Follow the instructions from the professor and book.
Put screenshots in "Instructions from Professor" word file.
Find me if you can.txt and GCFI-bs01.E01 are the data files used in the project.
CST3520 Computer Forensics, Spring 2020 (Bonus) – Hash Database & Hex Workshop Due: May 22 at 11:59 pm, Total: 50 pts Task 0: Download the ch09 hands on data files. Remember to unzip the files. Hash database in Autopsy Task 1: Create a new Hash Database in the Autopsy with the following four know hash values. Set the Hash set name as “Special Project-A”. Include the screenshots of your process (10 pts). (hint: steps 9 and 10 from the instructions in the hands-on project 9-3) ac2b0302898631a7b2e1feb5bd50bd1e 685f50ac4b7a03a87c8b98d1220269fa ed81b47e8e6ca096194f86cf8a513feb 385f3e2f21a52c0d0d5e8cf41673b26f Task 2: Follow the instructions in the hands-on project 9-3. After completing the step 3, find out how many HashSet hits from the result at the left-hand side (10 pts). What are those matched files? Provide a screenshot to support your finding. (10 pts) Hex Workshop Task 3: Download and install the Hex workshop from http://www.hexworkshop.com/. Include a screenshot of the runnable Hex Workshop (10 pts). Task 4: Recover the original message from “Find me if you can.txt” and include the screenshots of your process (10 pts). You already know that the file used the “Rotate Left” and treated the data as “32-bit unsigned long” and the byte ordering is “Little Endian”. You can enable the “Data operation” tool bar by selecting from “Options” -> “Toolbars” -> “Data operation”. Hands-On Project 9-3 For this project, you collect and add hash values from the GCFI-bs01.E01 image to the Special Project-A hash database. The files of interest are documents associated with special projects for Superior Bicycles, Inc. Follow these steps: 1. Start Autopsy for Windows. Click the Create New Case button. In the New Case Information window, enter Proj0903 in the Case Name text box, and click Browse next to the Base Directory text box. Navigate to and click your work folder, and then click Next. In the Additional Information window, type Proj0903 in the Case Number text box and your name in the Examiner text box, and then click Finish. 2. In the Select Data Source window, click the Browse button next to the “Browse for an image file” text box, navigate to your work folder and click the GCFI-bs01.E01 file, and then click Open. Click Next. 3. In the Configure Ingest Modules window, click the Hash Lookup check box. In the “Select known hash databases to use” list box, click to clear the NISTFile-nnnm.txt-md5 check box, and then click the Special Project-A check box. Under the Hash Lookup check box, click the File Type Identification, Keyword Search, PhotoRec Carver, and E01 Verifier check boxes. Click the Calculate MD5 even if no hash database is selected check box, and click Next and then Finish. 4. When Autopsy finishes its analysis, go to the Tree Viewer pane, expand Data Sources, and navigate to the path GCFI-bs01.E01\Users\Bob Swartz\Documents\Special Project A\Design Specs. 5. In the Result Viewer pane, Ctrl+click all Special Project A files with a .docx extension. (Ignore files beginning with the tilde (~) character or files with .tmp and .docx-slack extensions.) Right-click this selection, point to Tag File and Quick Tag, and click Special Project-A. 6. Click Generate Report at the top. In the Generate Report window, click the Results - Excel option button in the Report Modules section, and then click Next. In the Configure Artifact Reports window, click the Tagged Results option button, click the Special Project-A check box, and then click Finish. 7. When the report has been generated, click the Results - Excel pathname in the Report Generation Progress window, and then click Close. In the Excel file, examine the contents of the Tagged Files sheet. Scroll to column I, labeled Hash, and review the hash values. When you’re finished, save the Excel file as Proj0903-Report in your work folder. Leave this file open for the next steps. 8. In column I in the Tagged Files sheet, copy the four MD5 hash values in rows 2 through 5. 9. Click Tools, Options from the Autopsy menu, and in the Options window, click the Hash Databases icon. 10. In the Hash Databases list box, click Special Project-A, and in the Hash Database Information section, click Add Hashes to Database. In the Add Hashes to Database dialog box, click Paste From Clipboard, click Add Hashes to Database, and click OK twice. 11. Exit Excel, click Close Case in Autopsy, and then leave Autopsy running for the next project.