Quiz Computer Forensic & Investigation Essay
Quiz Computer Forensic & Investigation
Hanley Strappman, 37, was trying to learn about the Computer and Digital Forensics program at Champlain College. He was able to obtain some files, which he put on a floppy disk. To disguise his espionage, he decided to smuggle the floppy back home after altering the files so that they couldn’t be read using the ordinary DOS/Windows file manager.
His deception was discovered, however, and the floppy has been recovered. Some of your counterparts have already tried to examine the disk to no avail. Upon discussions with Hanley, he has boasted that there are three files on the disk but that “You’ll never know what I got!!” You are being provided with a forensically true and accurate copy of Hanley’s floppy disk. You are asked to examine the floppy disk and provide answers to a few questions about the integrity of the data that was recovered (in terms of maintaining the evidentiary chain), the recovery of certain information, and any actions that the suspect may have taken to intentionally delete, hide and/or alter data on the floppy disk. Good Luck!
Using the software tools provided to you in class, audit the disk and conduct a full analysis of any artifacts found on the media. The following questions must be completed in the time allotted:
The Questions 1. What is the name and address of the person to whom Hanley wrote a letter?
Dr. John Watson 8295 Martha Lane Los Alamitos, CA 90720
2. Who is in the picture that Hanley obtained?
Lewis Carroll, Edith, Lorina and Alice Lidell
3. What is the information that Hanley supplied in a password-protected form?
A file named “curriculum” in Microsoft Excel format.
4. What are the names of the files on the floppy? Each was hidden or obscured in a different way; indicate how you found the files and how you recovered the information.
The file name is cc_stuff.exe Change the format to the .zip format and enter the password to get the information
5. Where did you find the password?
By using PRTK software, inside the evidence image at the pwd