Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

CS470 Computer Security Lab Project: Forensic Evidence Analysis - Prof. Guillermo A. Franc, Study Guides, Projects, Research of Computer Science

Jacksonville State University (JSU)Computer Science
Prof. Guillermo A. Francia

In this cs470 computer security lab project, students are required to perform digital forensic analysis on a seized floppy disk. The tasks include creating an image of the disk, calculating its md5 signature, recovering files, breaking encryptions, performing steganalysis, and analyzing images. The project aims to familiarize students with digital forensic analysis techniques and tools.

Typology: Study Guides, Projects, Research

2009/2010

Uploaded on 02/25/2010

koofers-user-8rv
koofers-user-8rv 🇺🇸

10 documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS470
Computer Security
Laboratory Project
Forensic Evidence Analysis
Due Date:
The objective of this project is to familiarize you with basic digital forensic analysis. Your
forensic investigation skills will be tested specifically on the following areas: evidence
preservation and retrieval, data encryption/decryption, steganographic analysis, file sector
analysis and retrieval, and file type recognition.
Here is the scenario. Central Terrorism Unit (CTU) agents of the Department of Highest Security
(DHS) raided a suspected terrorist hideout and captured a single piece of digital evidence: a
floppy disk. Upon examination, the CTU IT personnel found that the floppy disk is almost
empty. Jack Bummer, the current CTU head, had a very strong intuition that there was something
in that disk. After hearing so many good things about the Computer Security and Forensic course
at JSU, he decided to hand over the evidence to your CS470 course instructor and requested an
immediate forensic analysis. Due to the fact that the CTU informer has indicated that some dirty
bombs may have been planted around the country, this stage of the investigation is very critical
and time is paramount. Thus, Jack Bummer and your instructor have agreed to give you at most a
week to complete the analysis and submit a final written and oral report.
You need to accomplish each of the following tasks and briefly answer the question that is
related to the task. You also need to document the command(s) that you used to accomplish each
task.
1) Task: Create an image of the evidence floppy disk. Calculate its MD5 signature and save
the signature in a text file. What is the importance of this step of the investigation?
2) Task: Gather all string information that you can find in the image. Why does the floppy
disk appear to be almost empty? What files did you recover from the disk? How did you
recover them?
3) Task: Break the encryption on one of the files that you managed to recover. What
encryption technique was used? How did you break it? What password did you manage
to reveal?
4) Task: Perform a steganalysis of the images. Do a research on steganalysis and write a
concise report on that process. How and what made you infer which image is hiding some
information? How did you extract the data? What information did the data reveal?
5) Task: Analyze the images. What information about the impending attack do they reveal?
pf2

Partial preview of the text

Download CS470 Computer Security Lab Project: Forensic Evidence Analysis - Prof. Guillermo A. Franc and more Study Guides, Projects, Research Computer Science in PDF only on Docsity!

CS

Computer Security

Laboratory Project

Forensic Evidence Analysis

Due Date:

The objective of this project is to familiarize you with basic digital forensic analysis. Your forensic investigation skills will be tested specifically on the following areas: evidence preservation and retrieval, data encryption/decryption, steganographic analysis, file sector analysis and retrieval, and file type recognition.

Here is the scenario. Central Terrorism Unit (CTU) agents of the Department of Highest Security (DHS) raided a suspected terrorist hideout and captured a single piece of digital evidence: a floppy disk. Upon examination, the CTU IT personnel found that the floppy disk is almost empty. Jack Bummer, the current CTU head, had a very strong intuition that there was something in that disk. After hearing so many good things about the Computer Security and Forensic course at JSU, he decided to hand over the evidence to your CS470 course instructor and requested an immediate forensic analysis. Due to the fact that the CTU informer has indicated that some dirty bombs may have been planted around the country, this stage of the investigation is very critical and time is paramount. Thus, Jack Bummer and your instructor have agreed to give you at most a week to complete the analysis and submit a final written and oral report.

You need to accomplish each of the following tasks and briefly answer the question that is related to the task. You also need to document the command(s) that you used to accomplish each task.

  1. Task: Create an image of the evidence floppy disk. Calculate its MD5 signature and save the signature in a text file. What is the importance of this step of the investigation?

  2. Task: Gather all string information that you can find in the image. Why does the floppy disk appear to be almost empty? What files did you recover from the disk? How did you recover them?

  3. Task: Break the encryption on one of the files that you managed to recover. What encryption technique was used? How did you break it? What password did you manage to reveal?

  4. Task: Perform a steganalysis of the images. Do a research on steganalysis and write a concise report on that process. How and what made you infer which image is hiding some information? How did you extract the data? What information did the data reveal?

  5. Task: Analyze the images. What information about the impending attack do they reveal?

Here are some notes that may prove helpful to your investigation.

  1. To create a floppy disk image, use the Linux/cygwin utility program, dd.
  2. For integrity checking, use the utility program, md5sum.
  3. Some pertinent file information (header and trailer signatures):

JPEG/JPG Image file Hex Header: FF D8 FF E0 XX XX 4A 46 49 46 00 String Header: ……JFIF(JPE, JPEG, or JPG)…..

Hex Trailer: FF D String Trailer: (. .)

GIF87a Image File Hex Header: 47 49 46 38 37 61 Hex Trailer: 00 3B

MS Excel/Powerpoint File Hex Header: D0 CF 11 E0 A1 B1 1A E

MS Word Document Hex Header: 7B 5C72 74 66 31 5C 61 or OD OD

MS Access File Hex Header: 00 01 00 00 53 74 61 6E

Bitmap File (BMP) Hex Header: 4D 42

Zip file Hex Header: 50 4B 03 04 14