Question Description

I’m trying to learn for my Computer Science class

Lab #6 (Part 1): Recovering Data Using the EaseUS Data Recovery Wizard

Objective

The objective of this lab is to provide expert knowledge about the tools used in the forensic investigation process, including recovering deleted file from the evidence.

Lab Task:

The objective of this lab is to help students understand and perform data file recovery using the EaseUS Data Recovery Wizard tool.

Lab Description:

EaseUS Data Recovery Wizard recovers deleted files, even if you’ve emptied the Recycling Bin or deleted them directly (and provided they haven’t been securely deleted with multiple passes).

Lab Scenario: A finance manager in a reputable company modifies the financial data of the company and transfers the company’s funds to his personal account. In order to conceal the evidence, he permanently deletes the original files from his computer using Shift+Del. The company hires a computer forensic expert to investigate. The investigator recovers the deleted files by using the EaseUS Data Recovery Wizard data recovery software.

  • Log on to your Windows 10 VM.
  • Navigate to https://www.easeus.com/datarecoverywizard/free-data-recovery-software.htm (you can use Microsoft Edge or use Edge to download a different browser such as Chrome or Firefox) and download the latest version of EaseUS Data Recovery Wizard. EaseUS Data Recovery Wizard, data recovery software, will recover deleted files that have been emptied from the Windows Recycle Bin or have been lost due to the formatting or corruption of a hard drive, a virus or Trojan infection, or an unexpected system shutdown or due to software failure. It can recover data from hard drives, USB drives, memory cards, and other storage devices.
  • Double-click drw_free.exe, select a language (English) and follow the wizard driven installation steps to install the application
    • If an Open File – Security Warning pop-up appears, click Run.
    • If a User Account Control pop-up appears, click Yes.
    • If a Windows Security dialog-box appears, enter the credentials and then click OK.
  • In the final step of installation, ensure that Launch EaseUS Data Recovery Wizard option is unchecked and Participate in the Customer Experience Improvement Program is uncheck option and click Finish.
  • A EaseUS webpage appears in the default web browser, close it.
  • Next create a folder on the C: hard drive and then name it MSDF531. In the folder navigate to the Internet and download image files utilizing different formats if possible (bmp, gif, jpg, png)
    • Dog
    • Cat
    • Horse
    • Owl
    • Cow
    • Pig
    • Duck
    • Chicken
    • Goat
    • Donkey
  • Now use Shit+Del to delete each file individually. However, you will need these files for the for the next parts so please bookmark the websites you got them or you can just get news ones.
  • Now, Click on EaseUS Data Recovery Wizard and then appears along with a pop-up. Close the pop-up and click on Next in the wizard.
  • Next step of the wizard appears displaying the Common Locations and Hard Disk Drives. Select a drive and after that click Scan.
  • The application begins to scan the drive and begins to display the contents of the drive, along with the data that has been deleted.
  • On completion of the scan, a pop-up appears; click OK to close the pop-up.
  • The file system of the drive appears in the left pane, displaying the files present in the drive (if any), along with the deleted files (denoted by the letter d)
  • To view the deleted files inside a folder which contains sub-folders, you need to expand the nodes pertaining to each directory, until you find a directory that contains files.
  • To view the deleted file, right-click on the respective file and click Preview.
  • The preview of each of the files appear
  • Click Cancel to view the other deleted files.
  • To view the files pertaining to image format, click Graphics tab and then, select a folder. The images present in the folder appear in the right-pane
  • To recover a single or multiple files, select the file/files of your choice and click Recover.
  • A Browse For Folder window appears. You need to choose a location to store the recovered files.
  • So, navigate to Documents, create a folder named Recovered Files and then click OK.
  • EaseUS Data Recovery application recovers the files to Recovered data [date] at [time]/Name of Drive
  • Open the Name of Drive folder. The Name of Drive folder contains folder Image Files folder, from where we have recovered the deleted files as indicated in step no. 16. Open this folder.
  • The files are successfully recovered
  • Switch to EaseUS Data Recovery Wizard, and close the pop-up that contains the status of the recovery.
  • Analyze and document the results related to this lab exercise. Submit your opinion and experiences with the EaseUS Data Recovery Wizard
  • Log on to your Windows 10 VM.
  • Navigate to http://www.slavasoft.com/hashcalc (you can use Microsoft Edge or use Edge to download a different browser such as Chrome or Firefox) and download the the latest version of HashCalc. HashCalc allows you to compute message digests, checksums, and HMACs for files, as well as for text and hex strings. It offers a choice of 13 of the most popular hash and checksum algorithms for calculations.
  • Download HashCalc then double-click on setup.exe and follow the wizard-driven installation steps to install the application. Note: If an Open File – Security Warning pop-up appears, click Run.
  • In the final step of installation, uncheck View the README file option, check Launch HashCalc option and click Finish
  • The HashCalc application’s main window appears
  • In the Data Format drop-down list, select file format as File and click the ellipsis button associated with the Data field to select the file.
  • Subsequently, find window appears, navigate to the folder you created in Part 1 with the image files you downloaded. In this location, you need to select an evidence file, whose hash value needs to be calculated. In this lab, select the dog image. Once you select the file, click Open.
  • The selected file will be displayed in the Data field. Note: To calculate the message digests/checksums for the data, the HMAC box must be unchecked.
  • Select the algorithms you want to use for calculations by checking the boxes with the appropriate names, and then click the Calculate button. (MD5, MD4, SHA1, SHA512, and MD2).
  • Hash values will be displayed for the selected file
  • To calculate the Keyed – Hash Message Authentication Code(HMAC) for the data:
    • Check the HMAC box.
    • In the Key Format combo box, select the type of the key you want to use for calculations. HashCalc allows you to perform calculations using text keys or hex keys.
    • In the Key box, enter the key for HMAC calculations (for example, here test is entered as key)
    • Select the algorithms you want to use for calculations by checking the required.algorithms, and then click Calculate
  • Both the windows containing MD5 hash values (with key and without key) are shown
  • If you want to perform a calculation for a text string, first select Text string from the Data Format drop-down list and then enter the text in the Data field.
  • Select the algorithms you want to use for calculations by checking the required algorithms and then click the Calculate button.
  • Hash values will be displayed for the selected algorithms. Document hash and MD5 for all your pictures.

