Digital forensics assignment

Part 1 Misleading file extension

Criminals often simply change the extensions of files to mislead computer forensics investigators. But the wrong file extension is difficult know exactly what the original file type was. To find out the true type of a file you could use a hex editor.

1. Download secret.jpg

Don't use plagiarized sources. Get Your Custom Essay on
Digital forensics assignment
Just from $13/Page
Order Essay

1. Open it with the built in Windows Photos app.  What do you see?

1. Use Hex Workshop (or other hex editor) and try to find out the original file type.

 

Part 2 Use Volatility to analyse memory dump

1. Download volatility at:

https://www.volatilityfoundation.org

1. Download windows.raw from Canvas

1. Study an example of volatile memory analysis at:

https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

 

1. Learn about the memory dump:

0. From which OS is this dump made from, make a screenshot to support your answer.

0. Which process were running when the dump was made, make a screenshot.

0. What are the network connections, which connections are still open? Make screenshots to support your answer.

0. Go through the manual of volatility and try at least two options. The more options the better of course. Document your findings with the command/parameters you used and the outputs. Make screenshots to support your answer.

 

 

Part 3 Data acquisition

1. Use dd, or dcfldd to aquire an image from a USB drive. Make a screenshot with the command you used and output results.

1. Use Foremost to recover some files that you delete. Make a screenshot with command you used and output results.

1. Use FTK to capture the memory of your PC.

1. Use Autopsy to analyse the images you captured in step 3. Write a short report on what information you can find. For privacy reasons, you may erase or hide some personal data when making screenshots.

ORDER NOW »»

and taste our undisputed quality.