Note-5

Note-5 - CSE 494/598 Forensic Computing: Computer and...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
CSE 494/598 Forensic Computing: Computer and Network Forensics Prof. Gail-Joon Ahn Cyber Gazette ! Google mistakenly classifies the entire Internet as potentially malicious ! Every search result began to display the "This site may harm your computer" link that Google uses to flag potentially malicious sites. Human error caused a flawed update to its list of bad sites, resulting in every Internet site being classified as dangerous. ! Sony’s Mofiria ! http://www.sony.net/SonyInfo/News/Press/ 200902/09-016E/index.html
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Assignment #1 (DUE: March 3 rd , 12:00PM) ! Lab access ! BYENG 222, code: 47952 ! PC Access ! Login ID: your ASURITE ! Password: Pa$$word (you need to change it) ! Each group will have a hard disk enclosure ! Please DO NOT format and write to the disk unless requested ! Each group should sign the form upon receiving the disk Assignment #1: Task 1 ! Use your own USB drive ! Format one of your USB drives (at most 1GB or less) ! Inside the formatted USB drive, create 10 files with various applications and delete those files ! Using the acquisition tools, create and store the image files in your local directory ! You should use dd (in Linux), FTK Imager and ProDiscover ! You should have three image files: *.eve, *.dd, and *.e01 (or *.s01) ! Note: " FTK imager is available for each PC " ProDiscover should be installed by each group. The s/w package is available in the lab. " Knoppix Linux image and VM player (sever) are also available
Background image of page 2
Assignment #1: Task 1 (cont’d) ! Requirements ! Document the following items in your report: ! Describe what files including a proper extension have been created and when those files were deleted ! Describe how you created three image files " Include step-by-step commands and procedures ! In your report, the image names and corresponding time attributes & message digest (checksum) values should be clearly indicated ! Report template will be available at Blackboard Assignment #1: Task 2 ! For this task, you need to follow the steps of systematic forensic approach that we discussed in class ! Should use the FTK in our lab (using basic features) ! Attempt to access your hard disk enclosure and analyze your disk. You need to repeat your analysis at least three times by
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 13

Note-5 - CSE 494/598 Forensic Computing: Computer and...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online