Lab 5 - Report file

docx

School

Saint Leo University *

*We aren’t endorsed by this school

Course

452

Subject

Communications

Date

Apr 3, 2024

Type

docx

Pages

10

Uploaded by hnmathewson

Report
Lab 5: Analyzing Images to Identify Suspicious of Modified Files Hannah Mathewson Computer Forensics COM-452-OL01 Professor James Jones February 18, 2024
Section 1: Hands-On Demonstration Part 1: Create a New Case File 12.) Make a screen capture showing the Suspect Drive 01 evidence loaded in E3 and paste it into the Lab Report File document. Part 2: Use the Image Analyzer to Identify Suspicious Files 12.) In the Lab Report file, record the total number of sorted files. Answer: 3,152
13.) Make a screen capture showing the expanded list of categories under Sorted Files and paste it into the Lab Report file. 15.) In the Lab Report file, document the number of files in each of the categories. Clean: 204 Suspicious: 29
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
17.) Make a screen capture showing the list of suspicious files and paste it into the Lab Report File document. 19.) Repeat steps 14-17 for the files in the Recovered from Unallocated Space category. In the Lab Report file, document the number of files in each of the following categories. o Clean: 94 o Suspicious: 11
Make a screen capture showing the list of suspicious files from the allocated space and paste it into the Lab Report File document. 23.) Make a screen capture showing the timestamp at the bottom of the Common Log and paste it into the Lab Report file. 25.) In the Lab Report file, describe how E3 saved the sorted files. How does this compare with your expectations? Answer: The files were what I expected, and E3 saved all the exported data as MD5 hash files.
Section 2: Applied Learning Part 1: Create a New Case File 6.) Make a screen capture showing the Suspect Drive 02 evidence loaded in E3 and paste it into the Lab Report File document. Part 2: Use the Image Analyzer to Identify Suspicious Files 8.) In the Lab Report file, record the total number of sorted files. Answer: 1,663
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
9.) Make a screen capture showing the expanded list of sorted categories and paste it into the Lab Report file. 11.) In the Lab Report File document, document the number of files in each of the following categories. Clean: 20 Suspicious: 4
13.) Make a screen capture showing the list of Suspicious files and paste it into the Lab Report File document. 18.) In the Lab Report file, describe how E3 saved the sorted files. How does this compare with your expectations? Like last time, nothing unexpected, I just noticed les suspicious files as it went on, otherwise the files were exported as MD5 files.
Section 3: Lab Challenge and Analysis Part 1: Analysis and Discussion 1.) Why is it important to analyze images in a forensic investigation? In the event the images are of a scene from a camera or surveillance, it creates a much broader stroke of what happened. It also allows for a more detailed approach aside from just looking at documents and texts. By analyzing images there may very well be hidden messages inside that give clues or act as evidence. Information that could be innocent or miniscule or hide sinister or suspicious intent. There is also the ability for the images to unlock a pattern. Part 2: Tools and Commands 1.) Use E3, search the sorted files in the evidence drive from Section 1 for any files that include the name foolish . Make a screen capture showing the results.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Part 3: Challenge Exercise 1.) Using any of the Forensic tools available on the vWorkstation desktop, verify the MD5 hash value of the evidence drive used in Section 2.

Related Documents

Lab 9 - Report file.docx
Lab 3 - Report file.docx
Lab 7 - Report file.docx
Lab 6 - Report file.docx
Lab 4 - Report file.docx
Lab 8 - Report file.docx
PSY-205 1-4 Short Paper.docx
Discussion Board #2 VictoriaTapia.docx
lab 9.docx
HEALTH SCIENCE-6895-Report.docx
McKnightAWk9TreatmentPlan.docx
TURKISH-6414-Analysis.docx