LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

16

Uploaded by joespady4u25

Report
Name: XXXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 8 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Creation of Yourname.TXT file ........................................................................................................... 3 Screenshot 2 – Finding the File Type of the Yourname.TXT file .................................................................................. 4 Screenshot 3 – Finding the File Type of the Yourname file ........................................................................................ 5 Screenshot 4 – Creation of Yourname.exe file ........................................................................................................... 6 Screenshot 5 – Get the Hash of the Yourname.exe File ............................................................................................. 7 Screenshot 6 – Identify the File Type of Yourname.exe ............................................................................................. 8 Screenshot 7 – Getting the strings of the Yourname.exe File ..................................................................................... 9 Screenshot 8 – Creating Yourname.exe Malware ..................................................................................................... 10 Screenshot 9– Finding the File Type of the Yourname file with .Doc Extension ....................................................... 11 Screenshot 10– Use Virustotal to Analyze Yourname file with .Doc Extension ........................................................ 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14 1
Introduction Students: In the box below, please explain the purpose of doing this lab below and explain how it is relevant to Computer Forensics. Introduction In Lab 8, we learned how to use Linux commands to recognize various file types, do file signature analysis, examine files to see whether they are dangerous, and build and examine malicious files. The key to computer forensics is knowing how to analyze data for harmful files and how to make malicious files, especially because malicious files are frequently obfuscated to prevent detection by network administrators or during an inquiry. The several commands used in this lab include the file, sha1sum, and md5sum programs. The lab also demonstrates how to make a malicious executable using meterpreter. In-memory DLL injection stagers are used by the dynamically expandable Metasploit payload known as Meterpreter ("About the Metasploit Meterpreter", n.d.). The cool thing about Meterpreter is that it doesn't generate any new processes because it injects itself into an existing one, which makes it much harder to spot ("About the Metasploit Meterpreter", n.d.). It also doesn't write anything to disk, so it just exists in memory. Investigators will either use static or dynamic analysis when performing computer forensics, and more especially when performing malware analysis. Static malware analysis focuses on technical aspects of malware files, such as file names, hashes, strings, domains, and file header data, without requiring the researcher to execute any code (Baker, 2022). While static analysis is a fantastic place to start, it does not always give a whole picture of the virus. This is especially true if a particular file generates a dynamic string that later downloads a malicious file based on the dynamic string, making the harmful behavior go unnoticed (Baker, 2022). Because of this, performing dynamic or run-time malware analysis is preferable. Dynamic analysis is carried out when investigators run the malware in a confined space to prevent it from affecting other network nodes (Jain, 2018). Typically, employing a sandbox or virtual environment is the ideal approach to carry out this kind of examination. A sandbox environment is a closed-off virtual machine that replicates a physical machine that can be used to run malware and examine the traits and behavior of the malware ("Sandbox", 2020). Investigators will use the process monitor, process 2
explorer, regshot, and Wireshark to watch the malware activity while performing dynamic analysis (Jain, 2018). Since most attacks utilize malware, which frequently gives the attacker access to credentials and vital information to enable lateral movement, malware forensics is crucial in the field of computer forensics (Shakeel, 2019). Adware, spyware, viruses, worms, trojan horses, rootkits, backdoors, keyloggers, and ransomware are among the most prevalent forms of malware (Shakeel, 2019). To eliminate the threat, it is crucial to comprehend the underlying reason. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Creation of Yourname.TXT file 1. Create a file at the terminal that says hello world and send the output of the file to yourname.txt, where yourname is your first name. Take a screenshot of sending hello world to your file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name Text File being Created Image 1: screenshot of my Name Text File being Created. 4
Screenshot 2 – Finding the File Type of the Yourname.TXT file 2. Use the file command in Linux to identify the file type of the yourname.txt file, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the File Command on the Your Name Text File Image 2: screenshot of using the File Command on my name Text File 5
Screenshot 3 – Finding the File Type of the Yourname file (no Extension) 3. Use the file command in Linux to identify the file type of the yourname file, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the File Command on the Your Name Text File Image 3: screenshot of using the File Command on the Your Name Text File 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 4 – Creation of Yourname.exe file 4. Copy nc.exe to yourname.exe, where yourname is your first name. Take a screenshot of listing the files and folders, including yourname.exe. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name. EXE File being Listed Image 4: a screenshot of my name. EXE File being Listed. 7
