Assignment3-gettingfamiliarwithOStools

Netlibraryfilesigshtml sans sift toolkitvm

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: e : http://garykessler.net/library/file_sigs.html ● SANS Sift Toolkit/VM: http://computer-forensics.sans.org/community/downloads Sample Evidence : http://goo.gl/yIrOlx File Name : Module3.ecf60d0bb35d6640ff82ce6671729bb4.dd MD5: ecf60d0bb35d6640ff82ce6671729bb4 What to Submit: Answer Questions 1-5 Using TSK/Autopsy: ○ Locate the MS Word Doc: Cash Deposits Second Quarter.doc 1. What time was the Cash Deposits Second Quarter MS Word Doc last accessed? 2. How many deleted files can you recover? Using Bulk_Extractor: 3. What are the email addresses bulk_extractor found? 4. Provide a location\filename for 1 instance of each email address found. Hint: you will need to run fiwalk and/or bulk_extractor/python/identify_filenames.py 5. Explain the difference between TSK and bulk extractor. Give an example on why you would use each. Submit the following File(s) ○ Answers in PDF format ○ Bulk Extractor report.xml file (ONLY) - xml format is OK...
View Full Document

This homework help was uploaded on 03/15/2014 for the course CS 6963 taught by Professor Walterbruehs during the Spring '10 term at NYU Poly.

Ask a homework question - tutors are online