CHFI V10 Module 05 Defeating Anti-forensics Techniques CyberQ Labs

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Examine the evidence file njrat_packed.exe located at C:\CHFI-Tools\Evidence Files using Exeinfo PE utility on CHFIV10 WINDOWS SERVER 2016 machine and write down the text that you observe against EP Section field.

.data

Using Autopsy in CHFIV10 WINDOWS SERVER 2016 machine, retrieve carved files from the evidence file Linux_Evidence_SSD.dd located at C:\CHFI-Tools\Evidence Files\Forensic Images. From the retrieved carved files, determine the MD5 hash value of the file f0203152.jpg and write down the output in the below answer field.

52b29a36da797ff3c4c9fed18140176b

On your CHFIV10 WINDOWS 10 virtual machine, launch the Windows PowerShell with elevated privileges and run the command gci -recurse | % { gi $_.FullName -stream * } | where stream -ne ':$Data'. PowerShell will detect the hidden alternate data streams on the machine along with the files in which they are contained and display them to you. Examine the detailed results obtained upon running the command and specify the path that is displayed against the PSParentPath field in the PowerShell window for the hidden data streams detected.

Microsoft.PowerShell.Core\FileSystem::C:\WINDOWS\system32

Use the Advanced PDF Password Recovery on your CHFIV10 WINDOWS 10 machine to crack the password-protection for the file Suspect.pdf located at Z:\Evidence Files. After retrieving the password, specify it in the below answer field.

Xwzy

bugsbunny.png, located at C:\CHFI-Tools\Evidence Files\Image Files is a steganography file. You are asked to perform steganalysis and decode the content hidden in the file. You applied various techniques and finally retrieved the information which is Electronic wire passcode: ___________________

albatrossbt86dbx167

Using Autopsy on CHFIV10 WINDOWS SERVER 2016 machine, examine the image file Windows_Evidence_001.dd located at C:\CHFI-Tools\Evidence Files\Forensic Images for files with extension mismatch. Upon retrieving the files with an extension mismatch, specify the extension of the file MultiplePages-Fixed.pdf as listed under the column MIME Type on the Autopsy GUI.

application/x-msoffice

Using Autopsy in CHFIV10 WINDOWS SERVER 2016 machine, retrieve carved files from the evidence file Windows_Evidence_SSD_TD.dd located at C:\CHFI-Tools\Evidence Files\Forensic Images. From the retrieved carved files, determine the MD5 hash value of the file f0475560.txt and write down the output in the below answer field.

eae35e42bd67f255cdae84517d70878d

Lihat semua set pelajaran

CHFI V10 Module 05 Defeating Anti-forensics Techniques CyberQ Labs

Set pelajaran terkait

Nursing 112 Exam #3 Ch. 16, 26, 32, 34, 36, 37

VTI Clin. Med. 1 Dog Breeds

Streptococcus and enterococcus

Philosophy

Epi Quiz 3

Exam 3 Things to Know, Exam 2 Things to Know, Hawkins BIO 111 Exam 1 Things to Know

Business Analytics Exam 1

FINAL HESI 2022

mktg ethics ferrell

American Government Chapters warm ups

FINANCE MATH

MAN3025- Final Exam

Personal Finance (Chapter 7)

4/10-4/13 Words of Animals (Avenue)

SCM379 Final Exam Questions

NCLEX Maternal - Newborn

Ch. 4

DMV Practice Test #3

MIS Exam 2

ch 10 multiple choice