0% found this document useful (0 votes)

12 views4 pages

Digital Forensics Lab Report

Uploaded by

Yubraj Khatiwada

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

12 views4 pages

Digital Forensics Lab Report

Uploaded by

Yubraj Khatiwada

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

Digital Forensics Lab Report

Lab 1: To Calculate MD5/SHA1/CRC-32/SHA-256/SHA-512/SHA-384 Hash

of Files

Objective
To compute different cryptographic hash values of files using standard hashing algorithms
(MD5, SHA-1, CRC-32, SHA-256, SHA-512, and SHA-384).

Concepts
- Hashing ensures integrity verification of files.

- Different algorithms provide different levels of collision resistance and security.

- Common tools: md5sum, sha1sum, sha256sum, openssl, or forensic tools like

FTK/Autopsy.

Procedure
- Select a file (e.g., test.txt).

- Use command-line tools or forensic software to generate hash values (md5sum, sha1sum,
sha256sum, etc.).

- Record all hash values for verification.

Output
Example Hashes:
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA-1: da39a3ee5e6b4b0d3255bfef95601890afd80709
CRC-32: 00000000
SHA-256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA-512: cf83e1357eefb8bd...
SHA-384: 38b060a751ac9638...

Conclusion
Different hashing algorithms produce unique fixed-length outputs for the same input. These
hashes help verify file integrity and detect tampering.

Lab 2: To Examine a Partition at Physical Level of OS

Objective
To explore and analyze partition details at the physical storage level.
Concepts
- Disk partitions store system and user data.

- Forensic tools allow viewing raw sectors and partition tables.

- Important metadata includes MBR, GPT, boot sector, and file system structures.

Procedure
- Use tools like fdisk -l, parted, or forensic tools (FTK Imager, Autopsy).

- View raw hex data of partitions using a hex editor (e.g., WinHex, HxD).

- Identify partition type, size, and file system format.

Output
Partition details with start sector, size, type, and raw data view.

Conclusion
Examining partitions at the physical level provides low-level insight into file system
structure and helps detect hidden or deleted data.

Lab 3: Capturing an Image using Forensic Acquisition Tool

Objective
To perform forensic acquisition of a storage device.

Concepts
- Acquisition involves creating a bit-by-bit copy (image) of the storage media.

- Ensures data integrity and prevents modification of original evidence.

- Tools: FTK Imager, Autopsy, EnCase, dd command.

Procedure
- Connect suspect storage device in read-only mode.

- Use FTK Imager (or dd) to create .E01 or .dd image.

- Verify image integrity using hash values (MD5/SHA).

Output
Image file generated (e.g., disk_image.E01) with verified hash values.

Conclusion
Forensic acquisition preserves original data in an admissible format for court use.
Lab 4: To Analyze Images from Forensic Acquisition Tools

Objective
To analyze disk images acquired during forensic investigation.

Concepts
- Analysis includes searching for files, deleted data, registry entries, and logs.

- Tools: Autopsy, FTK, EnCase.

Procedure
- Load the forensic image into Autopsy or FTK.

- Browse partitions, file system, and recover deleted files.

- Extract metadata, timestamps, and user activities.

Output
Recovered files, logs, and detailed analysis screenshots.

Conclusion
Disk image analysis reveals hidden or deleted evidence that is crucial for investigations.

Lab 5: To Generate a Forensic Case Report Submitted to Court

Objective
To prepare a professional forensic report for legal submission.

Concepts
- Reports must be clear, accurate, and legally valid.

- Includes case details, acquisition method, findings, and conclusion.

Procedure
- Document case information (Case ID, Investigator, Date).

- Include acquisition details (tools, hashes, procedures).

- Present findings (recovered files, metadata, timeline).

- Conclude with investigator’s observations.

Output
Sample Report Headings:
- Case Information
- Tools Used
- Evidence Description
- Analysis Results
- Conclusion & Recommendations

Conclusion
A structured forensic report provides reliable evidence presentation in court.

Lab 6: To Trace Files from Packet Captures from Computer Network

Objective
To analyze packet capture files (.pcap) and extract transferred files.

Concepts
- Packet capture tools (Wireshark, tcpdump) record network traffic.

- Forensic analysis allows reconstruction of transmitted files.

Procedure
- Open .pcap file in Wireshark.

- Apply filters (e.g., http, ftp, tcp.stream eq).

- Export reconstructed files from captured sessions.

Output
Recovered files (e.g., images, documents) extracted from network traffic.

Conclusion
Packet analysis helps recover transferred files and detect malicious activities in networks.

Algebraic Geometry - A First Course - Joe Harris - Harvard University
86% (7)
Algebraic Geometry - A First Course - Joe Harris - Harvard University
337 pages
Forensics - Lab 6
No ratings yet
Forensics - Lab 6
4 pages
Computer Forensic Lab
100% (1)
Computer Forensic Lab
4 pages
1-Reference Material I Cse4004 Digital-Forensics Eth 1.1 47 Cse4004
No ratings yet
1-Reference Material I Cse4004 Digital-Forensics Eth 1.1 47 Cse4004
10 pages
CSF Unit-4
No ratings yet
CSF Unit-4
42 pages
91.580.203 Computer & Network Forensics
No ratings yet
91.580.203 Computer & Network Forensics
43 pages
Unit-4 Part-1 CF
No ratings yet
Unit-4 Part-1 CF
61 pages
Unit 1
No ratings yet
Unit 1
51 pages
Assignment 1 Priyanka Mam
No ratings yet
Assignment 1 Priyanka Mam
4 pages
Unit 2
No ratings yet
Unit 2
42 pages
Quiz Solutions - Introduction To Digital Forensics
No ratings yet
Quiz Solutions - Introduction To Digital Forensics
6 pages
Tracing A Hacker's IP
No ratings yet
Tracing A Hacker's IP
14 pages
CITS1003 9 Forensics
No ratings yet
CITS1003 9 Forensics
36 pages
Dr. Phil Nyoni: Digital Forensics Lecture 6: Forensics Tools July 2021
No ratings yet
Dr. Phil Nyoni: Digital Forensics Lecture 6: Forensics Tools July 2021
40 pages
SCI4201 Lecture 9 - Forensics Analysis and Validation
No ratings yet
SCI4201 Lecture 9 - Forensics Analysis and Validation
38 pages
Lecture 2 APIC 1.2.3
No ratings yet
Lecture 2 APIC 1.2.3
49 pages
21yd14 Digital Forensics Module 1
No ratings yet
21yd14 Digital Forensics Module 1
120 pages
Module 3 - Computer Forensics
No ratings yet
Module 3 - Computer Forensics
26 pages
Module 02 - Computer Forensics Investigation Process - AG - 25
No ratings yet
Module 02 - Computer Forensics Investigation Process - AG - 25
53 pages
DF Unit 1 My Notes
No ratings yet
DF Unit 1 My Notes
12 pages
Forensics and Incident Response-Question BANK - Fair For Students
No ratings yet
Forensics and Incident Response-Question BANK - Fair For Students
5 pages
Digital Forensics Syllabus
No ratings yet
Digital Forensics Syllabus
6 pages
Digital Forensics Skilling Workbook
No ratings yet
Digital Forensics Skilling Workbook
73 pages
Forensic Data Acquisition Guide
100% (1)
Forensic Data Acquisition Guide
45 pages
Current Computer Forensics Tools
No ratings yet
Current Computer Forensics Tools
65 pages
UNIT 4 Forensic Tools
No ratings yet
UNIT 4 Forensic Tools
11 pages
5.cyber Forensics
No ratings yet
5.cyber Forensics
5 pages
Cyber Forensics
No ratings yet
Cyber Forensics
29 pages
Sesi 11 Digital Forensics Analysis and Validation
No ratings yet
Sesi 11 Digital Forensics Analysis and Validation
22 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
67 pages
Chapter 2 Digital Forensic Tools and Data Acquzation Process
No ratings yet
Chapter 2 Digital Forensic Tools and Data Acquzation Process
27 pages
Week 4 Windows Forensics
No ratings yet
Week 4 Windows Forensics
23 pages
Digital Forensics Final Exam Solutions
No ratings yet
Digital Forensics Final Exam Solutions
3 pages
Guide To Computer Forensics and Investigations Fourth Edition
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
57 pages
Lec7 Analysis
No ratings yet
Lec7 Analysis
30 pages
Melese Abrham
No ratings yet
Melese Abrham
14 pages
Computer Forensics Notes
No ratings yet
Computer Forensics Notes
7 pages
Csf-Unit 4
No ratings yet
Csf-Unit 4
19 pages
Computer Hacking Forensic Investigator Chfi v9
0% (2)
Computer Hacking Forensic Investigator Chfi v9
5 pages
Computer Investigator
No ratings yet
Computer Investigator
70 pages
Seminar Topic On Compuetr Forensics
100% (1)
Seminar Topic On Compuetr Forensics
11 pages
CAP797
No ratings yet
CAP797
35 pages
Module 3
No ratings yet
Module 3
28 pages
CFA Unit 2 Notes
No ratings yet
CFA Unit 2 Notes
40 pages
UNIT IV-Current Computer Forensics Tools
No ratings yet
UNIT IV-Current Computer Forensics Tools
5 pages
Digital Forensic in Practice
No ratings yet
Digital Forensic in Practice
10 pages
Unit 4
No ratings yet
Unit 4
72 pages
CFORP L07 Forensic Investigation and Analysis Process
No ratings yet
CFORP L07 Forensic Investigation and Analysis Process
24 pages
1 Digital Forensics 04
No ratings yet
1 Digital Forensics 04
12 pages
FOCF
No ratings yet
FOCF
155 pages
INT243
No ratings yet
INT243
2 pages
DF Remaining Jds
No ratings yet
DF Remaining Jds
17 pages
CF EXP2 Aasif
No ratings yet
CF EXP2 Aasif
56 pages
Forensics 3
No ratings yet
Forensics 3
42 pages
Forensic
No ratings yet
Forensic
22 pages
Digital Forensics Essentials
No ratings yet
Digital Forensics Essentials
11 pages
CF Unit4 Current Forensic Tools26042021
No ratings yet
CF Unit4 Current Forensic Tools26042021
74 pages
Cyber Forensics Unit - 3
No ratings yet
Cyber Forensics Unit - 3
21 pages
Puritanism & Early American Literature
No ratings yet
Puritanism & Early American Literature
4 pages
Navigating Landscapes of Mediated Memory 1st Edition Paul Wilson Instant Download
100% (5)
Navigating Landscapes of Mediated Memory 1st Edition Paul Wilson Instant Download
85 pages
Listening Starter 1
No ratings yet
Listening Starter 1
9 pages
Chapter 6 - Multiphase Systems: CBE2124, Levicky
No ratings yet
Chapter 6 - Multiphase Systems: CBE2124, Levicky
27 pages
17 Managerial Roles
No ratings yet
17 Managerial Roles
4 pages
Heimdal The Gjallarhorn The Horn Resounding and Ragnarok by Ormungandr Melchizedek
100% (1)
Heimdal The Gjallarhorn The Horn Resounding and Ragnarok by Ormungandr Melchizedek
4 pages
Evolution of Handwriting Systems
100% (2)
Evolution of Handwriting Systems
38 pages
Neoplasm Classification Guide
100% (1)
Neoplasm Classification Guide
15 pages
Career Development As A Management Accou
No ratings yet
Career Development As A Management Accou
19 pages
Blower & Vacuum Pump: IRS-32A・IRS-40A・IRS-50H/L・IRS-65H/L IRS-80H/L・IRS-100L・IRS-125R/L・IRS-150R/L
No ratings yet
Blower & Vacuum Pump: IRS-32A・IRS-40A・IRS-50H/L・IRS-65H/L IRS-80H/L・IRS-100L・IRS-125R/L・IRS-150R/L
68 pages
Lecture O03: ENGR90024 Computational Fluid Dynamics
No ratings yet
Lecture O03: ENGR90024 Computational Fluid Dynamics
43 pages
PeriUrja Company Profile
No ratings yet
PeriUrja Company Profile
10 pages
Assignment 1 Pinnacle's E-Library: Team Members
100% (1)
Assignment 1 Pinnacle's E-Library: Team Members
27 pages
Industrial Valve Specifications
No ratings yet
Industrial Valve Specifications
9 pages
Beginning of The Year Progress Note
No ratings yet
Beginning of The Year Progress Note
2 pages
How To Raise SAP OSS Call
No ratings yet
How To Raise SAP OSS Call
6 pages
The World During Rizal's Time PDF
No ratings yet
The World During Rizal's Time PDF
29 pages
DLL - Tle-H.e. 6 - Q1 - W7
No ratings yet
DLL - Tle-H.e. 6 - Q1 - W7
6 pages
English 5 Co Combined
100% (2)
English 5 Co Combined
85 pages
Marine Crane Failure Analysis
100% (1)
Marine Crane Failure Analysis
27 pages
111, NDT Brochure
No ratings yet
111, NDT Brochure
4 pages
Commerce
No ratings yet
Commerce
10 pages
Automobile Technology Ceylon German Technical Training Institute Moratuwa
No ratings yet
Automobile Technology Ceylon German Technical Training Institute Moratuwa
28 pages
Resume Vijayanand Maindkar
No ratings yet
Resume Vijayanand Maindkar
3 pages
Christian Family: Divine Foundation
No ratings yet
Christian Family: Divine Foundation
2 pages
Nguyễn Văn Thành Trung-K59BF-ML15 PDF
No ratings yet
Nguyễn Văn Thành Trung-K59BF-ML15 PDF
9 pages
New Design of Intelligent Load Shedding Algorithm Based On Critical Line Overloads To Reduce Network Cascading Failure Risks
No ratings yet
New Design of Intelligent Load Shedding Algorithm Based On Critical Line Overloads To Reduce Network Cascading Failure Risks
15 pages
Ann Cum Syllabus AP English 10-04-2025 1
No ratings yet
Ann Cum Syllabus AP English 10-04-2025 1
5 pages
A Comprehensive Look at The Acid Number Test PDF
No ratings yet
A Comprehensive Look at The Acid Number Test PDF
6 pages

