cyber forensics

CET4860 Assignment 2 FAT File System Questions: Answer the questions below using xxd (or other hex viewer only), dd, file and stat commands. You are not to use automated tools for this assignment to analyze the file system or to recover the files. We’ll do that in another project. 1. What is the physical size, MD5 and SHA-1 Hash of the provided forensic copy? Answer the question and include a screenshot of the commands used and their output. 2. At what hexadecimal offset does the Volume Boot Record/VBR (this area may also be referenced as the Master Boot Record/MBR or Boot Sector) begin and what is the file system? Answer the question and include a screenshot showing this location in xxd. 3. At what hexadecimal offset does the first File Allocation Table begin? Answer the question and include a screenshot showing this location in xxd. 4. At what hexadecimal offset does the second File Allocation Table begin? Answer the question and include a screenshot showing this location in xxd. 5. At what hexadecimal offset does the root directory begin? Answer the question and include a screenshot showing this location in xxd. 6. How many total files are on the partition? How many are deleted and how can you tell? 7. Complete the table below. I’ve provided starting offets and full information for two files for you to test converting the file size from hex, determining physical size from logical size, and recovering the file. You will need to fill in the file names, file types, physical size, and logical size for the remaining files. For each file you recover, include a screenshot of xxd showing the root directory with the bytes highlighted that you are converting to determine the logical size of the file. File name 1testdd.txt 2useful.docx ? ? ? ? ? ? File Type Text File Word Doc ? ? ? ? ? ? Logical Size (Bytes) 288 13157 ? ? ? ? ? ? Physical Size (Bytes) 512 13312 ? ? ? ? ? ? Starting Offset 0x4400 0x4600 0x7A00 0x17C00 0x26400 0x37200 0xAA500 0xAB100 CET4860 Assignment 2 FAT File System NOTE: There are 7 rows listed here, but that doesn’t necessarily mean there are seven files. By viewing the root directory, you will determine how many files are present either in a deleted or allocated state. If there are less than 7 files, fill in the extraneous rows with “NA”. If you find there are more than 7 files, add as many rows as necessary. 8. Use dd to recover deleted files and sha1sum to hash the files only. Copy and paste the calculated hashes in the second column for the recovered files. The hashes for the allocated files have been provided for you along with the first four bytes of potentially deleted files so you can check your work. To reiterate: There may or may not be 7 files. If there are less than 7 files, fill in the extraneous rows with “NA”. If you find there are more than 7 files, add as many rows as necessary. File name 1testdd.txt 2useful.docx ? ? ? ? ? Sha1 hash a6400ac119a5f2bf9b2bd749fc3ddd9980cb5df3 ffa8db3e23bc76d4fd5452bc20dc3386a8b38945 79a8 (the first four bytes) 01c1 (the first four bytes) 0f4c (the first four bytes) 02e0 (the first four bytes) 00ba (the first four bytes) 9. Why are there two entries in the root directory for each file? Be specific in your answer. This should not be answered with just a sentence or two. 10. Why is the physical size of a file usually greater than or equal to the logical size of the file? Be specific in your answer. This should not be answered with just a sentence or two. 11. Open the files you recovered and Include screen shots of their content below. You should be able to resize the images once in your document as needed.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.