Answer the following questions, using TSK. Make sure to justify your answers and include the commands you used and the output you got from those commands.

Suljettu Julkaistu 2 vuotta sitten Maksettu toimituksen yhteydessä
Suljettu Maksettu toimituksen yhteydessä

Given [login to view URL]:

1. What is the type of the file system?

2. What is the volume label?

3. What is the sector size?

4. What is the cluster size?

5. List the first four undeleted files that are stored in the image file. Make sure to indicate the following information: file name, file size, starting sector, ending sector, and whether the file is fragmented or not.

6. What is the command that extracts all the unallocated blocks and saves it in a file called [login to view URL]

7. List all the allocated metadata (inode) entries using the default tsk layout.

8. List all the unallocated metadata entries using the mactime tsk layout.

9. Using fls command list all the files that were deleted in the image file.

10. Using fls command list all the directories that are undeleted in the image file.

11. Recover the first four deleted files. The first two using fcat, and the other two using icat.

Make sure to display the contents of each recovered file and whether it is recovered properly or not.

Digital Forensics

Projektin tunnus: #32258374

Tietoa projektista

Etäprojekti Aktiivinen 2 vuotta sitten