This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Graduate Program in Information Science and Telecommunications and Networking School of Information Sciences University of Pittsburgh TEL2821/IS2150: INTRODUCTION TO SECURITY Lab 2: Forensics Version 1.3, Last Edited: Sept. 29, 2008 Group Members: ______________________________________________________ ______________________________________________________ ______________________________________________________ ______________________________________________________ Date of Experiment: ______________________________________________________ Graduate Program in Information Science and Telecommunications and Networking School of Information Sciences University of Pittsburgh Part I: Objective The objective of this laboratory exercise is twofold: 1. Introduce you to some of the tools and techniques used for forensic analysis. 2. Demonstrate some of the mechanisms used by malicious attackers as well as forensic experts to disrupt computer networks and manipulate information access. This lab session will cover data storage and access, bypassing filtered [blocked] ports, reviewing Internet activity, and the use of steganography. Open-source forensic tools will be introduced and demonstrated for each exercise. The lab has been setup for all of the exercises and the required executables are available in the lab machines. Instructions are available throughout the lab handout. Part II: Equipment/Software Most of the tools used for this lab exercise is freely available for non-commercial testing purposes and open-source software, either freeware or shareware. All the executables required for the lab is available in the lab or as temporary download as a zip-compressed file at: http://www.sis.pitt.edu/~lersais/lab2/lab2.zip The zip-compressed file contains three folders: (1) Data, which contains all the original data you need for the lab exercises, (2) Exercises, which contains all of the four exercises in this lab, and, (3) Installers, which contains all the executables you will need for completing the exercises (Please make sure your system has a text editor like Notepad. Also you need to be able to access the command prompt). Note that Exercise 1 has parts that use different executables for hex editor and hash function, and hence, different folders. Also, any data that needs to be manipulated are available within the respective exercise folders. If at any point, you corrupt the working data, or you need to re-do the exercises, you can copy fresh copies of the data files from the Data folder. Windows 2000 Professional PCs are provided for the purposes of the lab. The access accounts and passwords are given on the screen. Some of the exercises use GUI, but some use the command line interface. When the command line is required, a shortcut to the command prompt is given in the exercise folder....
View Full Document
- Spring '09