Menu

(Get Answer) – Computer forencies | Computer Science homework help

 

  • Read and follow instructions below.

<Important files and folders to install>

  1. Download image files from
  2. https://www.cfreds.nist.gov/FileCarving/Images/L0_Graphic.dd.bz2
  3. https://www.cfreds.nist.gov/FileCarving/Images/L2_Graphic.dd.bz2
  4. Download and install Autopsy program from https://www.sleuthkit.org/autopsy/ on your computer
  5. Download TRID ( http://mark0.net/download/trid_w32.zip ) to your computer.
  6. You need the TRID package file     http://mark0.net/download/triddefs.zip   together with TRID.
  7. Download the attached file named “unnamed.zip”.
  • Short answers are not acceptable.
  • Screenshots of your findings are must.

<Assignment >

  1. Explain what file signature and file header (refer to https://www.garykessler.net/library/file_sigs.html).
  2.  Explain Data Carving and its techniques.
  3. Import two dd image files extracted from bz2 files to Autopsy and run ‘Ingest Module’ on ‘PhotoRec Carver.’
  4. List all carved files from each dd image file.
  5. Choose a carved file from both dd images that has a same extension and file size. Show the header value indicating file size in Hex.
  6. Do you think that these 2 files are originally same or not? Why?

4.Using TRID, find each extension of all files extracted from ‘unnamed.zip.’

HTML tutorial

Leave a Reply

Your email address will not be published.