Homework and Assignment Help

Lab-Imaging-CST 640

Lab-Imaging-CST 640

Lab-Imaging-Lab 5 Worksheet Digital Forensics Technology and Practices

Table of Content

Introduction. 2

Screenshot 1 – Yourname-OS as the Volume Label for the C: Drive. 3

Screenshot 2 – Volume Label of Yourfirstname-NTFS for the H: Drive. 4

Screenshot 3 – Volume Label of Yourfirstname-FAT32 for the I: Drive. 5

Screenshot 4 – Evidence Item Information for the NTFS Drive. 6

Screenshot 5 – MD5 and SHA1 hashes of your NTFS Image. 7

Screenshot 6 – Evidence Item Information for the FAT32 Drive. 8

Screenshot 7 – MD5 and SHA1 hashes of your FAT32 Image. 9

Screenshot 8 – Evidence Item Information for Autospy. 10

Screenshot 9– Master File Table, or $MFT within the NTFS Image in Autopsy. 11

Screenshot 10– Yourname Volume Label within the FAT32 Image in Autopsy. 12

Conclusion. 13

APA References. 14

Introduction-Lab-Imaging

Students: In the box below, please explain the purpose of Imaging and explain how it is relevant to Digital Forensics Technology and Practices.

Screenshot 1 – Yourname-OS as the Volume Label for the C: Drive

  1. Take a screenshot of yourname-OS as the DRIVE LABEL for C:. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of the Your Name-OS as the Drive Label for the C: Drive.

Screenshot2 – Volume Label of Yourfirstname-NTFS for the H: Drive

  1. Take a screenshot of yourname-NTFSas the DRIVE LABEL for H:. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of the Your Name-NTFS as the Drive Label for the H: Drive.

Screenshot 3 –Volume Label of Yourfirstname-FAT32 for the I: Drive

  1. Take a screenshot of yourname-FAT32as the DRIVE LABEL for I:. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of the Your Name-FAT32 as the Drive Label for the H: Drive

Screenshot 4 – Evidence Item Information for the NTFS Drive.

  1. Take a screenshot of Your First Name and Your Last Name as the Examiner along with the other items you are required to fill out for the Evidence Items. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit

Take a screenshot of Your First Name and Your Last Name as the Examiner

Screenshot 5 – MD5 and SHA1 hashes of your NTFS Image

  1. Provide the MD5 and SHA1 hashes of your NTFS file. Paste two screenshots, side by side.
    • The MD5 and SHA1 hash of your Image file from the FTK Drive/Image Verify Results Screen
    • The MD5 and SHA1 hash of your Image file from hashtab

Label your screenshot. It is mathematically possible that you and another student could have the same MD5 hash for your Disk. But the chance of that is 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor

Screenshot 6 – Evidence Item Information for the FAT32 Drive.

  1. Take a screenshot of Your First Name and Your Last Name as the Examiner along with the other items you are required to fill out for the Evidence Items. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of Your First Name and Your Last Name as the Examiner

Screenshot 7 – MD5 and SHA1 hashes of your FAT32 Image

  1. Provide the MD5 and SHA1 hashes of your NFAT32 image file. Paste two screenshots, side by side.
    • The MD5 and SHA1 hash of your Image file from the FTK Drive/Image Verify Results Screen
    • The MD5 and SHA1 hash of your Image file from hashtab

Label your screenshot. It is mathematically possible that you and another student could have the same MD5 hash for your Disk. But the chance of that is 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor.

Screenshot 8 – Evidence Item Information for Autopsy

  1. Take a screenshot of Your First Name and Your Last Name as the Examiner along with the other items you are required to fill out for the New Case Information for Autopsy. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of Your First Name and Your Last Name as the Examiner

Screenshot 9– Master File Table, or $MFT within the NTFS Image in Autopsy

  1. Provide a screenshot of theMaster File Table, or $MFT within the NTFS Image in Autopsy.

Take a screenshot of theMaster File Table, or $MFT within the NTFS Image in Autopsy

Screenshot 10– Yourname Volume Labelwithin the FAT32 Image in Autopsy

  1. Provide a screenshot of theYourname Volume Label within the FAT32 Image in Autopsy. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.

Take a screenshot of theYourname Volume Label within the FAT32 Image in Autopsy

Conclusion-Lab-Imaging

Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab.

Hint: Discuss tools and commands used in the lab.

APA References

Students: Please list at least 5 relevant APA References.

Answer Preview-Lab-Imaging-CST 640

Lab-Imaging-CST 640

 

$15.00

Posted

in

by

admin

Tags: