Hands On Project 7 2 The purpose of this project is to become more familiar with the Linux version of Sleuth Kit and Autopsy The best way to learn a tool, especially one that isnt well documented, is to explore its functions Youre encouraged to work in teams for this project and share your findings with other students In this project, you use the image file GCFI datacarve FAT dd from Chapter 3 and analyze it with Sleuth Kit and Autopsy You need a system with a Linux virtual machine and Sleuth Kit and Autopsy installed Follow these steps 1 Copy the GCFI datacarve FAT dd file to your Linux virtual machine with Sleuth Kit and Autopsy installed Start Sleuth Kit and Autopsy In the main window, click New Case In the Create a New Case dialog box, fill in your information (using GCFI datacarve FAT for the case name), and then click New Case 2 In the Creating Case dialog box, click Add Host , and in the Add a New Host dialog box, enter your information, and click Add Host 3 In the Adding host dialog box, click Add Image to continue In the Open Image dialog box, click Add Image File In the Add a New Image dialog box, type the full pathname and the GCFI datacarve FAT dd image filename in the Location text box, click the Partition option button, click the Copy option button for the import method, and then click Next 4 In the Image File Details section, click Add , and in the Testing partitions dialog box, click OK In the Select a volume to analyze or add a new image file dialog box, click the Analyze button 5 In the Analysis dialog box, click File Analysis , and then click Generate MD5 List of Files In the MD5 results window, save the list as GCFI datacarve FAT MD5 txt in your work folder, and close the MD5 results window 6 Next, in the Analysis dialog box, click File Type , click Sort Files by Type , and then click OK When the analysis is finished, print the Results Summary frame of the Web page 7 Click Image Details , and in the General File System Details dialog box, print the frame containing the results 8 Write a report describing the information each function asks for and what information it produces so that you can begin building your own user manual for this tool

The Answer is in the image, click to view ...

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 25, 2024

Hands-On Project 7-2 The purpose of this project is to become more familiar with the Linux version of Sleuth Kit and Autopsy. The best way

Hands-On Project 7-2

The purpose of this project is to become more familiar with the Linux version of Sleuth Kit and Autopsy. The best way to learn a tool, especially one that isnt well documented, is to explore its functions. Youre encouraged to work in teams for this project and share your findings with other students. In this project, you use the image file GCFI-datacarve-FAT.dd from Chapter 3 and analyze it with Sleuth Kit and Autopsy. You need a system with a Linux virtual machine and Sleuth Kit and Autopsy installed. Follow these steps:

1

Copy the GCFI-datacarve-FAT.dd file to your Linux virtual machine with Sleuth Kit and Autopsy installed. Start Sleuth Kit and Autopsy. In the main window, click New Case. In the Create a New Case dialog box, fill in your information (using GCFI-datacarve-FAT for the case name), and then click New Case.
2

In the Creating Case dialog box, click Add Host, and in the Add a New Host dialog box, enter your information, and click Add Host.
3

In the Adding host dialog box, click Add Image to continue. In the Open Image dialog box, click Add Image File. In the Add a New Image dialog box, type the full pathname and the GCFI-datacarve-FAT.dd image filename in the Location text box, click the Partition option button, click the Copy option button for the import method, and then click Next.
4

In the Image File Details section, click Add, and in the Testing partitions dialog box, click OK. In the Select a volume to analyze or add a new image file dialog box, click the Analyze button.
5

In the Analysis dialog box, click File Analysis, and then click Generate MD5 List of Files. In the MD5 results window, save the list as GCFI-datacarve-FAT-MD5.txt in your work folder, and close the MD5 results window.
6

Next, in the Analysis dialog box, click File Type, click Sort Files by Type, and then click OK. When the analysis is finished, print the Results Summary frame of the Web page.
7

Click Image Details, and in the General File System Details dialog box, print the frame containing the results.
8

Write a report describing the information each function asks for and what information it produces so that you can begin building your own user manual for this tool.