CprE 592-YG: Computer and Network Forensics
 

Course Project #1

Exercise with the sample cases on Encase Demo CD.

No due date for Course Project #1.

Course Project #2

The Challenge:

Your mission is to analyze a recovered floppy and answer the questions below. What makes this challenge unique, you will need to read the police report before continuing your challenge. Just like an investigation in the real world, you will have some background information and some evidence, but its up to you and your technical skills to dig up the answers. Below is the dd image of the recovered floppy. This is the image that will provide you the answers, providing you can 'extract' the data. This project is from Honeynet Challenge.

Download:

image.zip MD5 = b676147f63923e1f428131d59b1d6a72 ( image.zip )

Make sure you check the MD5 checksum of your download before you unzip it.

Questions:

  1. Who is Joe Jacob's supplier of marijuana and what is the address listed for the supplier?
  2. What crucial data is available within the coverpage.jpg file and why is this data crucial?
  3. What (if any) other high schools besides Smith Hill does Joe Jacobs frequent?
  4. For each file, what processes were taken by the suspect to mask them from others?
  5. What processes did you (the investigator) use to successfully examine the entire contents of each file?
  6. What Microsoft program was used to create the Cover Page file. What is your proof (Proof is the key to getting this question right, not just making a guess).

Due: Nov. 20, 2003, Thursday, 9:30am
Last Updated : Monday, November 10, 2003 10:27:22 CDT