Applying_the_Daubert_Standard_to_Forensic_Evidence_4e_-_Sam_Martins

pdf

School

Cambrian College *

*We aren’t endorsed by this school

Course

1010

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

9

Uploaded by CountWildcat980

Report
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 Student: Email: Sam Martins martwave@yahoo.com Time on Task: Progress: 49 hours, 0 minutes 100% Report Generated: Saturday, March 30, 2024 at 7:34 PM Section 1: Hands-On Demonstration Part 1: Complete Chain of Custody Procedures 7. Make a screen capture showing the contents of the search warrant in Adobe Reader . Page 1 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 14. Make a screen capture showing the completed Chain of Custody form in Adobe Reader. Part 2: Extract Evidence Files and Create Hash Codes with FTK Imager 34. Make a screen capture showing the contents of the 0002665_hash.csv file . Page 2 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 37. Make a screen capture showing the contents of the RecycleBinEvidence_hash.csv file . 38. Make a screen capture showing the contents of the MyRussianMafiaBuddies_hash.csv file . Page 3 of 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 39. Make a screen capture showing the contents of the Nice guys_hash.csv file . Part 3: Verify Hash Codes with E3 14. Make a screen capture showing the MD5 and SHA1 values for the MyRussianMafiaBuddies.txt file . Page 4 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 16. Make a screen capture showing the MD5 and SHA1 values for the Nice Guys.png file . 17. Describe how the hash values produced by E3 for the incriminating files compare to those produced by FTK. Do they match? The hash values generated by E3 for the implicated files match those produced by FTK for both MyRussianBuddies.txt and Nice Guys.PNG. Page 5 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 Section 2: Applied Learning Part 1: Extract Evidence Files and Create Hash Codes with FTK Imager 5. Make a screen capture showing the contents of the suspicious email file in the Display pane . 16. Make a screen capture showing the two hash values for the suspicious email file . Page 6 of 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 Part 2: Verify Hash Codes with Autopsy 11. Make a screen capture showing the MD5 field in the Result Viewer . 12. Describe how the hash value produced by Autopsy compares to the values produced by FTK Imager for the two .eml files. Autopsy supports a variety of hash algorithms, including MD5, SHA-1, SHA-256, and SHA-512. By default, Autopsy will calculate the SHA-1 hash value for a disk image, but users can change this to another algorithm if desired. FTK Imager also supports multiple hash algorithms, including MD5, SHA-1, SHA-256, and SHA-512. However, FTK Imager uses a slightly different method for calculating hash values. Rather than calculating the hash value directly from the disk image file, FTK Imager creates a "hash database" that contains the hash values of all files on the disk. Part 3: Verify Hash Codes with E3 Page 7 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 7. Make a screen capture showing the MD5 value produced by E3 . 8. Describe how the hash value produced by E3 compares to the values produced by FTK Imager for the two .eml files and the value produced by Autopsy. The hash value produced by E3 surpasses the values generated by FTK Imager for the two .eml files when compared. This difference can be attributed to E3 utilizing the SHA-256 algorithm, whereas Autopsy employs the distinct BLAKE2 algorithm. Page 8 of 9
Applying the Daubert Standard to Forensic Evidence (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 01 Section 3: Challenge and Analysis Part 1: Verify Hash Codes on the Command Line Make a screen capture showing the hash values for the Evidence_drive1.001 file . Part 2: Locate Additional Evidence Define the original file names and file paths for each of the three files. The $I354ELH.xlsc, $IBQEOTL.doc and $IX3177E.pdf files contains the original file name and location of the deleted files, which are now stored as $R354ELH.xlsc, $RBQEOTL.doc, $RX3177E.pdf in the Recycle Bin. Powered by TCPDF (www.tcpdf.org) Page 9 of 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

LSCJ CST 4.docx
Module 3_ Real World Query Process (Graded)_ International Classification of Diseases Coding II with
Core topics.docx
IT 409 Module 3 Activity.docx
Chapter 10 Rise Module.docx
Week 5 Building a Career Portfolio Post # 5.docx
Recognizing_the_Use_of_Steganography_in_Forensic_Evidence_4e_-_Sam_Martins.pdf
HRM 360 Data Analysis Checklist.docx
HRM 360 4-2 HR Inbox.docx
PD202 Unit 7 Resume Revisions.docx
Privacy Officer Case Study.pdf
APPENDIX & TITLE.docx