• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.



Page history last edited by Patrick 2 months, 3 weeks ago


This assignment will allow you to demonstrate your skills in imaging, hashing, and report writing.



Create a folder called "<first.name>.<last.name>. Save the following into that folder. When done, ZIP it.  Make sure you watch the Report Writing videos.

  1. Your report (template here)
    1. Make sure to answer all of the questions posed in the assignment at the end of your report.
  2. Your notes (template here)
  3. Your ~/.bash_history file from your Linux VM AFTER you write the report
    1. Not a screenshot. Not a picture. Not copy/pasted text. The actual file.



  • Example of a well written report
    • This is a very simple assignment, but notice that the writer provided sufficient detail to answer all of the questions. For future assignments that are more in depth, the reports will require more detail.
  • Example of well written notes
    • Note how thorough the notes are.  If asked to duplicate what the writer did, you could follow their procedures exactly and verify the results. That's why notes need to be detailed . . . for science!
  • Note that in the notes, their dd uses the count argument; you will not need to use that in this assignment
  • These examples are NOT to be treated like Mad Libs. They are there as reference.




Download and read, thoroughly, the assignment description. Follow the instructions.  



  1. Assignment Description
  2. Forensic Image (128MB compressed to 1048 KB)


SHA1 Hashes:

  • 49259ad3ba305a2635f52fa501745afd9be862b2  4860.sp20.a1.zip
    • To make sure the file downloaded correctly
  • 32b453d6cc0d647b786cbf0aa4be42f3a5a6af6a  4860.sp20.a1.dd
    • To make sure the file extracted correctly
  • f1244ff3b424eeab0304de5137dde2358aaa6706  /dev/sdb1
    • This is your target sha1sum for the assignment


Why did I include the hashes? Because we always need to verify the integrity of forensic evidence whether you create the forensic image yourself and compare that to the original media or if you are provided a forensic image as done here.  Your report and notes should show that you validated the provided image by showing the original and checked hash.  

Comments (0)

You don't have permission to comment on this page.