Analyzing images to identify suspicious or modified files

Assignment Help Computer Network Security
Reference no: EM132998672

Book: System Forensics, Investigation, & Response

Lab 2: Documenting a Workstation Configuration Using Common Forensic Tools
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will perform a forensic analysis of a Windows 2016 machine using three commonly available tools: WinAudit, DevManView, and Frhed. You will review the forensic capabilities of each tool, using the sample files provided, to determine any clandestine threats and vulnerabilities such as viruses and malicious software, if any. You also will recover a file that was altered to hide its native file format. You will document your findings in a forensics report.
Deliverables:
Please complete Sections 1 and 2 of this lab excluding lab quiz

SECTION 1 of this lab has three parts which should be completed in the order specified.
1. In the first part of the lab, you will use WinAudit to explore the configuration of the TargetWindows01.
2. In the second part of the lab, you will use DevManView to identify system devices and configuration.
3. In the third part of this lab, you will use Frhed to perform an analysis of an unknown file type.

SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will use the same tools to explore the vWorkstation, rather than TargetWindows01

Lab 3: Uncovering New Digital Evidence Using Bootable Forensic Utilities
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use a variety of forensic tools that are independent executables that run locally on a workstation or server under investigation. You will explore the features and functions of the following forensic utilities in this lab: Helix, Process Explorer, FavoritesView, IECacheView, IECookiesView, BrowsingHistoryView, and MyLastSearch. You will document specific data from each tool.
Please complete Sections 1 and 2 of this lab excluding lab quiz

SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of the lab, you will use Helix to identify system information and gather details about the images on the machine under investigation.
In the second part of the lab, you will use different Internet Explorer forensic utility tools to get additional data on running processes, favorites, cache, cookies, browsing history, and browser searches.

SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods.

Lab 4: Creating a Forensic System Case File for Analyzing Forensic Evidence
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use E3 to investigate an image of a hard drive to find forensic evidence without impacting the integrity of the data on the image. You will create an electronic case file showing the creation of a case and the addition of the evidence file provided to you, and you will save the case for later review. In this way, you will experience all of the steps necessary for a sound forensic investigation that will preserve Please complete Sections 1 and 2 of this lab (excluding lab quiz

SECTION 1 of this lab has one part. In the first part of the lab, you will explore the E3 tool used within the virtual lab environment.

SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will create a case file for a different drive image.
the source and ensure the evidence is defensible and presentable in a court of law.

Lab 5: Analyzing Images to Identify Suspicious or Modified Files
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use E3's Image Analyzer to automate image analysis to identify suspect files that may be useful in a forensic investigation. You will use E3's sort features to sort the files on the evidence drive into categories for easier analysis. You will document your progress throughout the lab.
Please complete Sections 1 and 2 of this lab (excluding lab quiz)

SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of the lab, you will start a new case file in E3.
In the second part of the lab, you will use E3's Image Analyzer to sort and analyze the images contained within an evidence drive under investigation.

SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will sort and review evidence from a different drive image.

Attachment:- Forensics labs 2-5.rar

Reference no: EM132998672

Questions Cloud

How much additional credit can the company avail : If a company's Current Assets figure is $12,000 and Current Liabilities are $4,000, how much additional credit can the company avail
Purpose of purchasing a factory : Ace Publishing Ltd needs to borrow money for the purpose of purchasing a factory to expand its business.
Automating e-mail evidence discovery : Automating E-mail Evidence Discovery - Identifying and Documenting Evidence from a Forensic Investigation
What the alton company indirect product costs totaled : During the current month, the company incurred the following product costs: Raw materials $85,000; What the Alton Company's indirect product costs totaled
Analyzing images to identify suspicious or modified files : Analyzing Images to Identify Suspicious or Modified Files - Image Analyzer to sort and analyze the images contained within an evidence drive under investigation
What is the implied value of an ordinary share : Using CAPM, calculate the expected rate of return of Blackmores Ltd AND What is the implied value of an ordinary share of Blackmore Ltd. today?
What is wang net income using accrual accounting : Wang Company had the following transactions during 2016: Sales of $10,800 on an account; What is Wang net income using accrual accounting
What is the conversion price : You purchase 100 shares of Musa Masak Berhad convertible preferred stock on 1st July 2021. According to the registration statement, each share of preferred stoc
Creating a Forensic System Case File for Analyzing Forensic : Creating a Forensic System Case File for Analyzing Forensic Evidence - Extract steganographic sequestered data from identified image files while conserving

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd