Create a file-system-based timeline

Assignment Help Computer Engineering

Reference no: EM131688373

Lab: Evidence Acquisition and Analysis Lab

For this lab, you will practice acquiring a digital image of your own laptop or computer and setting up a forensic analysis workstation. You will NOT have to turn in the image of your own laptop (for privacy reasons), but you will have to turn in evidence that you have completed this task. For all the required information that needs to be turned in, a Word document is sufficient.

For this exercise, you will need to do the following:

Download a Linux-based forensics live CD.

Use this to acquire the harddrive on your own computer by booting into the LiveCD and then storing an image file on a portable hard drive. You can use any of the commandline-based acquisition tools you like (recommended to us: dcfldd for on-the-fly hashing).

Take an MD5 and SHA256 hash of the drive before AND after you do the acquisition; turn these in. If you use a program that has on-the-fly hashing, turn that in as well. Compare your results to the hash of the image file; ensure that they match.

Describe how you ensured that the drive you were acquiring was not modified during the acquisition.

During the running of the hashing algorithms, I made sure nothing was running in the background or open except for the hashing program itself. If I was in the field I would also use a write block to make sure there definitely was no modification and keep the data untouched.

On your laptop, install the virtualization software of your choice to create a forensics workstation. Ideally this would be dedicated hardware, but use your own device. It is recommended you install the SIFT Kit, but any other Forensic distro will do.

Using Autopsy, load the image into a new case and verify that the hashes still match.

Create a file-system-based timeline and turn in the first 10 and last 10 entries as well as the hash value of the file.

In Autopsy, perform a keyword search for the name of your university; how many files were returned that matched? (Just provide the count, not the filenames or their contents.)

Attachment:- Assignment File.rar

Reference no: EM131688373

Questions Cloud

What warner brothers do to ensure successful repatriation : The director of sales and marketing for a Warner Brothers theme park has been working in Madrid. She is getting ready to return to the United States.

Discuss component of network transportation : What is the answer to this question and what are three main points that I can talk about in my essay

Operate within the time and budget constraints : Proper scope identification and management will help the project evolve smoothly and operate within the time and budget constraints.

Describe illegal immigrants should be provided a path : Describe illegal immigrants should be provided a path for citizenship. Pay fines, learn English, obey the laws and wait your turn to considered for citizenship.

Create a file-system-based timeline : Create a file-system-based timeline and turn in the first 10 and last 10 entries as well as the hash value of the file

Monopolistically competitive : Think of an industry that is close to being purely competitive and compare it with another industry of your choice that is monopolistically competitive.

Discuss steps in developing a succession planning system : List and discuss the steps involved in developing a succession planning system. How might a succession planning system differ between high-potential employees.

Reconstruct and analyze monetary : Reconstruct and analyze monetary The Mexico Peso Crisis. what the effect was, what impact it had on trade and on living conditions in the country.

Hire workers under a matching strategy : What is the total cost to hire workers under a matching (chase) strategy?

User Account

All Pages