Objective:
This assignment will allow you to demonstrate your skills in imaging, hashing, and report writing.
Deliverables:
Create a folder called "<first.name>.<last.name>. Save the following into that folder. When done, ZIP it. Make sure you watch the Report Writing videos.
- Your report (template here)
- Make sure to answer all of the questions posed in the assignment at the end of your report.
- Your notes (template here)
- Your ~/.bash_history file from your Linux VM AFTER you write the report.
- Not a screenshot. Not a picture. Not copy/pasted text. The actual file.
- Make sure to close all terminal windows and then re-open before copying the file.
- Note that this is a hidden file named .bash_history inside your user's home directory.
- If you're using something other than Mint or Ubuntu, like Kali, and cannot find this file, contact me and I will find an alternative file
Examples:
- Report Example
- This is a very simple assignment, but notice that the writer provided sufficient detail to answer all of the questions. For future assignments that are more in depth, the reports will require more detail.
- Notes Example
- Note how thorough the notes are. If asked to duplicate what the writer did, you could follow their procedures exactly and verify the results. That's why notes need to be detailed . . . for science!
- Note that in the notes, their dd uses the count argument; you will not need to use that in this assignment. We will use count later - in the next assignment in fact - but not yet.
- These examples are NOT to be treated like Mad Libs. They are there as reference. These notes/report use elements you are not going to use and you're report/notes ask for elements which are also not present in these examples. Make sure to include what is asked of you.
Procedure:
Download and read, thoroughly, the assignment description. Follow the instructions.
Files:
- Assignment Description
- Forensic Image (125MB compressed to 135 KB)
SHA1 Hashes:
- afc21003c82e4688189d8351fd43a84c0e4430bf 4860.sp23.a1.zip
- To make sure the file downloaded correctly
- 35e6017ac06747d21af9c696d641838166a5ebfa 4860.sp23.a1.dd
- To make sure the file extracted correctly
- 6bbbccf862c0ad5a31a919abab58dfa7a7696754 /dev/sdb1
- This is your target sha1sum for the assignment
Why did I include the hashes? Because we always need to verify the integrity of forensic evidence whether you create the forensic image yourself and compare that to the original media or if you are provided a forensic image as done here. Your report and notes should show that you validated the provided image by showing the original and checked hash.