Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Sergioramos
New Today: 1
New Yesterday: 0
Overall: 29353

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 A question for students and newbies
 E-DISCOVERY & DATA RECOVERY? WHICH ONE IS BETTER?
 Computer Forensic in e-commerce
 Computer Forensic as component in Information Security
 Small Business - Do You Prepared?

Computer Forensics World Forums


Pages Served
We received
51193762
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - File investigating
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

File investigating

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 10:26 am    Post subject: File investigating Reply with quote

I have 3 files that need investigating preferably using encase or ftk...

From the 3 files I need to get the following information

Correct Windows file type and extension,
file header and footer,
MD5 hash
Internal structure of the file this should be a technical breakdown identifying and interpreting the binary content of the file in detail
Information contained in the file

If you could screenshot the steps It would be good

I would pay someone to do this but unfortunately I need it all today and [/list]
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon May 05, 2014 10:30 am    Post subject: Reply with quote

Do you have access to FTK or EnCase? Which would you prefer to have directions to use?

What is the purpose? School? Court? If it is either of those, having someone do your work for you would not be viewed favorably.
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 10:37 am    Post subject: Reply with quote

I have ftk and it's for school. I understand it's not favourable but I am desperate
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 10:39 am    Post subject: Reply with quote

Even if someone gives me guidance on how to do it, I would appreciate it
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon May 05, 2014 11:37 am    Post subject: Reply with quote

In FTK start a new case.
Add evidence items.
Choose the files.
FTK will give you a warning about adding live evidence. You can choose to create an image or ignore the warning and add the files.
Click through the steps until you get to the processing options, with only three files leaving the defaults will give you more info than you need but it will be plenty quick.
Process the files.

Let me know when you are that far.
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 11:52 am    Post subject: Reply with quote

Iv tried that but it won't work.

Can I send you the files and you can explore them and see what is required. Don't do it for me but gives guidance.

Email me on "msufi2005@hotmail.co.uk"

Its 3am here in UK so I need to sleep.. But please help me

Moderator Note: Direct links are not allowed.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Mon May 05, 2014 12:20 pm    Post subject: Reply with quote

Have you discussed the issue of "It won't work" with your instructor? I am sure they would be happy to take the time to show you what you are doing wrong. Of course, if you waited until the last minute to start working on a project, they may show as much interest in helping you as you are showing in the course.
I seriously doubt you will find anyone on here willing to do your homework for you.
I might point out to you that there are MANY instructors that are members here, maybe even yours.
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 12:47 pm    Post subject: Reply with quote

I totally understand ,and my instructor couldn't help me because I havd been ill for last 4 months and they would rather I did my final year again. Unfortunately I can't financially afford to repeat the year again.
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 12:49 pm    Post subject: Reply with quote

Thanks anyways.

I just don't wanna spend 9000.. Am not telling you to do my work.. Just some guidance would be good. Yes I know it's last minute but I had other commitments.
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon May 05, 2014 1:07 pm    Post subject: Reply with quote

What step will not work?

Happy to help, however I will not, nor will anyone I know that frequents this site, do the work. You have to work through the process.
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 2:12 pm    Post subject: Reply with quote

t to start with I have the files on a USB.. Once I add evidence I choose logical drive.. Find my USB and find the files.

I can't do anything with these files now.. Where would I find the file type and extension.. File header and footer etc


It's easier on encase as I found it better to understand
Back to top
View user's profile
Dodge123
Newbie
Newbie


Joined: May 04, 2014
Posts: 8

PostPosted: Mon May 05, 2014 2:15 pm    Post subject: Reply with quote

My apologies for the original question being if someone could do it for me.. Il do it as long as I get some help.

I was only suggesting to give you the files so you could play around with it and guide me better. Sorry
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Tue May 06, 2014 12:52 pm    Post subject: Reply with quote

You did not mention what version of EnCase you are using.

Watch these videos and let me know if those are the steps you followed.

"http://www.youtube.com/watch?v=E5EFstyL-Y8"
"http://www.youtube.com/watch?v=012KOBuVejo"

Please elaborate on "I can't do anything with these files now."

Since you have chosen EnCase you have to do several of the steps that are more automatic in FTK.

In EnCase you have to run the Signature Analysis function, otherwise you will just see the displayed extension and not the extension that is based on the header. Of course you could skip the function and just look at the header manually. You do know how to do that right?
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.