Screenshot 5 – Get the Hash of the Yourname.exe File 5. Use the md5sum command at the terminal to get the hash of the yourname.exe file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the md5sum command to get the hash of the Yourname. EXE File Image 5: screenshot of using the md5sum command to get the hash my name. EXE File 8
Screenshot 6 – Identify the File Type of Yourname.exe 6. Use the file command at the terminal to identify the file type of the yourname.exe file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the File Command to Identify the Your Name. EXE File Image 6: Identify the File Type of my name.exe 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 7 – Getting the strings of the Yourname.exe File 7. Use the strings command at the terminal to get information about the contents of the yourname.exe file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the Strings Command to get information about the Your Name. EXE File Image 7: screenshot of using the Strings Command to get information about my Name. EXE File 10
Screenshot 8 – Creating Yourname.exe Malware 8. Use the msfvenom command at the terminal to create malware called yourname.exe. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the msfvenom Command to get create the Your Name. EXE File Image 8: screenshot of using the msfvenom Command to get create my Name. EXE File 11
Screenshot 9– Finding the File Type of the Yourname file with .Doc Extension 9. Use the file command in Linux to identify the file type of the yourname file with a .doc extension, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of using the File Command on the Your Name File with the .Doc Extension Image 9: screenshot of using the File Command on my Name File with the .Doc Extension 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 10– Use Virustotal to Analyze Yourname file with .Doc Extension 10. Use the virustotal website to analyze the yourname file with a .doc extension, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the using virustotal on the Your Name File with the .Doc Extension Image 10: screenshot of the using virustotal on my Name File with the .Doc Extension 13
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion In Lab 8, we employ various Linux commands to see files on the Linux machine and to include files. Additionally, we created a malicious file with Meterpreter and examined the malicious file with Virus Total. The first thing that was done was to find the malware by navigating to the Windows Binaries directory. To list the directory's contents, we used the -ls command. After entering that directory, we used the echo command to save a text file containing the phrase "hello world" in the Windows Binaries directory. We were able to determine the kind of file for the just created.txt file using the file command. The ifconfig file was then located using the which command, and we copied it using our name. The newly formed file that was copied from the ifconfig file in the Windows Binaries directory could then be seen. We then used the file command once more to see what kind of file it was, and it was discovered to be an ELF 64-bit LSB pie executable, so we are aware that it is an executable file. Then, we converted the nc.exe file located in the windows-binaries directory into an executable file with our name. The md5sum program was used to compare the files, which showed that each one had the identical md5 hash (as one would expect given that they were copied files). The newly created.exe file allowed us to use the strings command as well. The strings command displays each character in an executable file that can be read by humans. We attempted to extract any IP addresses from the.exe file using the strings command, but none could be found. Next, we used the meterpreter command to build malware, and we used the file command to see what kind of file it was—an executable file. Additionally, we were able to locate the executable file's sha256 hash using the sha256sum tool. Finally, we were able to examine the file in VirusTotal, a fantastic tool for uploading files and figuring out whether such files include harmful code. Malware forensics are essential because they reveal the goals of the malware, the data it seeks, and how it functions in general. It can be quite useful for figuring out how to reduce malware that is added to the network in the 14
15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
APA References About the Metasploit Meterpreter. Offensive-security.com. Retrieved on September 03, 2023, from https://www.offensive-security.com/metasploit-unleashed/about- meterpreter/ Baker, K. (2022). Malware Analysis Explained | Steps & Examples | CrowdStrike. crowdstrike.com. Retrieved on September 03, 2023, from https://www.crowdstrike.com/cybersecurity-101/malware/malware-analysis/ Jain, S. (2018). Malware Basic Dynamic analysis. Medium. Retrieved on September 03, 2023, from https://medium.com/@jain.sm/malware-dynamic-analysis-338efc68a654 Sandbox. Techopedia.com. (2020). Retrieved on September 03, 2023, from https://www.techopedia.com/definition/27681/sandbox-software-testing Shakeel, I. (2019). Computer Forensics: Overview of Malware Forensics [Updated 2019] - Infosec Resources. Infosec Resources. Retrieved on September 03, 2023, from https://resources.infosecinstitute.com/topic/computer-forensics-overview-malware- forensics/ 16

Related Documents

Untitled document.docx
Exercises Chapter 9.docx
Practicing Linux Commands.pdf
LAB11_Digital Forensics Technology and Practices_WORKSHEET1 Kwadwo Antwi.docx
LAB9_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
Problem 11-5.docx
LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB4_Digital Forensics Technology and Practices_WORKSHEET3 Kwadwo Antwi.docx