag.CrimeNameSortParm = sortOrder == "CrimeName" ? "crime
name_desc" : "CrimeName";
ViewBag.CountrySortParm = sortOrder == "Country" ? "country_d
esc" : "Country";
ViewBag.IdentityNoSortParm = sortOrder == "IdentityNo" ? "ide
ntity_desc" : "IdentityNo";
var crimes = from c in db.Crimes
select c;
if (!String.IsNullOrEmpty(searchString))
{
crimes = crimes.Where(c => c.CrimeType.CrimeName.ToUpper(
).Contains(searchString.ToUpper())

||
c.Investigator.InvestigatorName.ToUpper().Contains(s
earchString.ToUpper())
||
c.Person.Bvn.ToUpper().Contains(searchString.ToUpper
())
||

61
 c.Person.Country.CountryName.ToUpper().Contains(sear
chString.ToUpper())
);

}
switch (sortOrder)
{
case "identity":
crimes = crimes.OrderByDescending(f => f.Person.Ident
ityNo);
break;
case "crimename":
crimes = crimes.OrderBy(f => f.CrimeType.CrimeName);
break;
case "country":
crimes = crimes.OrderBy(f => f.Person.Country);
break;

}
return View(crimes.ToList());
}

[Authorize(Roles="Cops")]
public ViewResult SearchSuspect(string searchString)
{
var crimes = from c in db.Crimes
select c;
if (!String.IsNullOrEmpty(searchString))
{
crimes = crimes.Where(c => c.CrimeType.CrimeName.ToUpper(
).Contains(searchString.ToUpper())

||
c.Investigator.InvestigatorName.ToUpper().Contains(s
earchString.ToUpper())
||
c.Person.Bvn.ToUpper().Contains(searchString.ToUpper
())
||
c.Person.Country.CountryName.ToUpper().Contains(sear
chString.ToUpper())
);

62
 return View(crimes.ToList());
}
[Authorize(Roles="Cops")]
public ActionResult GetDetails(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Crime crime = db.Crimes.Find(id);
if (crime == null)
{
return HttpNotFound();
}
return View(crime);
}
// GET: /Crime/Delete/5
[Authorize(Roles = "Admin")]
public ActionResult Delete(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Crime crime = db.Crimes.Find(id);
if (crime == null)
{
return HttpNotFound();
}
return View(crime);
}

// POST: /Crime/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult DeleteConfirmed(int id)
{
Crime crime = db.Crimes.Find(id);
db.Crimes.Remove(crime);
db.SaveChanges();
return RedirectToAction("Index");
}

protected override void Dispose(bool disposing)

{

63
 if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
}
}

RoleController.cs

using DatabaseForensic_App.Models;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.EntityFramework;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;

namespace DatabaseForensic_App.Controllers
{
public class RoleController : Controller
{
[Authorize(Roles="Admin")]
public ActionResult Index()
{
// Populate Dropdown Lists
var context = new Models.ApplicationDbContext();

var rolelist = context.Roles.OrderBy(r => r.Name).ToList().Se

lect(rr =>
new SelectListItem { Value = rr.Name.ToString(), Text = rr.Na
me }).ToList();
ViewBag.Roles = rolelist;

var userlist = context.Users.OrderBy(u => u.UserName).ToList(

).Select(uu =>
new SelectListItem { Value = uu.UserName.ToString(), Text = u
u.UserName }).ToList();
ViewBag.Users = userlist;

ViewBag.Message = "";

return View();

64
 }

// GET: /Roles/Create
[Authorize(Roles = "Admin")]
public ActionResult Create()
{
return View();
}

//
// POST: /Roles/Create
[Authorize(Roles = "Admin")]
[HttpPost]
public ActionResult Create(FormCollection collection)
{

try
{
var context = new Models.ApplicationDbContext();
context.Roles.Add(new Microsoft.AspNet.Identity.EntityFra
mework.IdentityRole()
{
Name = collection["RoleName"]
});
context.SaveChanges();
ViewBag.Message = "Role created successfully !";
return RedirectToAction("Index");
}
catch
{
return View();
}
}

