Lab 1 - Report file

docx

School

Saint Leo University *

*We aren’t endorsed by this school

Course

452

Subject

Computer Science

Date

Apr 3, 2024

Type

docx

Pages

20

Uploaded by hnmathewson

Report
Lab 1: Applying the Daubert Standard to Forensic Evidence Hannah Mathewson  Computer Forensics COM-452-OL01 Professor James Jones January 21, 2024
Section 1 PART 1 10.
PART 2 20. Dc1
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
21. Dc2 23. Desktop folder
30. INFO2.csv file 30. Badnotes.csv file
30. Badnotes2.csv file 30. Dc1.csv file
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
30. Dc2.csv file
PART 3 13. -MD5 field for the INFO2 file in Encase Imager 14. In the Lab report file, describe how the hash value produced by the Encase Imager for the INFO2 file compares to the value produced by FTK Imager. Answer: The hash value for the file name INFO2 is similar in both applications, indicating that the file has not been compromised or altered in any way. 16. MD5 field for badnotes1.txt in Encase Imager
16a. In the Lab Report file, describe how the value produced by Encase Imager for badnotes1.txt compares to the value produced by FTK Imager. Answer: The hash value in both programs are identical for this file name Badnotes1.txt as well, this means the same thing that the file itself has not been compromised or altered in any shape or form
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
16. MD5 field for badnotes2.txt in Encase Imager 16b. In the Lab Report file, describe how the value produced by Encase Imager for badnotes2.txt compares to the value produced by FTK Imager Answer: The hash value for this file name Badnotes1.txt is the same in both applications, showing that the file has not been modified or altered in any way.
PART 4 7. MD5 field for the INFO2 file in E3 8. In the Lab Report file, describe how the hash value produced by E3 for the INFO2 file compares to the value produced by FTK Imager. Answer: The hash value for the file name INFO2 is similar in both applications, indicating that the file has not been corrupted or altered in any way. So far, they've all had the same value, which would encourage them to check out properly.
9. MD5 field for the Dc1 file in E3 9a. In the Lab Report file, describe how the hash value produce by E3 for the dc1.txt compares to the value produced by FTK Imager. Answer: This text file's hash value is the same, so it checks out. It means it hasn't been altered.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
9.) MD5 field for the Dc2 file in E3 9b.) In the Lab Report file, describe how the hash value produce by E3 for the dc2.txt compares to the value produced by FTK Imager Answer: Nothing has changed in terms of the hash value.
Section 2 PART 1 5. Completed Chain of Custody
PART 2 5. Outlook.eml contents of the email 15. Hash value of the original Outlook file
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
17. Hash value of the original Outlook2file
PART 3 13. MD5 field for OutlookEML in Encase Imager 14. In the Lab Report file, describe how the hash value produced by Encase Image compares to the values produced by FTK Imager for the two Outlook files. Answer: The two files are identical and match in this case
PART 4 7. Outlook.eml MD5 value produced by E3 8. In the Lab Report file, describe how the hash value produced by E3 compares to the values produced by FTK Imager for the two Outlook files and the value produced by Encase Imager. Answer: It checks out in a similar situation. There was no change.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Section 3 PART 1 1. Explain in your own words why it is important to vet digital forensic evidence with multiple tools. Search the internet for two other forensic tools that will allow you to vet digital evidence in the same manner. Answer: By using multiple tools, you’re able to compare and contrast the results and to further confirm the evidence. If you’re able to replicate the same results in multiple tools the evidence is concrete. Nuix is an application that works similar to FTK in that it provides “fast, accurate answers for investigation, cybersecurity incident response, insider threats, litigation, regulation, privacy, risk management, and other essential challenges” GRR – Google Rapid Response is an open-source tool for live forensics and incident response. It allows for ‘remote analysis permitting investigators to collect data about running systems on a network, anywhere from one system to thousands.” PART 2 1. Use the internet to find the command that will verify the SH1 and the MD5 hash of the evidence_drive.e01.E01 Answer: To verify using the command prompt: certutil -hashfile <file and extentsion> md5/shacd
2. Showing the hash values screen capture PART 3 1. Use any of the three forensic programs used in this lab (FTK Imager, Encase, or P2 Commander) to identify the following image in the D drive. In the Lab Report file, identify the path for the image. Answer: The path is D:\Users\Sam\Pictures

Related Documents

Lab 4.5.docx
Activity 4.docx
Activity 3 - Installing Software from Source Code-1 (1).docx
Assignment#9.pdf
Case Study_ Hepatic Lipidosis- Jade Jelinek.docx
CST8018_PostLab Quiz 3- Pg1.png
homework7.docx
CST8018_PostLab Quiz 7 - Pg3.png
hwk2.py
Subnetting Class C using Anding-2.docx
Module 8 & 9-Assignment Packet.docx
17.2.7 Lab - Reading Server Logs.docx
Recommended textbooks for you
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
Microsoft Windows 10 Comprehensive 2019
Computer Science
ISBN:9780357392607
Author:FREUND
Publisher:Cengage
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
New Perspectives on HTML5, CSS3, and JavaScript
Computer Science
ISBN:9781305503922
Author:Patrick M. Carey
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Microsoft Visual C#
Computer Science
ISBN:9781337102100
Author:Joyce, Farrell.
Publisher:Cengage Learning,
Text book image
Microsoft Windows 10 Comprehensive 2019
Computer Science
ISBN:9780357392607
Author:FREUND
Publisher:Cengage
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
COMPREHENSIVE MICROSOFT OFFICE 365 EXCE
Computer Science
ISBN:9780357392676
Author:FREUND, Steven
Publisher:CENGAGE L
Text book image
New Perspectives on HTML5, CSS3, and JavaScript
Computer Science
ISBN:9781305503922
Author:Patrick M. Carey
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS