Lab 9 - Report file
docx
keyboard_arrow_up
School
Saint Leo University *
*We aren’t endorsed by this school
Course
452
Subject
Communications
Date
Apr 3, 2024
Type
docx
Pages
12
Uploaded by hnmathewson
Lab 9:
Identifying and Documenting Evidence of Forensic Investigation
Hannah Mathewson
Computer Forensics
COM-452-OL01
Professor James Jones
March 10, 2024
Section 1: Hands-On Demonstration
Part 1: Create and Sort a New Case File
21.) Make a screen capture showing the sorted evidence and paste it into the Lab Report file.
Part 2: Find Evidence and Generate a Report from E3
4.) Make a screen capture showing the contents of the badnotes1.txt file and paste it into the Lab Report file.
8.) In the Lab Report file, document the file location for the badnotes1.txt file.
10.) Make a screen capture showing the contents of the badnotes2.txt file and paste it into the Lab Report file.
11.) In the Lab Report file, document the file location for the badnotes2.txt file.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
18.) In the Lab Report file, document the name and location for this file.
36.) In your Lab Report file, document the report type you chose and describe your reasoning for
the choice.
Answer:
I chose an HTML report so that I could see a different type of format. I liked how presentable this report was. It was easier to read.
43.) Make a screen capture showing the bookmarks in the simple text report and paste it into the Lab Report file.
46.) Make a screen capture showing the MD5 hash from the simple text report and paste it into your Lab Report file.
49.) Make a screen capture showing the bookmarks in the second report and paste it into the Lab Report file.
50.) Make a screen capture showing the MD5 hash from the second report and paste it into your Lab Report file.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 2: Applied Learning
Part 1: Create and Sort a New Case File
8.) Make a screen capture showing the sorted evidence and paste it into the Lab Report file.
Part 2: Find Evidence and Generate a Report from E3
3.) Make a screen capture showing the results of the .crt search and paste it into the Lab Report file.
5.) In your Lab Report file, document the MD5 hash for the .crt file.
MD5: 71C378CAA845EE37110C468F6FD70689
7.) Make a screen capture showing the File View tab and paste it into the Lab Report file.
10.) In the Lab Report file, document the file location.
E3://Terran Digital Forensics Case File S2/Suspect Drive 02/Partition Parser/Partition2048/*binary_file/NTFS/root/Users_36/Sam_40/Pictures_2278? projectmanager.crt_2265
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
14.) In your Lab Report file, document the type of car that appears in the image file.
It’s a camaro
15.) Make a screen capture showing the MD5 hash for the image file and paste it into the Lab Report file.
MD5: C35B500543AD69F67EF7A670DD6B2A49
18.) Make a screen capture showing the bookmarks in the Evidence Summary Report and paste it
into the Lab Report file.
22.) Make a screen capture showing the MD5 hash and paste it into your Lab Report file.
Section 3: Lab Challenge and Analysis
Part 1: Analysis and Discussion
1.) In this lab, you found evidence of credit card fraud. For this challenge, research best practices
for computer forensics reports, and craft an executive summary presenting your findings for this lab, your assessment of the evidence, and tie it all to the details in the yourname Digital Forensic Case File S1 report you generated during the lab.
Answer:
Looking at example on how companies complete this step there is a couple of important characteristics first and for most is the fact that the at the start of any report there is a summary of
what is going on inside the report. It then breaks down all other criteria for instance documentation, custody, and methods performed. After that the rest of the report goes into details
about everything included in the top portion.
When looking at the lab the files that we found are easily documented and found and are very incriminating to the owner of the drives. As long as shortcut is not taken, and everything is documented this would be an open and shut case for credit card theft. The biggest challenge would be finding the identity of the partner that gave the person being investigated all the card data and instructions.
Part 2: Tools and Commands
1.) Using E3, export the files you bookmarked during the lab and submit them with your deliverable files. Document the MD5 hash value of each in your Lab Report file.
Answer:
BADNOTES1.TXT: 8FF69E959D96ED9F7D09F9B7C2FD7E0
BADNOTES2.TXT: 1EBD8F793366682E9BA65EB9B9D22075
158_158_532584_12.JPG: 45239DF487B5BAF412CB8E3C2B909F16
Part 3: Challenge Exercise
1.) Section 2 of this lab explores the contents of the shadowdrive1_evidence.E01 evidence drive. Within the evidence drive is a file containing a secret message. Use E3’s Advanced Search tool to locate this file. Make a screen capture showing your search criteria. Export the resulting file and make a screen capture showing the contents of the file. Document the MD5 hash value of this file.
Answer:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help