Learning Log 6

This time we had a new lesson about Understanding Hard Disks and File Systems. I don’t even know that this lesson will be part of our Investigation when we handle computer parts and physical part. This is important because to avoid any tampering of the evidence since the slightest touch or the mishandling of the device may result to damages. I also learned about the parts and how the hard drive works 😛 One of its part is Platter, as I’ve read it is a magnetic or ceramic disk that control or hold the actual data. The other one is the Track where in track numbering happens. Track Numbering begins at Track 0 then moves towards then goes to the center of the platter. And in the part of the hard drive there’s what we call the Sector, which is the smallest physical part. There’s also a cluster which is the smallest allocation naman. Wait there’s also a Slack Space, which refers to the free space on the cluster basta siya yung naleleft behind tsaka matatanggal lang yon pag inoverwrite pati idisk wipe ganern. In addition to what I’ve read in computerhope.com, Slack space is important form of evidence in the field of forensic investigation because slack space can contain relevant information about a suspect that a prosecutor can use in a trial. So that’s just a part of what we’ve discussed! 😉


In addition to this entry, I just want to share about our Final Project!!! WOOOOOO FINALLY WE’RE DONE! Our project is about BeEF (Browser Exploitation Framework) Ang cool niya swear! #FeelingHacker Well, I will not further discuss it because I included it on my last entry! 😉 I also liked group of Salazar’s Final Project because it’s a Social Engineering Tool wher in you could launch many different kinds of attacks like Spear Phishing, Creating a Payload and listener and  Arduino Based Attack Vector (WOW Flexible 😛 ) etc…



One thing that I noticed about myself is that I have weakness that I need to conquer (lol), I’m afraid to talk and recite on class L I always think that my answers are wrong. (I’m too shy to answer what my prof is asking) But honestly when I’m not in class I always wanted to try everything that is related to security and hacking! Need to face your fears Joanna.…..






This is my fifth entry on my INVESTI blog. This first term is coming to an end because we only have 3 more weeks to go 😦 But I know that these coming 3 weeks are going to be fulled with new knowledge and lessons for me to learn 🙂 What we did this week was an exercise on the case study of company ABC. (This company is always a victim HAHAHAHA) Now there are 3 situations according to the exercise. The first situation was that there was a ransomware that was spread across the network of the company. It had infected 50 computers and they ask for 50,000 pesos ransom for each computer which bring to a total of a quarter of a million pesos (WOW). Now even though this situation is fictional, there are cases that in which companies are attacked with viruses and malware so that it could damage the company. With this type of malware installed on the computer, either pay the ransom being asked or just format the drive. If there are unnecessary files on the computer, the drive could be formatted. If there are important files at the computer with no back up of those files, you are left to pay the price of the ransom. The payment is made through bitcoin so it could not be traced back to the owner of the bitcoin wallet.


Now I want to talk about beef. Not beef the meat but BeEF which means Browser Exploitation Framework. This is a useful tool to use the exploitations available in many internet browsers. Google Chrome, Mozilla FireFox, and even Internet Explorer. These exploits ranges from getting your history to accessing your webcam through a fake permission flash pop-up. This is useful to extract information about a target without him/her knowing about it. To start using BeEF, you need to “hook” a user so that you could exploit his/her browsing session of the browser. After the “hook” part, the exploitations will begin. I am still learning more about BeEf and I will soon use other tools that are available in the Kali Linux operating system because after installing Kali Linux, I was surprised because there were already pre-installed tools for pentesting, hacking networks and many more. I got excited when I saw the tools and I’m ready to explore the tools individuality. I know that I can do this and with the help of Adrian, we could learn those tools together.



This is my fourth entry here in my INVESTI blog! Yehey!! 🙂 This week was our SOCIT week and that’s the 7th week. Before Sir Investi sends us down for a seminar, he briefly explained what is a First Responder and what are the procedures if you are that person. I saw the slides and saw the very definition of a first responder. It means that it is the first person who arrives at the scene of the crime. Base from the context of the first responder, I immediately thought of the meaning of the first responder and I was right! 🙂 The first responder has roles and jobs to fulfill and those jobs are: protecting the evidence, integrating the evidence, and preserving the evidence at the scene of the crime. The responder may be network administrator, law enforcement officer and etc. I already imagined that I am the first responder at the scene of the crime. Base from the lesson, I already know the sequence of what to do if there is any evidence present. There are also procedures on what to do if you are the first responder. I had read the roles and I already understood why this is important and why should it be followed.


I thought that if these procedures are followed, then there is no compromise of the evidence being handled. If these procedures are not followed, then the evidence wouldn’t be useful to the investigation since it wasn’t handled properly. Next was the rule of a first responder. It was that if the first responder has no experience in computer forensics, that person should avoid any attempts in recovering any files or using the computer. That should be avoided because if an untrained person tries to use the computer, it maybe a trigger for a self destruct virus or the integrity of the computer will change. There is compromise of the evidence that is related to the case and that should be preserved and should not be touched unless a qualified computer forensic personnel is present. I learned many things this week and I am interested in what else in is stored for the INVESTI subject.