[Authorize(Roles = "Admin")]
public ActionResult Delete(string RoleName)
{
var context = new Models.ApplicationDbContext();
var thisRole = context.Roles.Where(r => r.Name.Equals(RoleNam
e, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault();
context.Roles.Remove(thisRole);
context.SaveChanges();
return RedirectToAction("Index");
}

//
// GET: /Roles/Edit/5

65
 [Authorize(Roles = "Admin")]
public ActionResult Edit(string roleName)
{
var context = new Models.ApplicationDbContext();
var thisRole = context.Roles.Where(r => r.Name.Equals(roleNam
e, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault();

return View(thisRole);
}

//
// POST: /Roles/Edit/5
[Authorize(Roles = "Admin")]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult Edit(Microsoft.AspNet.Identity.EntityFramewor
k.IdentityRole role)
{
try
{
var context = new Models.ApplicationDbContext();
context.Entry(role).State = System.Data.Entity.EntityStat
e.Modified;
context.SaveChanges();

return RedirectToAction("Index");
}
catch
{
return View();
}
}

// Adding Roles to a user

[Authorize(Roles = "Admin")]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult RoleAddToUser(string UserName, string RoleNam
e)
{
var context = new Models.ApplicationDbContext();

if (context == null)
{
throw new ArgumentNullException("context", "Context must
not be null.");
}

66
 ApplicationUser user = context.Users.Where(u => u.UserName.Eq
uals(UserName, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault
();

var userStore = new UserStore<ApplicationUser>(context);

var userManager = new UserManager<ApplicationUser>(userStore)
;
userManager.AddToRole(user.Id, RoleName);

ViewBag.Message = "Role created successfully !";

// Repopulate Dropdown Lists

var rolelist = context.Roles.OrderBy(r => r.Name).ToList().Se
lect(rr => new SelectListItem { Value = rr.Name.ToString(), Text = rr.Nam
e }).ToList();
ViewBag.Roles = rolelist;
var userlist = context.Users.OrderBy(u => u.UserName).ToList(
).Select(uu =>
new SelectListItem { Value = uu.UserName.ToString(), Text = u
u.UserName }).ToList();
ViewBag.Users = userlist;

return View("Index");
}

//Getting a List of Roles for a User

[Authorize(Roles = "Admin")]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult GetRoles(string UserName)
{
if (!string.IsNullOrWhiteSpace(UserName))
{
var context = new Models.ApplicationDbContext();
ApplicationUser user = context.Users.Where(u => u.UserNam
e.Equals(UserName, StringComparison.CurrentCultureIgnoreCase)).FirstOrDef
ault();

var userStore = new UserStore<ApplicationUser>(context);

var userManager = new UserManager<ApplicationUser>(userSt
ore);
ViewBag.RolesForThisUser = userManager.GetRoles(user.Id);

// Repopulate Dropdown Lists

67
 var rolelist = context.Roles.OrderBy(r => r.Name).ToList(
).Select(rr => new SelectListItem { Value = rr.Name.ToString(), Text = rr
.Name }).ToList();
ViewBag.Roles = rolelist;
var userlist = context.Users.OrderBy(u => u.UserName).ToL
ist().Select(uu =>
new SelectListItem { Value = uu.UserName.ToString(), Text
= uu.UserName }).ToList();
ViewBag.Users = userlist;
ViewBag.Message = "Roles retrieved successfully !";
}

return View("Index");
}

//Deleting a User from A Role

[Authorize(Roles = "Admin")]
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult DeleteRoleForUser(string UserName, string Rol
eName)
{
var account = new AccountController();
var context = new Models.ApplicationDbContext();
ApplicationUser user = context.Users.Where(u => u.UserName.Eq
uals(UserName, StringComparison.CurrentCultureIgnoreCase)).FirstOrDefault
();

var userStore = new UserStore<ApplicationUser>(context);

var userManager = new UserManager<ApplicationUser>(userStore)
;

if (userManager.IsInRole(user.Id, RoleName))
{
userManager.RemoveFromRole(user.Id, RoleName);
ViewBag.Message = "Role removed from this user successful
ly !";
}
else
{
ViewBag.Message = "This user doesn't belong to selected r
ole.";
}

// Repopulate Dropdown Lists

68
 var rolelist = context.Roles.OrderBy(r => r.Name).ToList().Se
lect(rr => new SelectListItem { Value = rr.Name.ToString(), Text = rr.Nam
e }).ToList();
ViewBag.Roles = rolelist;
var userlist = context.Users.OrderBy(u => u.UserName).ToList(
).Select(uu =>
new SelectListItem { Value = uu.UserName.ToString(), Text = u
u.UserName }).ToList();
ViewBag.Users = userlist;

return View("Index");
}

}
}

PersonController.cs

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Mvc;
using DatabaseForensic_App.Models;

namespace DatabaseForensic_App.Controllers
{
public class PersonController : Controller
{
private ApplicationDbContext db = new ApplicationDbContext();

// GET: /Person/
[Authorize(Roles="Admin")]
public ViewResult SearchPerson(string sortOrder, string searchStr
ing)
{
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "nam
e_desc" : "";
ViewBag.FirstNameSortParm = sortOrder == "FirstName" ? "first
name_desc" : "FirstName";
ViewBag.CountrySortParm = sortOrder == "Country" ? "country_d
esc" : "Country";

69
 ViewBag.GenderSortParm = sortOrder == "Gender" ? "gender_desc
" : "Gender";
var person = from p in db.Persons
select p;
if(!String.IsNullOrEmpty(searchString))
{
person = person.Where(p=>p.FirstName.ToUpper().Contains(s
earchString.ToUpper())

||
p.Gender.GenderName.ToUpper().Contains(searchString.
ToUpper())
||
p.Country.CountryName.ToUpper().Contains(searchStrin
g.ToUpper())
||
p.Bvn.ToUpper().Contains(searchString.ToUpper())

||
p.State.ToUpper().Contains(searchString.ToUpper())
);

}
switch(sortOrder)
{
case "name_desc":
person = person.OrderByDescending(f => f.FirstName);
break;
case "firstname":
person = person.OrderBy(f => f.Gender.GenderName)
;
break;
case "country":
person = person.OrderBy(f => f.Country.CountryNam
e);
break;

}
return View(person.ToList());
}
[Authorize(Roles = "Admin")]
public ViewResult Search(string searchString)
{
var person = from p in db.Persons
select p;

70
 if(!String.IsNullOrEmpty(searchString))
{
person = person.Where(p=>p.FirstName.ToUpper().Contains(s
earchString.ToUpper())

||
p.Gender.GenderName.ToUpper().Contains(searchString.
ToUpper())
||
p.Country.CountryName.ToUpper().Contains(searchStrin
g.ToUpper())
||
p.Bvn.ToUpper().Contains(searchString.ToUpper())

||
p.State.ToUpper().Contains(searchString.ToUpper())
);

return View(person.ToList());
}

[Authorize(Roles = "Cops")]
public ViewResult CopsSearchSuspect(string sortOrder, string sear
chString)
{
ViewBag.NameSortParm = String.IsNullOrEmpty(sortOrder) ? "nam
e_desc" : "";
ViewBag.FirstNameSortParm = sortOrder == "FirstName" ? "first
name_desc" : "FirstName";
ViewBag.CountrySortParm = sortOrder == "Country" ? "country_d
esc" : "Country";
ViewBag.GenderSortParm = sortOrder == "Gender" ? "gender_desc
" : "Gender";
var person = from p in db.Persons
select p;
if (!String.IsNullOrEmpty(searchString))
{
person = person.Where(p => p.FirstName.ToUpper().Contains
(searchString.ToUpper())

