CSC4450编程写作、辅导C/C++编程语言

” CSC4450编程写作、辅导C/C++编程语言Digital ForensicsExercise #1:Please submit all answers on Blackboard!Materials and Programs:Villanova_CSC4450_Forensics virtual machine all Objectives should be done within your virtual environment.EnCase Imager (Needed for Objective #2) (download link)OPTIONAL EXERCISE – Kali Linux Boot CD (download link)Objective #1 – Creating a forensic image of a local device:Be sure the virtual machine is turned off before adding the Following virtual drives.Add a 1GB virtual hard drive to your Villanova_CSC4450_Forensics virtual machine. I would recommend the following settings:oHard disk file type = VDIoStorage on physical hard drive = Dynamically allocatedoFile location and size = FAT32.vdi 1 GBoFormat this virtual drive as a Master Boot Record, FAT32 volumeAdd a 2GB virtual hard drive to your Villanova_CSC4450_Forensics virtual machine. I would recommend the following settings:oHard disk file type = VDIoStorage on physical hard drive = Dynamically allocatedoFile location and Size = NTFS.vdi 2 GBoFormat this virtual Drive as a Master Boot Record, NTFS volumeCopy two small files, Any files (i.e. text files, graphic files, Adobe files, Office document, etc.) to your 1GB FAT32 virtual hard driveDelete one of the files you just copied to the 1GB FAT32 virtual hard drive.Using FTK Imager, create an E01 and a raw (DD) forensic image of your 1GB FAT32 virtual hard drive. You can save the forensic image file to the desktop of your virtual machine.Once complete, open and compare the acquisition log files.1.What is the MD5 hash value of the E01 Forensic image?2.What is the file size of the E01 forensic image?3.What is the MD5 hash value of the DD forensic image?4.What is the file size of the DD forensic image?Open the forensic image files (E01 or DD) in FTK Imager and explore the contents.5.Did you find your deleted file in the root folder?CSC4450作业写作、辅导C/C++编程语言作业、写作Java、Python课程作业Objective #2 – Preparing target/destination media for forensic use (i.e. sanitizing and/or wiping):Verify that you dont need any files on your 1GB FAT32 virtual hard drive!Double check that you dont need any files on your 1GB FAT32 virtual hard drive!Triple check that you dont need any files on your 1GB FAT32 virtual hard drive!Wipe your 1GB FAT32 virtual hard drive using Guidance Softwares EnCase Imager.oLaunch EnCase ImageroClick on TOOLSoSelect WIPE DRIVEoSelect NEXToSelect the physical 1GB virtual hard drive (Be sure to choose the correct drive when wiping devices in a real scenario!) (example of what you should see)oSelect VERIFY WIPED SECTORSoProvide a WIPE CHARACTER in HEX (default is 00) choose 0xDFoSelect FINISHEDoType YESNow it is time to second-guess-yourself that You actually selected the right drive to wipe!Launch FTK ImagerAdd the physical 1GB drive as an evidence itemVerify that all sectors are reporting the value of 0xDF (or whatever hex value was used in the wiping processing).Create an E01 forensic image of your 1GB FAT32 virtual hard drive. You can save the forensic image file to the desktop of your virtual machine.6.What is the MD5 hash value of the E01 forensic image?7.What is the file size of the E01 forensic image?8.Why is it important to wipe all staging media that will be used for forensic analysis?9.Forensic investigators work with hard disk forensic images because?A.The image files are smaller than the actual hard disk filesB.Only the image files contain forensic evidenceC.The image file can be safely examined without damaging the original evidenceD.The original storage device cannot be analyzed without the original computerObjective #3 (OPTIONAL) Create a forensic image using Kali Linux Boot CDFollow the steps detailed in the following link: https://nest.unm.edu/files/2713/9251/5584/Tutorial_5_-_Kali_-_dcfldd_Imaging.pdfObjective #4 (OPTIONAL) – Create a forensic image over the network using Kali Linux Boot CDYou can use two physical machines as long as they are on the same network or use two virtual machines.Create two new virtual machines:oSuspect1 GB virtual hard drive256 MB RAM or 512 MB RAM depending on your laptops capabilitiesConfigure the network adapter to BridgedConfigure the CDROM to use a copy of the Kali Boot CD.oTarget3 GB virtual hard drive256 MB RAM or 512 MB RAM Depending on your laptops capabilitiesConfigure the network adapter to BridgedConfigure the CDROM to use another copy of the Kali Boot CD.Boot each virtual machines.Configure the SUSPECT virtual machineoOpen TerminaloConfigure the Targets IP address to 192.168.0.2ifconfig eth0 192.168.0.2oPartition the 1 GB hard drivefdisk -l (this command will list all of the hard drives attached to the VM. There should only be one (i.e. /dev/sda)).fdisk /dev/sdan (for new partition)p (for primary)ENTER (accept the default value)ENTER (accept the default value)w (for write new partition to disk)oFormat the newly created partition with an NTFS volumemkntfs /dev/sda1Configure the TARGET VM Open TerminaloOpen TerminaloConfigure the Targets IP address to 192.168.0.1ifconfig eth0 192.168.0.1oPartition the 3 GB hard drivefdisk -l (this command will list all of the hard drives attached to the virtual machine. There should only be one (i.e. /dev/sda)).fdisk /dev/sdan (for new partition)p (for primary)ENTER (accept the default value)ENTER (accept the default value)w (for write new partition to disk)oFormat the newly created partition with an NTFS volumemkntfs /dev/sda1oMount the newly Created volumeCreate a mounting pointmkdir /media/hdMount the Volumemount /dev/sda1 /media/hdStart netcat listener on TARGEToOpen Terminalonc -nlvp 3333 | dcfldd of=/suspect.ddStart netcat listner of SUSPECToOpen Terminalodcfldd if=/dev/sda1 | nc 192.168.0.1 3333The acquisition process will start and you should start seeing activity on the TARGET virtual machine.When you see the following on the SUSPECT virtual machine, hit CONTROL-C to stop the process.You should see the following on the TARGET virtual machine after hitting CONTROL-C on the SUSPECTs virtual machine.如有需要，请加QQ：99515681 或邮箱：99515681@qq.com

“