Digital Forensics Assignment 1
Laboratory Report
COURSE NUMBER AND TERM
Laboratory Number: 1 Date 6/1/12
Examiner’s Name: Liam Sweeney
Number: 1
Examination or Validation Tasking:
On May 28 2012 at :800am Officer M. Truman delivered USB flash drive sealed in an anti static bag with tamper resistant tape. Officer M. Truman initials and the date are written across the tape. The USB flash drive is 2 Gb in memory size and blue in color. Serial number 2394297456. Officer M. Truman asked me to create a forensic copy , verify the image and to report my results. In simple words, disk imaging can be defined as to make a secure forensically sound copy to media that can retain the data for extended period.
Forensic Question(s):
1. Locate all document files... file3.txt file4.jpg file.doc
2. Compare files/hashes of USB flash drive 2 Gb in memory size and blue in color. Serial number 2394297456 and the image on USB flash drive 2 Gb in memory size and green in color. Serial number 8394237452. 4b32863a64db2e6494645dc510d0c907c92a1979 /dev/sdb1 4b32863a64db2e6494645dc510d0c907c92a1979 sweeney.case01.dd
Steps Taken:
1. I signed for USB flash drive 2 Gb in memory size and blue in color. Serial number 2394297456.
2. I verified the initials as those of Officer M. Truman and inspected the sealed package for tampering.
3. I opened a new flash drive 2 Gb in memory size and green in color. Serial number 8394237452 to make forensic image onto.
4. I verified the new flash drive 2 Gb in memory size and green in color. Serial number 8394237452 was empty.
5. I disabled auto mount, automatically access a storage medium such as CD-ROMs and make its contents available to a computer system, as to not write over forensic image.
6. I wrote over every single sector of the flash
COURSE NUMBER AND TERM
Laboratory Number: 1 Date 6/1/12
Examiner’s Name: Liam Sweeney
Number: 1
Examination or Validation Tasking:
On May 28 2012 at :800am Officer M. Truman delivered USB flash drive sealed in an anti static bag with tamper resistant tape. Officer M. Truman initials and the date are written across the tape. The USB flash drive is 2 Gb in memory size and blue in color. Serial number 2394297456. Officer M. Truman asked me to create a forensic copy , verify the image and to report my results. In simple words, disk imaging can be defined as to make a secure forensically sound copy to media that can retain the data for extended period.
Forensic Question(s):
1. Locate all document files... file3.txt file4.jpg file.doc
2. Compare files/hashes of USB flash drive 2 Gb in memory size and blue in color. Serial number 2394297456 and the image on USB flash drive 2 Gb in memory size and green in color. Serial number 8394237452. 4b32863a64db2e6494645dc510d0c907c92a1979 /dev/sdb1 4b32863a64db2e6494645dc510d0c907c92a1979 sweeney.case01.dd
Steps Taken:
1. I signed for USB flash drive 2 Gb in memory size and blue in color. Serial number 2394297456.
2. I verified the initials as those of Officer M. Truman and inspected the sealed package for tampering.
3. I opened a new flash drive 2 Gb in memory size and green in color. Serial number 8394237452 to make forensic image onto.
4. I verified the new flash drive 2 Gb in memory size and green in color. Serial number 8394237452 was empty.
5. I disabled auto mount, automatically access a storage medium such as CD-ROMs and make its contents available to a computer system, as to not write over forensic image.
6. I wrote over every single sector of the flash