71
 ||
p.Gender.GenderName.ToUpper().Contains(searchString.
ToUpper())
||
p.Country.CountryName.ToUpper().Contains(searchStrin
g.ToUpper())
||
p.Bvn.ToUpper().Contains(searchString.ToUpper())

||
p.State.ToUpper().Contains(searchString.ToUpper())
);

}
switch (sortOrder)
{
case "name_desc":
person = person.OrderByDescending(f => f.FirstName);
break;
case "firstname":
person = person.OrderBy(f => f.Gender.GenderName);
break;
case "country":
person = person.OrderBy(f => f.Country.CountryName);
break;

}
return View(person.ToList());
}
[Authorize(Roles = "Cops")]
public ViewResult SearchSuspect(string searchString)
{
var person = from p in db.Persons
select p;
if (!String.IsNullOrEmpty(searchString))
{
person = person.Where(p => p.FirstName.ToUpper().Contains
(searchString.ToUpper())

||
p.Gender.GenderName.ToUpper().Contains(searchString.
ToUpper())
||

72
 p.Country.CountryName.ToUpper().Contains(searchStrin
g.ToUpper())
||
p.Bvn.ToUpper().Contains(searchString.ToUpper())

||
p.State.ToUpper().Contains(searchString.ToUpper())
);

return View(person.ToList());
}
[Authorize(Roles = "Admin")]
public ActionResult ViewCrime(int? id)
{
Crime crime = db.Crimes.Find(id);
return View(crime);
}
public ActionResult Index()
{
var persons = db.Persons.Include(p => p.BloodGroup).Include(p
=> p.Country).Include(p => p.Gender).Include(p => p.Genotype).Include(p =
> p.HairColor).Include(p => p.SkinColor).Include(p => p.Status);
return View(persons.ToList());
}

[Authorize(Roles = "Cops")]
public ActionResult GetDetails(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Person person = db.Persons.Find(id);
if (person == null)
{
return HttpNotFound();
}
return View(person);
}

// GET: /Person/Details/5
[Authorize(Roles = "Admin")]
public ActionResult Details(int? id)

73
 {
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Person person = db.Persons.Find(id);
if (person == null)
{
return HttpNotFound();
}
return View(person);
}

// GET: /Person/Create
[Authorize(Roles="Admin")]
public ActionResult Create()
{
ViewBag.BloodGroupId = new SelectList(db.BloodGroups, "BloodG
roupId", "BloodGroupName");
ViewBag.CountryId = new SelectList(db.Countrys, "CountryId",
"CountryName");
ViewBag.GenderId = new SelectList(db.Genders, "GenderId", "Ge
nderName");
ViewBag.GenotypeId = new SelectList(db.Genotypes, "GenotypeId
", "GenotypeName");
ViewBag.HairColorId = new SelectList(db.HairColors, "HairColo
rId", "HairColorName");
ViewBag.SkinColorId = new SelectList(db.SkinColors, "SkinColo
rId", "SkinColorName");
ViewBag.StatusId = new SelectList(db.Statuses, "StatusId", "S
tatusName");
return View();
}

[HttpPost]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult Create(
[Bind(Include="PersonId,FirstName,LastName,MiddleName,DateOfB
irth,State,Address,Phone,Email,Passport,CountryId,GenderId,StatusId,Genot
ypeId,BloodGroupId,Convicted,HairColorId,SkinColorId,Registered,IdentityN
o,Bvn")]
Person person,HttpPostedFileBase file)
{
if (ModelState.IsValid && person.Convicted == true)
{

