Here is the final. You will need to use the forensic tools that you used for the last few labs.
You will need the following tools:
– Any Hex editor
– Opanda Exif reader (or any exif reader)
– Autospy Forensic Tool (This literally tells you what files were deleted from the evidence file I will upload. It cant get easier than that)
– Your command prompt
– wireshark
Hints:
– watch the wire shark video I posted.
– Every file you see can possibly have a hidden meaning. Make sure you examine everything in every way.
– The examiner found traces of the following programs on the suspect’s computer and there is reason to believe that these were the last 6 programs he used before the device was confiscated (photoshop, itunes, quickstego, 7zip, avg antivirus). Not sure if any of these will be useful but worth listing anyway.
Your task:
You are following a Person of Interest (POI). You have made a copy of their hard drive and suspect they have deleted important information. Using Autopsy find any suspicious information. Note: you may find leads to your next steps when reviewing the information you find. Make sure you read everything you find and if you see something in autopsy that looks like an evidence file, right click it and export it to your desktop (or folder). Use common sense. Look for clues. You may find more detailed hints hidden somewhere in there.
While following your POI, you captured some traffic and suspect he downloaded some useful information. Open the pcap file in wireshark and see what you can find.
You were able to find a password protected file on his computer. You do not know the password. Maybe it is hidden somewhere in the evidence.
Hints.
Make sure you open the pictures in quick stego. This will tell you how to use ftp.
Make sure you open the pictures in a hex editor and scroll to the bottom for the password of the zipped file.
Place this order with us and get 18% discount now! to earn your discount enter this code: special18 If you need assistance chat with us now by clicking the live chat button.