LAB4_Digital Forensics Technology and Practices_WORKSHEET3 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

16

Uploaded by joespady4u25

Report
Name: XXXXX Semester: Summer Year: 2023 Section Number:7621 Lab 4 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Yourname Displayed as the Hostname .............................................................................................. 3 Screenshot 2 – Yourname file hashed with Sigcheck ................................................................................................. 4 Screenshot 3 –Yourname file hashed with HashTab .................................................................................................. 5 Screenshot 4 – Yourname file hashed with HashCalc ................................................................................................. 6 Screenshot 5 – MD5 of Yourname File in /usr/share/windows-binaries .................................................................... 7 Screenshot 6– SHA1 hash of Yourname File in /usr/share/windows-binaries ............................................................ 8 Screenshot 7– SHA256 hash of Yourname File in /usr/share/windows-binaries ........................................................ 9 Screenshot 8– SHA384 hash of Yourname File in /usr/share/windows-binaries ...................................................... 10 Screenshot 9– SHA512 hash of Yourname File in /usr/share/windows-binaries ...................................................... 11 Screenshot 10 – Virustotal Statistics ........................................................................................................................ 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14 1
Introduction Students: In the box below, please explain the purpose of Hashing and explain how it is relevant to Digital Forensics Technology and Practices. Introduction It is crucial that the actual password is not saved when passwords are kept on a computer because if an attacker were to obtain access, there would be a larger danger of the password's security being compromised. This is where hashing comes into play. According to Heath (2020), hashing passwords makes them impossible for humans to decipher. However, hashing is not limited to passwords; users may also hash files and photos. You should avoid storing passwords in plaintext and instead use hashing to verify files in addition to validating the authenticity and integrity of data (Constantin, 2021). Hashing has the advantage of not being seen as encryption. To restore a file to its original state after encryption, a secret key must be created (Constantin, 2021). Hashing, on the other hand, cannot ever be changed back to its original state since it is irreversible. Instead, in the absence of a password, the input hash is compared to the stored hash, and if they match, the user can access the system. Secure Hash Algorithm (SHA)-1, SHA-2, SHA-3, MD2, MD4, and MD5 are only a few examples of the numerous cryptographic hashing algorithms that exist (Zola, 2021). Hashing plays a significant part in digital forensics. Digital forensic investigators almost always use hashing techniques to produce general hash values for all the files they used throughout an examination (Sethi, 2020). To prevent data from being changed during the investigation, especially given the employment of several instruments, they produce hash values for all original files. It might be assumed that the material has been manipulated and the evidence dismissed if the hash values don't match the original hash values. In Lab 4, several tools and commands will be used to identify a file's hash. Windows offers a command-line program called sigcheck that shows file metadata, including different hashes (Debp, 2022). Additionally, Windows will employ the HashCalc tool, which lets you compute hashes using a variety of techniques for a file and compare the results to the original file in VirusTotal. To discover a file's hash value 2
on a Linux computer, you can execute several hashing algorithm commands on that file. This lab is an excellent method to show how crucial it is to employ hashing in digital forensics. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Yourname Displayed as the Hostname 1. When you look at the hostname of the computer, the computer name should be Your First Name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name as the Computer Name as the Hostname Image 1: my name as the Computer Name as the Hostname 4
Screenshot 2 – Yourname file hashed with Sigcheck 2. Take a screenshot of the hostname.txt file hashed with sigcheck. The use of anyone else’s name may result in an academic integrity review by your professor. Also, it is mathematically possible that you and another student could have the same MD5 hash for your hostname text file. Please label your screenshot to receive full credit. Take a screenshot of the yourname.txt file hashed with sigcheck Image 2: My name. .txt file hashed with sigcheck 5
Screenshot 3 –Yourname file hashed with HashTab 3. Take a screenshot of the yourname.txt file hashed with Hashtab. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the yourname.txt file hashed with Hashtab Image 3 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 4 – Yourname file hashed with HashCalc 4. Take a screenshot of the yourname.txt file hashed with hashcalc. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the yourname.txt file hashed with Hashcalc Image 4 7
