Assignment 2
Attached Files:
· unnamed.zip (6.435 MB)
Short answer is not acceptable.
Take all screenshots of your findings.
Read and follow the below instruction carefully.
Instruction for the assignments
1. Download image files from
1. https:
www.cfreds.nist.gov/FileCarving/Images/L0_Graphic.dd.bz2
2. https:
www.cfreds.nist.gov/FileCarving/Images/L2_Graphic.dd.bz2
2. Download and install Autopsy program from https:
www.sleuthkit.org/autopsy/ on your compute
3. Download TrID( http:
mark0.net/download/trid_w32.zip ) to your computer. (Make sure you need TRD package file( http:
mark0.net/download/triddefs.zip ) together with TrID)
4. Download the below attached file named “unnamed.zip”
YOUR TASK
1.Explain what is file signature and file header. (refer to https:
www.garykessler.net/li
ary/file_sigs.html)
2.Explain what Data Carving is and describe Data Carving techniques.
3.Import two dd image files extracted from bz2 files to Autopsy and run ‘Ingest Module’ on ‘PhotoRec Carver.'
a. List all carved files from each dd image file.
. Choose a carved file from both dd images that has a same extension and file size. Show the header value indicating file size in Hex.
c. Do you think that these 2 files are originally same or not? Why?
4.Using TrID, find each extension of all files extracted from 'unnamed.zip.'
Note:
Attached Files:
· 712Assignment2.mp4 XXXXXXXXXXMB)
Please refer to the attached video for your assignment2.