Computer ForensicsMidtermExam Name____________________________________ Answer the following questions.you can make your own assumptions. 1.Data acquisition – Study theacquisition methods used by...

1 answer below »

Computer ForensicsMidterm Exam


Name____________________________________


Answer the following questions.you can make your own assumptions.


1. Data acquisition – Study the acquisition methods used by Encase, FTK, and Prodiscover. Explain how the information is organized and stored when an image is created.For example, FTK creates and index of all data. Propose a method that is more efficient than the methods used by Encase, FTK, and Prodiscover.You answer needs to consider the case of creating an image of large volumes of data (terabytes). I am not asking about the procedure to create an image, but the way information is organized. You could use Artificial Intelligence search methods or some of the knowledge you learn in Data Structures.


2. Data Hidden-


a. Search the literature and write a paper describing data hidden techniques. Three pages long including the bibliography, 1.5 space, Times new roman 12.


b. Propose and describe your own data hidden method. Grading will be based on originality. For example, cryptography, steganography, etc, have been used for a long time.


3. Disk Encryption – password recovering tools.


a. Search the Web and find and describe in detail five of the most common open source password recovering tools.


b. Create 9 passwords 6 characters long as follows: three weak (names or dictionary words); 3 of medium complexity (uppercase + lower case + digits), and 3 strong password (special characters).Using the tools you described in question 3a, recover the 9 passwords. Record the time it took to recover each password. Include a table with all the results.


4. Virtual Machines. – Install an open source VM. With the VM running, create a few files (word, ppt, xls, you can include pictures (.gif, .jpeg). Then delete all the files and remove them from the recycle bin. Next, delete the virtual machine. Explain and demonstrate how you can recover the deleted files after deleting the VM.


5. Computer Forensics Tools –


a. Write a summary of the most recent open source computer forensics tools. Explain the tool, target OS, functions, etc.Three pages long including the bibliography, 1.5 space, Times new roman 12.


b. Summarize three of the computer forensics tools evaluated in the National Institute of Standards (NIST) Forensics Tool Testing handbook www.oftt.nist.gov

Answered Same DayDec 21, 2021

Answer To: Computer ForensicsMidtermExam Name____________________________________ Answer the following...

Robert answered on Dec 21 2021
130 Votes
1. Determining the Best Acquisition Method
Bit-stream disk-to-image file
It is the most common method and can make more than one copy of the original hard drive. It is used in case of bit by bit replication. Prodiscover, EnCase and FTK
Bit-stream disk-to-disk
It is used when to disk-to-image copy is impossible. Encase is the preferred tool here.
Logical acquisition or sparse acquisition
This method is used when the time is extremely limited or only specific files of interest are to be recovered. Besides these, when fragments of unallocated data needs  to be recovered.
a. Cryptology is a technique which converts a sequence of data into randomly arranged sequence of bits. These are crypted bits but internally they consist of meaningful and hidden information. But to an observer it seems to be meaningless.  It can also be said that it is a study of varied methods of transmitting information in a secured manner so that except the intended receiver no other intruder read the message by removing the disguise. In itself, it both a science and art. Science because it involves a scientific approach and art as there is no one particular way of crypting the data.  Hence people can come up with various methods of their own unique and creative way. In cryptology, the message is converted in to a random order using a “code”. Every character is replaced by another character or by “Cipher/Cipher” where the whole message is converted rather than converting each character.
Cryptanalysis is the method of cracking or breaking opens the encrypted message so as to reveal the hidden information. It is done by getting the decrypting key. It comes under the head of cryptology.
Cryptographic systems have been classified under three headings:
a. Phenomenon of converting plaintext into cipher text - Under this all the encryption algorithms is based on two rules: Substitution and transportation. Substitution is a method of substituting an element with another element. Transportation is the method of rearranging the elements.  All is done with one thing in mind that no information is lost during these processes. Data should be present in disguised form perfectly. 2. Methodology for different types of keys used.
In this method different keys such as secret key, public key, digital signature and hash function are used.
A) Secret key (Symmetric): A single key is used to perform encryption on plain text. Then both the key and plaintext documents are sent to the receiver where it uses the same key so as to decrypt the information. Since both the receiver and sender use same key. It is generally termed as symmetric encryption.
b) Public key- Under this mechanism, the sender and receiver are engaged in an insecure communication but don’t share the secret key.
c) Digital signature - Here the sender signs the sending document and encrypts it with the private key and then sends it to the receiver.
d) Hash Function: The hash functions which is one of the most popular in recent times particularly in Internet Security protocols is a one way of encryption that represents small sized bits which are generated from large sized file. Generating hash codes are generally faster than other methods which make it more popular for authentication and integrity.
3. Methodology for processing plain text. Under this cipher block processes the input block of data. This phenomenon uses substitution cipher process. It is an algorithm which uses symmetric key algorithm.
In this method an output block for each input block of elements are processed by a block cipher. This proposed algorithm uses a substitution cipher method and is a symmetric key algorithm using the technique of stream cipher.
Steganography similar to cryptography is also a method of concealing secret messages in a document. The origin of the word steganography comes from the Greek word called “Steganos” which means “covered/secret’. Hence, steganography implies ‘secret writing” Steganography essentially...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?