Entry # 3

Last week there was a holiday that’s the reason why we didn’t have class in INVESTI. (Aw so sad). But this week we had our INVESTI Class and we had a new lesson about Digital Evidence. Before discussing it I remembered last night that Adrian and I discussed something familiar about Digital Evidence 😛 that was about evidence in ‘general’ and the cases where in the suspects our found not guilty because of the mishandling of evidences. Adrian shared to me some articles about that which involve the mishandling of evidence. At first those lengthy article but as soon as I read the first paragraph I was shocked about the suspect going freely because of the amateur forensic done in the case.


Moving on, our topic yesterday was about evidence but in digital form. We’ve learned about what digital evidence is and how important is. Digital evidence is about any evidence which could convict the suspect of the crime but it has a unique definition and that is digital evidence is stored in a digital device or electronic. This includes log files, SMS messages, documents, MMS messages and email. They can contain information which will either prove that the person in question is involved in the crime or if he/she is innocent.



We had an exercise yesterday and it was about the cases involved in this book that Sir Investi recommended to read. It was Daemon by Daniel Suarez, and it involved murders and cases which was focused with digital evidence. We came up with our analysis and we got many digital evidences from the given chapters of the book. It was interesting and fun to read because when I read it, I imagined that I’m the investigator and I realized that this is the steps of conducting a proper investigation.


 Bye! 🙂 Thank you for reading!

Entry #2

This time we had our first activity which is about Apple vs. FBI regarding to the San Bernardino Shooting and my group chose to be in the FBI side. Before we had our activity which is the case study about it, Adrian and I were arguing if which side is the best 😛 We search about facts, videos, Wikipedia ideas about the San Bernardino Shooting and at that time I’m in the Apple Side and he chose to be in FBI side because he thinks that it is more interesting and the best if you’re in the side of FBI. I chose Apple side, because I think that if they will going to check Farooq’s iPhone about San Bernardino Shooting. It has 50 50 possibility that they will get an information and as what Apple Inc. said, FBI is ‘over the bakod na’ which means they may violated the law of Apple Inc. I also thinks that it is right to ask permission to the owner of the phone, but unfortunately the suspects are dead. At that time, I agree to what Apple said that if the FBI will going check and access the phone, their security will bababa even though its just only one phone and if they will show the information to the FBI, maybe other companies will think that like for example they will say “Ay bakit si FBI pinakita niyo sa kanila dapat samin din” And there a big possibility that customers of Apple will be lessen if that is the case, but Adrian said that National Security is the one that FBI is protecting for and Farooq’s iPhone was an outdated OS and he said that para na rin maprotektahan ang future phones na gagawin.


In this Exercise, I learned to think deeply about the case and to share my opinion to my groupmates even though I was so shy. Hehe. I also learned that it is really important to read a lot of information about what will be going to discuss. Honestly, when I was in Elementary I really hate reading! Grabe super hate! But now I can say that it is very important to read, to add more knowledge and it will be a great help for you to understand more about the lessons and more about what you want to know.

Well, aside from that I was so excited to do our next activity which is about hashing and file recovery. Wooo! I really want more exercise and works than thinking. I already tried the hash calculator and I found out that is is quite easy but in our activity Sir INVESTI said that it is time pressure that’s why I wanted to have more practice at home 😉 Yay!


                Yesterday, June 29, 2016, we had our discussion about PPA and ECPA Law and after that we had our two activities 🙂 I’m so happy that I easily understand what the two laws are all about. Thank God!! Wooo. These laws convinced me to read more about it.

And… finally my most favorite part, the lab activities!!!! YEHEY! Hashing and File Recovery.  We had finished early the exercise about the hashing. We found out that if the contents are the same but different type format, their has value will be the same, but in terms of upper cases, symbols, spaces that is added to the content but the same type format their hash values will be different.


In the File Recovery exercise, medyo matagal but we completely finish all of the questions asked. Hay! More of Exercises pa sana! :))))))))))





Week 1
Principles of Investigation, this is one of my major subject that I’m taking this term being a DF student 🙂 Well, honestly I felt nervous because I don’t have friends in this subject (hays I miss my friends haha)
Moving on, I can say that I enjoyed our first topic this week (even though sobrang kinakabahan talaga ko palagi and I don’t know why) This subject inspires me to read and read and read articles such as topic about Forensics Law. Forensics Law is one of my favorite topic for now, because ang dami niyang ek ek and seriously this topic was really interesting based on Sir Investi’s discussion. I envy him because he read a lot of articles etc, and while were discussing, I was like “Gusto ko rin agad mabasa mga binabasa niya and a lot of more articles pa sana” And wait, we also discussed about MD5 calculator, and wohooo I already installed it and tried it last week on my computer, I am so excited for more!!! Like using MD5 calculator in our group exercise maybe next week 🙂 hihi I am also interested with the topic of evading forensic tools 🙂
I am not ‘pala salita’ in class, but seriously I’m so excited for more, I want to discuss and learn more about Forensics law hehe and other topics that is to be discuss. Hihi and while you’re listening to your professor, mapapaisip ka talaga “Ano nga ulit yun?, Hala oo nga no pano nangyari yon?, Hala shats ganun pala, etc”  🙂
Even though I always felt nervous in this class, I will take note to myself that I need to focus and listen to my professor! 🙂  Yay!!
giphy (1).gif