do you have accessdata ftk ?
CCT 121 Practical Final Name:
Scenario:
You have seized and imaged a thumb drive from a crime scene. Analyze the image to answer the following questions. Fill in the answers in RED.
To Do:
1) Download the image file from Moodle. 2) Verify the image. Paste a screen shot here of the Drive/Image Verify Results window. 10 points
3) Describe the contents of the picture “bad day”. 10 points
4) What is the SHA1 of the file called "X marks the spot.doc" last accessed on 7/25/07 at 4:26PM? 10 points
5) Who did John Washer ask a question concerning Djibouti . 10 points
6) What is the first thing on Washer's to do list 10 points
7) What is the model of the military aircraft dropping bombs according to the filename? Hint “F-???” 5 points
8) John Washer sent an email saying that he wishes to shake someone’s hand.
What is this person’s nickname and real name? 10 points
9) We need to locate the person from question number 8. What is his IP address? 5 points
10) What is the SID of Mr. Smee? 5 points
11) When was Smee's last logon? 5 points
12) What is the name of the vampire hunter? 10 points
13) We have recovered a file with the MD5 hash 9E3FFFA11C32004606B54A28FA188ED1
Which user can we attribute this file to? 5 points
14) What is 1 topic you would have liked to have seen covered during this course? 5 points