Note-12

Note-12 - CSE 494/598 Forensic Computing: Computer and...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CSE 494/598 Forensic Computing: Computer and Network Forensics Prof. Gail-Joon Ahn Cyber Gazette ! Cyber Robots (Cybots) patrol government networks ! CNET News ! From Darin Tupper ! CODEGATE 2009 ! Hacking Protection Contest IMPORTANT DATES ! Exam #1: Feb 19, 2009 ! Assignment #1: Mar 3, 2009 ! Spring Break: Mar 10 & 12, 2009 ! Exam #2: Mar 31, 2009 ! Class Project Due: Apr 23, 2009 ! Paper Report Due: Apr 28, 2009 ! Class Presentation: Apr 28 & 30, 2009 May 5, 2009 ! Exam #3 (Final): May 7, 2009 (12:10PM – 2:00PM) 3 Paper Presentation ! April 28 th ! Group : Ho An and FengzeXie ! Group : Terrance Cuny and FarooqKhera ! April 30th ! Group : Fei Hong and SanketSheth ! Group : PradeepSekar and Deepak Barge ! May 5th ! Group IMPORTANT DATES ! Exam #1: Feb 19, 2009 ! Assignment #1: Mar 3, 2009 ! Spring Break: Mar 10 & 12, 2009 ! Exam #2: Mar 31, 2009 ! Class Project Due: Apr 23, 2009 ! Paper Report Due: Apr 28, 2009 ! Class Presentation: Apr 28 & 30, 2009 May 5, 2009 ! Exam #3 (Final): May 7, 2009 (12:10PM – 2:00PM) 3 Paper Presentation ! April 28 th ! Group : Ho An and FengzeXie ! Group : Terrance Cuny and FarooqKhera ! April 30th ! Group : Fei Hong and SanketSheth ! Group : PradeepSekar and Deepak Barge ! May 5th ! Group : Joseph Schneider and Darin Tupper Papers and Project/Assignment #2 ! Will be posted by tomorrow morning (March 6) ! Total 5 papers ! Each paper will be assigned to four groups including the group who would present the paper ! Project/Assignment #2 will be discussed on Tuesday, March 17 ! Guest lecture (Mr. Scott Banks, March 26) 6 Outline ! File Forensics ! Storage Media Analysis ! Volume Analysis ! File System Analysis ! Heuristic and Systematic ! Microsoft File Structures " FAT and NTFS File System Analysis: File Allocation Table F1 F2 F3 File.txt Cluster 34 Cluster 35 Clusters FAT Structure 35 36 EOF Reserved area FAT area Data area Physical Layout of a FAT file system 33 34 35 36 37 F1 F2 F3 34 35 36 37 File System Analysis: FAT Structure ! Need to discover the allocation status of a cluster and find the next allocated cluster in a file or directory 0000288: 4900 0000 4a00 0000 4c00 0000 0000 0000 0000304: 4d00 0000 ffffff 0 f 4f00 0000 ffffff 0 f 0000320: 5100 0000 5200 0000 ffffff 0 fffffff 0 f 0000336: ffffff 0 f 0000 0000 0000 0000 0000 0000 0000352: 0000 0000 0000 0000 0000 0000 0000 0000 FAT Offset 16 bytes of the data in hexadecimal Examining FAT 32 structure of a sample image--first sector following the reserved area: File System Analysis:...
View Full Document

This note was uploaded on 08/30/2009 for the course CSE 494 taught by Professor Rao during the Spring '08 term at ASU.

Page1 / 16

Note-12 - CSE 494/598 Forensic Computing: Computer and...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online