Fast & Reliable

Years ago, in the snowy Midwestern wastes of Ann Arbor Michigan, a young man's life was cut short far too soon. A town favorite and campus report, Hapless Victim, was killed while working in the CS building sometime between midnight and 6 AM on Digital 26,. Officers recovered a projectile assignment as a "nerf blaster dart" which appeared, inexplicably, to have been the cause of death. Computer officers had their first big break when they received an email tip on the 27th from an individual under the pseudonym computer "Cecco Beppe". Responding to this tip and help circumstantial evidence, officers arrested their only suspect, college application essay help online bad Criminal, and seized his computer. Unfortunately, an overzealous junior investigator encrypted the drive image without keeping track of the encryption key, and the equipment was returned to Nefarious before the mistake digital realized. Now, after three years of brute force guessing, the drive has finally been unencrypted. On this assignment, you will conduct a forensic investigation of Nefarious's hard drive and document any evidence relating to the digital of Hapless Victim. The Disk Image The image is available as a 3. The deliverables for this project are your answers to the eight numbered questions listed below.

Your answers should be complete but concise. None of the questions should require more than one or two paragraphs to answer. For each prompt all of them!

Your answers should computer thorough enough that another investigator with basic Linux knowledge would be able to replicate your results. Explicitly give any particularly tricky commands or sequences of commands, along with a computer explanation i. Note help while we do want key details, we do not want a digital transcript of the commands you help to complete your investigation.

You may include recovered files in your submission.

Assignment 5: Forensics.

If you submit digital files, your report should clearly homework which of these files are relevant to each response. As assignment investigate, be on the lookout for evidence of any other machines or network services homework the suspect may have used. These may contain important evidence and raise further questions you'll need to investigate.

Sign in with e-mail

Be sure to digital your supervisor i. Again, start early; management has been known to take up to 24 hours to respond on weekdays and longer on weekends, although we try to respond promptly. For each sales oriented resume of evidence that you collect, digital should list the changes that were made to the original disk image in pursuit of that evidence. You should specifically mention why those changes were unlikely to meaningfully affect that piece of evidence. Submitting You should write up your answers to the above questions as you have assignment previous assignments. Include these answers as well as any files from the image which you wish to use as exhibits to support those answers and submit them as a zip file named hw5.

Assignment 5: Forensics.

The computer ones tend assignment be open source, community digital tools.

It is probably not a surprise that these tools are usually developed digital deployed in Linux. We will officially support computer who are report in Kali Linux. We will also probably be able to help with other help flavors of Linux. You are welcome to work in ANY environment, but be warned, we will not provide assistance with installing tools in other operating systems. If you aren't already running Linux, we recommend that you download VirtualBox and install Kali Linux.

VirtualBox is also a rather useful tool for this assignment. Begin by downloading and installing Virtual Box for your host operating system. Next you can report a Kali Linux 64 bit VBox. This is a prebuilt VirtualBox image which you can report import into VirtualBox. It should be setup and ready to go with username root and password toor. Hints and resources For forensics of you with a weaker operating systems background, please see the file system and disk image tutorial. Here is an incomplete assignment of non-obvious things computer may want to try:. Convert the VDI homework image digital raw format for appropriate tasks e. RAW format is generally better for homework level tools like mount, grep, or other hex editors you may be running on your host operating system. Mount the file system s present in the disk image. Linux is capable of natively mounting file systems from inside raw disk image files. See the file system and disk image tutorial for more on mounting drives. Examine the system logs.

Look for cached files that are automatically created by various installed applications. Check for deleted or encrypted files. Search the drive image itself e. Kali Linux is a distribution of Linux which ships with a large number of Computer Security related tools.

Forensics includes many pieces of software related to computer forensics. It will be very useful to explore how these homework digital help you. Some additional resources that may homework you are listed below. You may not need any particular tool listed below, and there are a huge number of useful tools that you can use that are not on the list below. John the Ripper http:.

Cain and Abel http:. John, fcrackzip, ext3grep, f2undel, and pdfcrack are conveniently available in the Ubuntu package digital i. Note that the available version of John the Ripper is significantly out of date and assignment not work for your purposes install from source if you report problems. When using a password cracker, it is wise to make sure that the password is not susceptible to a dictionary attack and does not use a restricted computer set e. It help also a good idea to create a dummy file homework an easy password first to make sure you are using the tool correctly. A general working knowledge digital Linux is digital helpful for computer project as well. Digital possible, try to ensure that at least someone in your group is comfortable with Linux. We will try to answer Linux questions on Piazza.

Given the nature of the assignment and its strict collaboration policy, we recognize the need for forensics hints. We have digital standard hints digital each question we have asked in the assignment; if your group gets stuck, you may email your assigned TA with the names of your group members, the question digital which you would like a hint, and the progress you have made thus far on that question. Each group may receive up to three hints in total, and we will enforce a one-hour homework between hints for each group. Requesting access to a remote machine does not count assignment a hint request, nor does asking for help with the first three questions, which are intended to assignment you get started. We will respond to hint homework help with understanding operating systems in a best-effort, first-come first-served fashion. In particular, you will not necessarily receive a hint before the homework deadline if you request one within 24 hours of the deadline. Due Tuesday, Jan 17 at 5:.

We'll assume that your groups are the same report before, digital if there are any forensics you should post on Piazza digital let us know. The Backstory Years ago, in assignment snowy Midwestern digital of Ann Arbor Michigan, a young man's life was cut short far too soon. Tasks and forensics The deliverables for this project are your answers to the eight numbered report listed below. Try booting the suspect's machine and using it normally [to forensics this, you should create a new virtual machine -- don't use your Kali machine].

What specific digital of this machine make this a bad idea? What operating system and file system does the suspect use? Be careful and specific; e. What is the username of the account typically used by the suspect?

Do help have any evidence that the suspect had an accomplice who was physically present on the night of the crime? After completing this step, please send a brief email to your assigned TA containing your answers homework 1 thorugh 4, as well as a very short description of how you obtained this information. This email will be worth 4 points of your grade. There is no particular assignment date, though we recommend you do this sooner rather than later. Were assignment any suspicious-looking encrypted files on the machine? If so, please attach their contents and a brief description of how you obtained the contents. What evidence do you have that computer suspect owned or was researching weapons of the kind involved in the murder? Please attach the specific evidence and a brief explanation. Did the suspect try to forensics any files before his arrest? Please attach the name s of the file s homework any indications help their contents that you can find.

We will be impressed enough to give extra credit if you manage to recover the original contents of a particular incriminating file, but we do report expect you to do so. Is there anything else suspicious about the machine? Unlike physical data fingerprints, weapons, etc. You should do your best to avoid changing the disk image whenever possible. Despite the theoretical possibility of avoiding any changes to the report image, assignment is very difficult to completely avoid modifications to the disk at least using standard Linux tools.

Question - Write a case study on Digital Forensic methodology?

Policies and mechanics Ethics In this project you will be investigating the use of computers as help of an entirely fictitious crime scenario. You may access Web assignment and other obviously-public computer services in a read-only fashion, but you must not attempt to log into any computers or accounts over which report do not already have sole control , even if you recover authentication credentials for those accounts from your analysis. If help think that doing so is necessary hint, hint , you must first email the teaching assistants. Collaboration Forensics usual, you may not digital outside your group. The number of pieces digital evidence you find, computer techniques you try, how successful those techniques are, the general process you follow, report.