Lab #6 Part 2): Performing Hash, Checksum, or HMAC Calculations Using the HashCalc

Lab Objective:

The objective of this lab will show you how to encrypt data and how to use it. Furthermore, it will teach you how to:  Use the encrypting command.  Generate hashes and checksum files.

Lab Description:

HashCalc enables you to compute multiple hashes, checksums, and HMACs for files, text, and hex strings. It supports MD2, MD4, MD5, SHA1, SHA2 (SHA256, SHA384, SHA512), RIPEMD160, PANAMA, TIGER, CRC32, ADLER32, and the hash used in eDonkey and eMule tools.

Lab Scenario: A multi-national company has undergone a network attack and has called forensics investigator to look into the issue. The investigator found some codes that seem to be familiar and needs to cross-check for their availability across a malware database. The major problem here is that the code is huge and uses pretty big storage capacity, making it difficult for search. Therefore, the investigator uses hash values of the code to find their traces in the database.

To be an expert computer forensic investigator, one must have sound knowledge of the tools used to compute hashes and check checksums.

Lab Task:undefined

Lab #6 Part 3): Generating MD5 Hashes Using MD5 Calculator

Lab Objective:

The objective of this lab will give you experience encrypting data and show you how to do it. It will teach you how to:  Use encrypting commands.  Calculate the MD5 value of selected files.

Lab Description:

MD5 Calculator is a simple application that calculates the MD5 hash of a given file. It can be used with big files with sizes measured in GBs. It features a progress counter and a text field from which the final MD5 hash can be copied easily to the clipboard.

Lab Scenario: During an investigative process, a forensics examiner was successful in extracting some programs from a target computer. The examiner uses MD5 hash values to check the presence of similar file across a malware database and finds the malicious file. To be an expert computer forensic investigator, one must have sound knowledge of tools used for computing hashes and checking the checksums.

Lab Task:

  • Log on to your Windows 10 VM.
  • Navigate to http://www.bullzip.com/download.php and download the latest version of MD5 Calculator.
  • Double-click md5calc(1.0.0.0).msi to launch the setup, and then follow the wizard-driven installation steps to install the application. Note: If an Open File – Security Warning pop-up appears, click Run.
  • navigate to the folder you created in Part 1 with the image files you downloaded.
  • To calculate the MD5 hash of a file, first select a particular file (Dog), right-click on it and then select MD5 Calculator from the context menu.
  • The MD5 Calculator window will subsequently appear, displaying the MD5hash value for the selected file. Note: When the tool is used for the first time, it displays the result of the selected file directly under the MD5 Digest column and there is no need to click the Calculate button.
  • If you want to calculate the hash value of another file, click the ellipsis button corresponding to the File Name field.
  • The Select file to calculate MD5 hash window will pop up/ to the folder you created in Lab #1 with the image files you downloaded, select a file other than the previously selected file, (horse file) and then click Open.
  • The selected file will be displayed in the File Name field, click the Calculate button to calculate the MD5 hash of the file.
  • MD5 Calculator displays theMD5 Digest (hash value) for the selected file
  • Analyze and document all the calculated hash values related to this lab exercise by using MD5 calculator.

Lab #6 Part 4): Viewing Files of Various Formats Using the File Viewer

Lab Objective:

The objective of this lab is to help students learn and perform file viewing with the help of File Viewer. File viewer is used for: Viewing files of various formats, Quickly locating the files needed, and Saving files of various file types.

Lab Description:

File Viewer is a Disk/File Utility that helps you quickly locate, view, print, organize, and exchange files.

Lab Scenario: A network administrator has reported transmission of some unknown files across the company’s network after a security breach incident. Upon investigation, the investigators found that the attacker had hidden the file format to confuse the network administrator. The investigators used File Viewer tool to recognize the format and extract its contents that led to the attack.

To be a computer forensic expert, you must have sound knowledge of various file viewing tools used for forensic investigations. This knowledge includes how to locate files quickly, view files of different formats, etc.

Lab Task:

  • Log on to your Windows 10 VM.
  • Navigate to http://www.accessoryware.com/fileview.htm and download the latest version File Viewer
  • Double click FileView.exe to launch the setup and follow the wizard-driven installation steps to install the application. Note: If an Open File – Security Warning pop-up appears, click Run.
  • Double-click File Viewer 9.5 icon on the Desktop to launch the application. Note: Alternatively, you may launch the application from the Apps screen.
  • The File Viewer Registration pop-up appears. Click the Close button to open the File Viewer window.
  • The File Viewer main window appears, along with a Getting Started with File Viewer dialog-box. Check on the Do Not Show on Start Up option and click Cancel.
  • If the pop-up does not appear, skip to the next step.
  • Go to File menu and click Open.
  • In the Open dialog box:
    • Locate the evidence file you created in Part 1 with the image files you downloaded.
    • Select All files (*.*) in the File type drop-down list.
    • Select the file (Duck), and then click Open.
  • If a Getting Started with File Viewer pop up appears, click Cancel.
  • The image Duck opens in the file viewer screen
  • Navigate to FileFile Properties to view various properties of the selected image.
  • The File Properties window will pop up showing various properties of the selected file. Click OK to close the window.
  • You may save the image for further reference, and you have an option to save the image in a different file format. However, this feature is available only for the licensed version of File Viewer.
  • Analyze and document the results related to the lab exercise.

Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at essayloop.com