Screenshot 5 – MD5 of Yourname File in /usr/share/windows-binaries 5. The file in /usr/share/windows-binaries should have first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the MD5 Hash of the Yourname File in /usr/share/windows-binaries Image 5 8
Screenshot 6– SHA1 hash of Yourname File in /usr/share/windows-binaries 6. Provide the SHA1 hash of the yourname file in /usr/share/windows-binaries directory. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the SHA1 hash of the Yourname File in /usr/share/windows-binaries Image 6 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 7– SHA256 hash of Yourname File in /usr/share/windows-binaries 7. Provide the SHA256 hash of the yourname file in /usr/share/windows-binaries directory. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the SHA256 hash of the Yourname File in /usr/share/windows- binaries. Image 7 10
Screenshot 8– SHA384 hash of Yourname File in /usr/share/windows-binaries 8. Provide the SHA384 hash of the yourname file in /usr/share/windows-binaries directory. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the SHA384 hash of the Yourname File in /usr/share/windows- Image 8 11
Screenshot 9– SHA512 hash of Yourname File in /usr/share/windows-binaries 9. Provide the SHA512 hash of the yourname file in /usr/share/windows-binaries directory. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the SHA512 hash of the Yourname File in /usr/share/windows- binaries Image 9 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 10 – Virustotal Statistics 10. Provide the virustotal statistics. Timestamps from a previous semester or a different name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of your Virustotal screenshot with the timestamp from this semester. 13
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion The goal of Lab 4 was to learn the ideas and their significance to the field of computer forensics while gaining practical experience using hashing tools. Without hashing, it would be difficult for forensic investigators to verify the accuracy of the files they inspected or acquired throughout their incident reaction and analysis. It's crucial to make sure that evidence won't be rejected because the original evidence was tampered with, either manually or with the use of forensic equipment or methods. On the Windows computer, I used the hostname and type commands to rename a text file during lab 4. After accomplishing that, I was able to utilize the sigcheck command line program to retrieve hashes for the.txt file, including MD5, SHA1, PESHA1, PE256, and SHA256. I was then able to compare the file's hashes to find out that, even though the file's name had changed, the underlying hash values had not. I then locate the table in Windows File Explorer and look at the hash values in the file properties-hash tab. Finally, I was able to compute several hashes for the.txt file using the HashCalc tool and compare them to the hash values from the other tools utilized. Hash Calc is interesting because it employs the 13 most popular checksum and hash algorithms and can be used to produce hashes for any file (HashCalc 2.02, n.d.). After doing that, I opened my Linux computer to check the hash values. I changed a windows-binary exe to my name using the command line copy command (cp). After that, I compared the copied file to several hash values, including MD5, SHA1, SHA256, SHA384, and SHA512. The hashes from the has values returned from the command line matched when I submitted the executable file to VirusTotal. Obtaining hash values from original files can guarantee that any evidence is reliable, which may be highly helpful for forensic investigations. 14
APA References Students: Please list at least 5 relevant APA References. 15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Constantin, L. (2021). What is hashing: How this cryptographic process protects passwords. CSO Online. Retrieved August 8, 2023 from https://www.csoonline.com/article/3602698/hashing- explainedwhyitsyourbestbettoprotectstoredpasswords.html#:~:text=Hashing%20is%20a %20cryptographic%20process,and%20other%20types%20of%20data . Depb, J. (2022). SigCheck Command: Display the File Version Number. Windows Commands- SS64Commands. Retrieved August 8, 2023, from https://windowscmd.com/sigcheck-command/ HashCalc 2.02. Filefacts.com. Retrieved August 8, 2023, from http://www.filefacts.com/hashcalc-info Heath, H. (2020). What are the advantages of hashing password? – Rampfesthudson.com.Rampfesthudson.com. Retrieved August 8, 2023, from https://www.rampfesthudson.com/what-arethe-advantages-of-hashing-password/ Zola, A. (2021). What is hashing and how does it work? SearchDataManagement. Retrieved August 8, 2023 from https://www.techtarget.com/searchdatamanagement/definition/hashing 16

Related Documents

LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
Problem 11-5.docx
LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB3_Digital Forensics Technology and Practices_WORKSHEET2.docx
Lab 8 Snort_Student22-1.docx
Case 4A S4H GBI Production-Group 4.docx
2-1 Discussion Use Case Diagram.docx
Remediation template for Fundamentals Practice A & B (1).docx
microsoft.pass4sure.ms-101.vce.download.2023-nov-26.by.edward.269q.vce.pdf