User Account

All Pages

What are the hash value and the output of the image info

Assignment Help Other Engineering
Reference no: EM131722813

Lab: Memory Acquisition Lab

For this exercise you will be capturing memory from your own laptops (or a virtual machine if you prefer). It is important, however, that you use a machine that is actually used. (E.g., don't install a Windows VM for this exercise to acquire it; you're looking for other real-world data.) You WILL NOT hand in your own memory image, for obvious privacy reasons. Memory acquisition can be time-consuming (directly related to how much memory you have in your machine). Accordingly, this exercise will start by capturing memory from an active machine you control BEFORE the lab period.

It is recommended you do this no later than two nights before the lab. Run the acquisition overnight, and if for some reason it doesn't work, try again the next night. Bring this image to lab with you.

Be sure to have Volatility installed on the forensics image created in the last lab; you may need additional Volatility profiles, depending on the type of machine you image. You can view the Volatility cheatsheet to get an idea of which commands to use.

This assignment is designed so you can do some hands-on acquisition and familiarize yourself with Volatility. Working with other students with different operating systems is encouraged, but the answers should remain your own and be related to your own image.

Answer the following:

1. Capture the memory of your system; what are the hash value and the output of the image info command on your image? How would you forensically handle the image (i.e., chain of custody/integrity of evidence)?

2. Get a list of running processes when the image was captured. Which commands did you use? Are there any hidden processes?

3. What arguments were used to execute the above program, and which command did you use to find it?

4. What variables did the above program have set, and what was the parent process that launched it? How did you retrieve that information?

5. Dump a hidden process (or if there wasn't one, any other running process). What command did you use? How could you determine quickly if it was malicious?

6. Retrieve the command line history (bash, cmd.exe, etc.) from the image. What command did you use? What was the last command run?

7. Get a list of installed kernel modules and list them. What command did you use?

8. What was the networking info of the machine at time of capture (IP address, active connections)? What command did you use?

9. Working with someone who had a different operating system (e.g., if you had Windows, ask someone with Linux or a Mac), take a look at how the other person retrieved information and observe the differences. How would you accommodate multiple platforms in an investigation? Give the image info output for the other student's image you were looking at.

10. What other commands can you run that give you interesting information? (Can you retrieve your browser history, OTR chats, etc.?) Explore the capability of this kind of analysis.

Attachment:- Lab Assignment.rar

Reference no: EM131722813

Questions Cloud

Know about the group seeking citizenship : What is one very important point you would want to know about the group seeking citizenship?
Draw structures for all the stereo-isomers : Draw structures for all the stereo-isomers of 1,2-diaminocyclohexane (You do not need to show chair conformers for this part of the problem).
Write the rate law for the reaction : What is the value of the rate constant (k) for this reaction at this temperature?
Reflect a nonbiased language style : Rewrite each of the following sentences to reflect a nonbiased language style:1.
What are the hash value and the output of the image info : Capture the memory of your system; what are the hash value and the output of the image info command on your image
Most effective in different circumstances : What leadership perspective is most effective in different circumstances? For many leaders, this may be a challenging question to answer.
How mcpherson supports his arguments : how McPherson supports his arguments and the evidence he uses, and explain whether or not you find his arguments convincing.
Define cryptographic technology protocols : Discuss the components involved in cryptographic technology protocols and explain the common cryptographic standards and methods
How has the economic condition of the nation influenced : How has the economic condition of the nation influenced our ideas and policies on immigration? How has immigration policy impacted 2016 presidential election?

Reviews

Write a Review

Other Engineering Questions & Answers

  Difference between digital immigrants and digital natives

Describe at least three ways in which digitization has changed the manner in which society consumes information - Which of the following statements best describes the main difference between digital immigrants and digital natives?

  Ratio of radius of aluminum sphere

A uniform lead sphere and a uniform aluminum sphere have the same mass. What is the ratio of the radius of the aluminum sphere to the radius of the lead sphere?

  Analyze how emotion and culture affected the process

Explain the role that inductive and deductive reasoning play in the decision-making process. Analyze how emotion and culture affected the process. Describe the problem solving strategies that you would use to resolve the challenges associated with yo..

  Find the percentage error of this circuit as a sine shaper

The two-diode circuit shown in Fig. can provide a crude approximation to a sine-wave output when driven by a triangular waveform. To obtain a good approximation, we select the peak of the triangular waveform, V, so that the slope of the desired si..

  Saturated steam at atmospheric pressure

A 2 m x 2 m vertical plate is exposed on one side to saturated steam at atmospheric pressure and on the other side to cooling water that maintains a plate temperature of 50°C.

  List the mapping from binary to hexadecimal

Suppose you have a number 1100010101002, can you directly change it from binary to hexadecimal. List the mapping from binary to hexadecimal.

  Create a tire pressure - tire spring coefficient curve

Create a tire pressure - tire spring coefficient curve. Use your spare or bicycle tire - Experimentally determine the spring constant of your car and the damping coefficient

  Plot the days to pay off the turbine

Plot the days to pay off the turbine versus the percentage the wind turbine is on. Create functions to: convert from kw to dollars, calculate the amount

  What would happen if i removed one of the pop instructions

What would happen if I removed one of the POP instructions in MYSUBR? Would the program terminate at the HALT instruction? What is the address of the instruction with the comment "FIND THIS PROGRAM ADDRESS"?

  How many address bits does this correspond

Consider a 1024-row NOR decoder. To how many address bits does this correspond? How many output lines does the decoder have? How many input lines does the NOR array require? How many NMOS and PMOS transistors does such a design need?

  Write essay on solar powered motor boat

This question in Engineering is about an essay on Solar Powered Motor Boat. In the recent times due to increase in pollution as well as increasing cost of fossil fuels are forcing engineers and scientists look for alternative and sustainable sourc..

  Discuss the inline assembler

Discuss the inline assembler. Include a description of its features, limitations, and usefulness in programming microprocessors. Discuss how macros are used in programming. Include how they are constructed and they are different from procedures.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd