Digital forensics

Part 1 Misleading file extension Criminals often simply change the extensions of files to mislead computer forensics investigators. But the wrong file extension is difficult know exactly what the original file type was. To find out the true type of a file you could use a hex editor. 1. Download secret.jpg 2. Open it with the built in Windows Photos app. What do you see? 3. Use Hex Workshop (or other hex editor) and try to find out the original file type.   Part 2 Use Volatility to analyse memory dump 1. Download volatility at: https://www.volatilityfoundation.org 2 Download windows.raw from Canvas 3 Study an example of volatile memory analysis at: https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1 4 Learn about the memory dump: o From which OS is this dump made from, make a screenshot to support your answer. o Which process were running when the dump was made, make a screenshot. o What are the network connections, which connections are still open?

Latest Post

Writing Services

Unlock Your Academic Potential with Our Expert Writers

Embark on a journey of academic success with Legit Writing. Trust us with your first paper and experience the difference of working with world-class writers. Spend less time on essays and more time achieving your goals.

Order Now