This preview shows page 1. Sign up to view the full content.
Unformatted text preview: e : http://garykessler.net/library/file_sigs.html ● SANS Sift Toolkit/VM: http://computer-forensics.sans.org/community/downloads Sample Evidence : http://goo.gl/yIrOlx
File Name : Module3.ecf60d0bb35d6640ff82ce6671729bb4.dd
MD5: ecf60d0bb35d6640ff82ce6671729bb4 What to Submit:
Answer Questions 1-5
○ Locate the MS Word Doc: Cash Deposits Second Quarter.doc
1. What time was the Cash Deposits Second Quarter MS Word Doc last accessed? 2. How many deleted files can you recover? Using Bulk_Extractor:
3. What are the email addresses bulk_extractor found? 4. Provide a location\filename for 1 instance of each email address found. Hint: you will need to run fiwalk and/or bulk_extractor/python/identify_filenames.py
5. Explain the difference between TSK and bulk extractor. Give an example on why you would use each. Submit the following File(s)
○ Answers in PDF format ○ Bulk Extractor report.xml file (ONLY) - xml format is OK...
View Full Document
This homework help was uploaded on 03/15/2014 for the course CS 6963 taught by Professor Walterbruehs during the Spring '10 term at NYU Poly.
- Spring '10