Add to collection(s) Add to saved
  1. No category

In-Class #10

advertisement 
BACS371
Steganography
BACS 371 – Introduction to Computer Forensics
Homework Lab Activity (2 per group)
Name: ____________________________
Name: ________________________________
You have been contacted by Homeland Security to help uncover evidence for a pending case. You
were selected because it was known that you have training in Computer Forensics and they want to
hire you to perform professional services. The case involves a flash drive acquired by legal search and
seizure from a suspected international criminal. At the time of his apprehension, the suspect had just
completed deleting files from the flash drive. It is not known what was deleted. You have been given
an image of the flash drive to analyze (steganography-case.E01). Initial review of the image indicated
that there are 3 primary data sub-directories. Two have photographs and the 3rd has a bitmap and a
short video. The photographs are the main focus of this investigation because the suspect was heard
muttering to himself that, “you’ll never find what’s hidden in those pictures” during his booking. In
addition, the search of his home revealed several books and articles on steganography. Because of
this, the authorities believe that there may be usable evidence hidden on the flash drive. Your task is
to use whatever tools you deem necessary to collect evidence that may still reside on the image.
As part of your investigation, answer the following questions about the steganography-case.E01
image. Note, you are responsible for deciding which tools to use. Choose wisely because some tools
may make your job easier. Make screenshots and print any evidence that you find. Attach these
printouts to this sheet as part of the assignment solution.
Step 0: Initial Image Documentation1
The File format of the steganography-case.E01 image is _______________
How many Volumes are in the steganography-case.E01 image: ___________________
The volume label for the steganography-case.E01 image is _______________
What is the number of the 1st data sector of the volume: _______________
What is the bytes per cluster for the volume: ________________________
How many free clusters are in the volume: _________________
How many usable sectors are in the volume: _________________
How many clusters are in the volume: _______________________
What is the total capacity (in bytes) of the volume: ____________________
Step 1: Cursory Analysis
Answer the following questions about the file partition found on the image.
Within the “For Image” sub-directory, how many sub-directories files were found: ____________
How many deleted files were found in each of these (list by the name of each sub-directory):
_________________________________________________________________________________________
List the name(s) of the deleted files that appear to hold promising evidence:
_________________________________________________________________________________________
_________________________________________________________________________________________
1
Hint: X-Ways Partition tab
BACS 371 – Computer Forensics
Page 1 of 2
BACS371
Steganography
Open these files (in X-Ways, you can use the “preview” tab) and describe any evidence that
provides clues on how to proceed with your analysis:
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Step 2: In-Depth Analysis
Follow the clues uncovered in the previous step and answer the following question.
What did you do to follow-up on these clues:
_________________________________________________________________________________________
_________________________________________________________________________________________
_________________________________________________________________________________________
Step 3: Report Summary
To complete the job (so you can be paid), summarize your findings in a Microsoft Word document (not
to exceed 1.5 page). This document should list the names and types of all files containing evidence
that you found. It should also briefly describe the evidence found in each file. Be sure to present your
findings in a professional manner. Print copies of any evidence you find and attach to your solution.
BACS 371 – Computer Forensics
Page 2 of 2
Related documents
Solutions 02
Solutions 02
201501 Course Outline LSC 1103
201501 Course Outline LSC 1103
MAP Conference Presentation
MAP Conference Presentation
AP WORLD HISTORY ESSENTIAL UNIT 1 (E01)
AP WORLD HISTORY ESSENTIAL UNIT 1 (E01)
Introduce Context Clues
Introduce Context Clues
IV. Kinetics Introduction (Pseudo) First Order Approx. Steady State Approximation
IV. Kinetics Introduction (Pseudo) First Order Approx. Steady State Approximation
Checklist for Writing Course Learning Outcomes and Samples
Checklist for Writing Course Learning Outcomes and Samples
Chapter09
Chapter09
Assessment Planning and Reporting Document
Assessment Planning and Reporting Document
Employment Law Group - Scottish Government Health Directorates
Employment Law Group - Scottish Government Health Directorates
Word Study Activity
Word Study Activity
Kinetics Review with Answers
Kinetics Review with Answers
Download
advertisement