74
 person.Registered = DateTime.Now;

if(file != null)
{
string pic = System.IO.Path.GetFileName(file.FileName
);
string path = System.IO.Path.Combine(Server.MapPath("
~/Uploads"), pic);
file.SaveAs(path);
person.Passport = file.FileName;
}

db.Persons.Add(person);
db.SaveChanges();
ViewBag.Identity = "Identity No :";
return RedirectToAction("Create","Crime");
}
else if (ModelState.IsValid && person.Convicted == false)
{

person.Registered = DateTime.Now;
if (file != null)
{
string pic = System.IO.Path.GetFileName(file.FileName
);
string path = System.IO.Path.Combine(Server.MapPath("
~/Uploads"), pic);
file.SaveAs(path);
person.Passport = file.FileName;
}

db.Persons.Add(person);
db.SaveChanges();
return RedirectToAction("Successful");
}

ViewBag.BloodGroupId = new SelectList(db.BloodGroups, "BloodG

roupId", "BloodGroupName", person.BloodGroupId);
ViewBag.CountryId = new SelectList(db.Countrys, "CountryId",
"CountryName", person.CountryId);
ViewBag.GenderId = new SelectList(db.Genders, "GenderId", "Ge
nderName", person.GenderId);
ViewBag.GenotypeId = new SelectList(db.Genotypes, "GenotypeId
", "GenotypeName", person.GenotypeId);
ViewBag.HairColorId = new SelectList(db.HairColors, "HairColo
rId", "HairColorName", person.HairColorId);
ViewBag.SkinColorId = new SelectList(db.SkinColors, "SkinColo
rId", "SkinColorName", person.SkinColorId);

75
 ViewBag.StatusId = new SelectList(db.Statuses, "StatusId", "S
tatusName", person.StatusId);
return View(person);
}
[Authorize(Roles = "Admin")]
public ActionResult Successful(Person person)
{
string id;
id = person.IdentityNo;
var userreg = db.Persons.Where(m => m.IdentityNo == id);
return View(userreg);
}

[Authorize(Roles = "Admin")]
// GET: /Person/Edit/5
public ActionResult Edit(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Person person = db.Persons.Find(id);
if (person == null)
{
return HttpNotFound();
}
ViewBag.BloodGroupId = new SelectList(db.BloodGroups, "BloodG
roupId", "BloodGroupName", person.BloodGroupId);
ViewBag.CountryId = new SelectList(db.Countrys, "CountryId",
"CountryName", person.CountryId);
ViewBag.GenderId = new SelectList(db.Genders, "GenderId", "Ge
nderName", person.GenderId);
ViewBag.GenotypeId = new SelectList(db.Genotypes, "GenotypeId
", "GenotypeName", person.GenotypeId);
ViewBag.HairColorId = new SelectList(db.HairColors, "HairColo
rId", "HairColorName", person.HairColorId);
ViewBag.SkinColorId = new SelectList(db.SkinColors, "SkinColo
rId", "SkinColorName", person.SkinColorId);
ViewBag.StatusId = new SelectList(db.Statuses, "StatusId", "S
tatusName", person.StatusId);
return View(person);
}

[Authorize(Roles = "Admin")]
[HttpPost]

