Learning Objective Using the correct tool to analyze a forensic image and recover various artifacts of value Narrative Online monitoring of extremist websites has identified an individual that may be linked with possible extremist organizations Subpoena requests to the internet service providers based on the suspect's IP address have led investigators to a specific residence A team entered suspect's residence and found a powered down Dell laptop computer The suspect was not present Triage indicated that files of possible value might be found and that a full forensic exam would be beneficial They were able to create a forensic image on scene and bring it back for you to analyze Your task is to analyze the forensic image file using any tools techniques we have covered and answer the following questions Please be specific and include where you found the answer Use screenshots were appropriate or convenient Assume all the tools we have been using have been validated and approved for use and use only the tools I've provided When analyzing a multipart forensic image file, you only need to add point to the first ( E01) file, and make sure all the image files are together in one folder Artifact Questions Verify the Image What is the verification hash value of this image Click here to enter text How many partitions are there on this image Which one contains User data Click here to enter text What is the Computer Name Click here to enter text What version of Windows is this user running Click here to enter text When was this version of Windows installed Click here to enter text Who is the registered owner of this computer Click here to enter text When was this computer last shut down Click here to enter text There were several different USB mass storage devices plugged into this computer How many and what brand were these devices Click here to enter text What is the time zone setting on this computer Click here to enter text There is a folder with a series of pictures of Rocket Propelled Grenade launchers on this computer (several pictures in one folder) Where are they located and what is the status of these pictures Click here to enter text Examine the metadata (EXIF data) associated with the pictures and report any finding Click here to enter text Find any user created docx files that may be of value and recorded the author based on the metadata Click here to enter text Find the folder titled posters What is the full path of this folder (ie C Windows ) Click here to enter text Did the user try to hide the files in this folder How Click here to enter text What is the user's full email address Click here to enter text Who has the user been in contact with via email Click here to enter text Where did the file Trip zip come from, and where is it now Click here to enter text What does this file contain Click here to enter text What search terms has this user searched the Internet for that might be relevant When exactly did each of those searches take place Click here to enter text Did the user access the pictures of RPG launchers you found earlier What proof do you have Click here to enter text Give a brief executive level case summary write up Include information on what organization the owner of the computer belongs to, who his contact is and what organization he belongs too and any other information you think may be relevant to the investigation Click here to enter text

The Answer is in the image, click to view ...

Question: Learning Objective : Using the correct tool to analyze a forensic image and recover various artifacts of value. Narrative :Online monitoring of extremist websites has

Learning Objective: Using the correct tool to analyze a forensic image and recover various artifacts of value.

Narrative:Online monitoring of extremist websites has identified an individual that may be linked with possible extremist organizations. Subpoena requests to the internet service providers based on the suspect's IP address have led investigators to a specific residence.

A team entered suspect's residence and found a powered down Dell laptop computer. The suspect was not present. Triage indicated that files of possible value might be found and that a full forensic exam would be beneficial.

They were able to create a forensic image on scene and bring it back for you to analyze.Your task is to analyze the forensic image file using any tools/techniques we have covered and answer the following questions. Please be specific and include where you found the answer. Use screenshots were appropriate or convenient.

Assume all the tools we have been using have been validated and approved for use and use only the tools I've provided. When analyzing a multipart forensic image file, you only need to add/point to the first (*.E01) file, and make sure all the image files are together in one folder.

Artifact Questions

Verify the Image. What is the verification hash value of this image?

Click here to enter text.

How many partitions are there on this image? Which one contains User data?

Click here to enter text.

What is the Computer Name?

Click here to enter text.

What version of Windows is this user running?

Click here to enter text.

When was this version of Windows installed?

Click here to enter text.

Who is the registered owner of this computer?

Click here to enter text.

When was this computer last shut down?

Click here to enter text.

There were several different USB mass storage devices plugged into this computer. How many and what brand were these devices?

Click here to enter text.

What is the time zone setting on this computer?

Click here to enter text.

There is a folder with a series of pictures of Rocket Propelled Grenade launchers on this computer (several pictures in one folder). Where are they located and what is the status of these pictures?

Click here to enter text.

Examine the metadata (EXIF data) associated with the pictures and report any finding.

Click here to enter text.

Find any user created ".docx" files that may be of value and recorded the author based on the metadata.

Click here to enter text.

Find the folder titled posters.
1. What is the full path of this folder? (ie. C:\Windows\...)

Click here to enter text.

Did the user try to hide the files in this folder? How?

Click here to enter text.

What is the user's full email address?

Click here to enter text.

Who has the user been in contact with via email?

Click here to enter text.

Where did the file Trip.zip come from, and where is it now?

Click here to enter text.

What does this file contain?

Click here to enter text.

What search terms has this user searched the Internet for that might be relevant? When exactly did each of those searches take place?

Click here to enter text.

Did the user access the pictures of RPG launchers you found earlier? What proof do you have?

Click here to enter text.

Give a brief executive level case summary write-up. Include information on what organization the owner of the computer belongs to, who his "contact" is and what organization he belongs too and any other information you think may be relevant to the investigation.

Click here to enter text.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Computer Network Questions!

Question: What as the average weekly safety inventory level of refined sugar from the beginning January 2022 to the end of July 2022? A. 512,465.9691 metric tons per week B. 316,002.1474 metric tons...

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

Python and most Python libraries are free to download or use, though many users use Python through a paid service. Paid services help IT organizations manage the risks associated with the use of...

ABC Pty Ltd would like to set up a Virtualisation Platform on their organisation. You have been hired by Company to be their network and system administrator to implement virtualisation for...

Determine the total dividends paid in each year to each class of shareholders of Exercise 13-10 under the assumption that the preferred shares are non-cumulative. Also determine the total dividends...

Write up the asset, capital and liability accounts in the books of D. Gough to record the following transactions: 2012 June 1 Started business with 16,000 in the bank. 2 Bought van paying by cheque...

In the first circuit of the last exercise, assume that the probabilities pi are all equal. What value should each pi be so that the probability of electricity transmission through the circuit is 99%?

The manufacturer in Problem 2-24 now has a standing order of 24 model A motors for each production period. Resolve Problem 2-24 to include this additional constraint. In problem 2-24 A small motor...

HIf there is a Model API that is suited for your learning problem and its performance on the relevant aspect you are interested in is not sufficient, you should... Group of answer choices consider...

1. If you were to manage this project: (a) How would you have written up the project scope statement? Include the following elements in the scope statement: objectives, deliverables, and constraints....

(3) Kamal Corporation issued a 3- year bonds at face value of $200,000 on Jan. 1, 2020, a stated interest rate of 8%, and market rate of 8%. Prepare Kamal's journal entries for 2020 and 2022. Answer:...

Scenario Larry, the head of Marketing has heard about you. And at TNH Tires, like much of the rest of the world, the reward for good work is more work. Larry: Thank you so much for making time for...

Pick a resource and data set that CloudWatch monitors and collects. How would the use of CloudWatch make a difference in your cloud maintenance? How will you use the data gathered by CloudWatch? Will...

What is the overhead application rate per direct labor hour? * (1 Point) BREAD Co. uses a job order costing system. At the beginning of January, the company had 2 jobs in process with the following...

Feedback Print A 5 nC charge is located at the origin. What are the electric fields at the positions A = (10 cm, 0 cm), B = (-10 cm, 10 cm), and C = (-10 cm, -10 cm)? Write each electric field vector...

A History Achievement Test out of 80 points is administered to a Grade 10 class of 30 students. Their scores are randomly listed below. 78 46 61 49 58 61 64 58 55 80 40 52 78 55 63 55 49 59 64 58 53...

I have provided a link to each of the referenced files. This problem is for python. https://raw.githubusercontent.com/gsprint23/cpts215/master/progassignments/files/tweet1.txt...

United Business Forms capital structure is as follows: Debt ............................................ 35% Preferred stock ........................... 15 Common equity .......................... 50...

34. Suppose that the number of plants of a particular type found in a rectangular region (called a quadrat by ecologists) in a certain geographic area is an rv X with pmf p(x) { c/x3 x 1, 2, 3, . ....

28. Show that the cdf F(x) is a nondecreasing function; that is, x1 x2 implies that F(x1) F(x2). Under what condition will F(x1) F(x2)?

12.31 Can people tell the difference between a female nose and a male nose? This important (?) research question was examined in the article You Can Tell by the Nose: Judging Sex from an Isolated...