Digital Forensics Lab Report

Uploaded by

Digital Forensics Lab Report

Uploaded by

Digital Forensics Lab Report

Lab 1: To Calculate MD5/SHA1/CRC-32/SHA-256/SHA-512/SHA-384 Hash

- Different algorithms provide different levels of collision resistance and security.

- Common tools: md5sum, sha1sum, sha256sum, openssl, or forensic tools like

- Record all hash values for verification.

Lab 2: To Examine a Partition at Physical Level of OS

- Forensic tools allow viewing raw sectors and partition tables.

- Identify partition type, size, and file system format.

Lab 3: Capturing an Image using Forensic Acquisition Tool

- Ensures data integrity and prevents modification of original evidence.

- Tools: FTK Imager, Autopsy, EnCase, dd command.

- Use FTK Imager (or dd) to create .E01 or .dd image.

- Verify image integrity using hash values (MD5/SHA).

- Tools: Autopsy, FTK, EnCase.

- Browse partitions, file system, and recover deleted files.

- Extract metadata, timestamps, and user activities.

Lab 5: To Generate a Forensic Case Report Submitted to Court

- Includes case details, acquisition method, findings, and conclusion.

- Include acquisition details (tools, hashes, procedures).

- Present findings (recovered files, metadata, timeline).

- Conclude with investigator’s observations.

Lab 6: To Trace Files from Packet Captures from Computer Network

- Forensic analysis allows reconstruction of transmitted files.

- Apply filters (e.g., http, ftp, tcp.stream eq).

- Export reconstructed files from captured sessions.

You might also like