76
 [ValidateAntiForgeryToken]
public ActionResult Edit([Bind(Include="PersonId,FirstName,LastNa
me,MiddleName,DateOfBirth,State,Address,Phone,Email,Passport,CountryId,Ge
nderId,StatusId,GenotypeId,BloodGroupId,Convicted,HairColorId,SkinColorId
,Registered,IdentityNo")] Person person)
{
if (ModelState.IsValid)
{
db.Entry(person).State = System.Data.Entity.EntityState.M
odified;
db.SaveChanges();
return RedirectToAction("Index");
}
ViewBag.BloodGroupId = new SelectList(db.BloodGroups, "BloodG
roupId", "BloodGroupName", person.BloodGroupId);
ViewBag.CountryId = new SelectList(db.Countrys, "CountryId",
"CountryName", person.CountryId);
ViewBag.GenderId = new SelectList(db.Genders, "GenderId", "Ge
nderName", person.GenderId);
ViewBag.GenotypeId = new SelectList(db.Genotypes, "GenotypeId
", "GenotypeName", person.GenotypeId);
ViewBag.HairColorId = new SelectList(db.HairColors, "HairColo
rId", "HairColorName", person.HairColorId);
ViewBag.SkinColorId = new SelectList(db.SkinColors, "SkinColo
rId", "SkinColorName", person.SkinColorId);
ViewBag.StatusId = new SelectList(db.Statuses, "StatusId", "S
tatusName", person.StatusId);
return View(person);
}
[Authorize(Roles = "Admin")]
// GET: /Person/Delete/5
public ActionResult Delete(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Person person = db.Persons.Find(id);
if (person == null)
{
return HttpNotFound();
}
return View(person);
}
[Authorize(Roles = "Admin")]
// POST: /Person/Delete/5
[HttpPost, ActionName("Delete")]

77
 [ValidateAntiForgeryToken]
public ActionResult DeleteConfirmed(int id)
{
Person person = db.Persons.Find(id);
db.Persons.Remove(person);
db.SaveChanges();
return RedirectToAction("Index");
}

protected override void Dispose(bool disposing)

{
if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
}
}

InvestigatorController.cs

using System;
using System.Collections.Generic;
using System.Data;
using System.Data.Entity;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Mvc;
using DatabaseForensic_App.Models;

namespace DatabaseForensic_App.Controllers
{
public class InvestigatorController : Controller
{
private ApplicationDbContext db = new ApplicationDbContext();

// GET: /Investigator/
[Authorize(Roles = "Admin")]
public ActionResult Index()
{
return View(db.Investigators.ToList());
}

78
 // GET: /Investigator/Details/5
[Authorize(Roles = "Admin")]
public ActionResult Details(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Investigator investigator = db.Investigators.Find(id);
if (investigator == null)
{
return HttpNotFound();
}
return View(investigator);
}

// GET: /Investigator/Create
[Authorize(Roles = "Admin")]
public ActionResult Create()
{
return View();
}

[HttpPost]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult Create([Bind(Include="InvestigatorId,Investig
atorName")] Investigator investigator)
{
if (ModelState.IsValid)
{
db.Investigators.Add(investigator);
db.SaveChanges();
return RedirectToAction("Index");
}

return View(investigator);
}

// GET: /Investigator/Edit/5
[Authorize(Roles = "Admin")]
public ActionResult Edit(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);

79
 }
Investigator investigator = db.Investigators.Find(id);
if (investigator == null)
{
return HttpNotFound();
}
return View(investigator);
}

// POST: /Investigator/Edit/5
// To protect from overposting attacks, please enable the specifi
c properties you want to bind to, for
// more details see http://go.microsoft.com/fwlink/?
LinkId=317598.
[HttpPost]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult Edit([Bind(Include="InvestigatorId,Investigat
orName")] Investigator investigator)
{
if (ModelState.IsValid)
{
db.Entry(investigator).State = System.Data.Entity.EntityS
tate.Modified;
db.SaveChanges();
return RedirectToAction("Index");
}
return View(investigator);
}

// GET: /Investigator/Delete/5
[Authorize(Roles = "Admin")]
public ActionResult Delete(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest
);
}
Investigator investigator = db.Investigators.Find(id);
if (investigator == null)
{
return HttpNotFound();
}
return View(investigator);
}

// POST: /Investigator/Delete/5

80
 [HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
[Authorize(Roles = "Admin")]
public ActionResult DeleteConfirmed(int id)
{
Investigator investigator = db.Investigators.Find(id);
db.Investigators.Remove(investigator);
db.SaveChanges();
return RedirectToAction("Index");
}

protected override void Dispose(bool disposing)

{
if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
}
}

81