1: Using File Signatures to ID Source Applications and OS Explain how you can use a list...

Question:

1: Using File Signatures to ID Source Applications and OS Explain how you can use a list of file signatures (file types) present on a disk to identify source applications and/or source operating system(s) for individual files. Can you use this information to help determine if files were copied from one platform (e.g. Apple OS-X) to another (e.g. Linux or MS Windows)? Under what circumstances this identification method might be called into question? (E.g. shown to be inaccurate or untrustworthy) 2: Using File Formats, File Signatures, and Metadata to ID Software Versions Research the differences in file formats between MS Office 2003 and MS Office 2007. Explain how file signatures and metadata can be used to determine which versions of MS Office applications (e.g. Word, Excel, and Power Point) were used to create documents, spreadsheets, presentations, etc. In your response you must answer the following questions: 1. what is the major difference in file formats between MS Office 2003 and MS Office 2007 generated files? 2. What are the specific differences in file signatures between MS Office 2003 and MS Office 2007? 3: Hiding Data in Plain Sight (Hands-On Investigation) explain how you can use multiple partitions on a USB to hide information from a casual inspection using MS Windows Explorer. Hint: you may want to experiment with this information hiding technique. To do so, you will need an "empty" USB to practice on, a Windows computer, and a Linux live CD or bootable USB. 1. Boot to Linux 2. Use GPARTED to put two or more partitions on your USB. Copy a few files into each of your partitions. Take screen snapshots to show (a) your partition structures and (b) a directory/files listing for each partition. (Paste each of your snapshots in a single MS Word document file.) 3. Boot to Windows 4. Inspect your USB using Windows Explorer. How many partitions are shown? 5. Using FTK or Encase, inspect the contents of your USB. Do you see all of the partitions and their contents? Why or Why not? Attach your screen snapshots from step 2 to your response to this discussion question. DQ4: Misidentification of File Types during File Carving Some data carving tools will misidentify Office 2007 (and later) files as another type of file when performing file carving and recovery of orphaned files. Identify the file type that can be improperly assigned to Office 2007 files and explain why this misidentification occurs.
Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: