Question

1 Approved Answer

Posted on Sep 26, 2024

Identity Theft Answer the following questions (provide screenshots and your supporting data as evidence) Image link: 1. Creating the Case and Adding Evidence USE FTK

image text in transcribed

Identity Theft Answer the following questions (provide screenshots and your supporting data as evidence) Image link: 1. Creating the Case and Adding Evidence USE FTK to create a new case called ID THEFT 2, then add the ID THEFT 2.e01 image https://drive.google.com/file/d/1IGek-X0wmsQwROmyo5D28LpvY1tKmG 5/ view?usp=sharing with only the processing options shown below. Create and submit a screenshot of the options to proof your effort. i. MD5 Hash (2 point) ii. SHA1 Hash ( 2 point) iii. Flag Duplicate Files (2 point) iv. Expand Compound Files (2 point) v. Flag Bad Extensions (2 point) vi. gtthearch Text Index ( 2 point) 2. How many files were loaded on ID THEFT 2.e01 disk image case? (2 points) 3. Carve the ID THEFT 2.e01 disk image. Use the default carved option. How many carved data files were found? Provide screenshot as evidence of your findings. (3 points) 4. Processing the Recycle Bin (20 points) Analyze the Recycle Bin information contained in the Recycler folder at the root of the drive and then answer the following questions. Provide screenshot as evidence of your findings. i. How many users' SID in the Recycler folder? ii. List all user ID numbers. iii. Which user deleted the NTFS Recycled Test File1.doc file? iv. How many gif files were found in ID THEFT 2.e01? v. Briefly describe the content of file "made the news.jpg". 5. What is the difference between the Recycled and Recycler folders? ( 5 point) 6. Name two pieces of evidentiary information contained in an INFO2 record. (2 points) 7. True or False: Recycle Bin functionality tracks removable media deletions. (2 point) 8. What is an Orphan folder? (5 point) Identity Theft Answer the following questions (provide screenshots and your supporting data as evidence) Image link: 1. Creating the Case and Adding Evidence USE FTK to create a new case called ID THEFT 2, then add the ID THEFT 2.e01 image https://drive.google.com/file/d/1IGek-X0wmsQwROmyo5D28LpvY1tKmG 5/ view?usp=sharing with only the processing options shown below. Create and submit a screenshot of the options to proof your effort. i. MD5 Hash (2 point) ii. SHA1 Hash ( 2 point) iii. Flag Duplicate Files (2 point) iv. Expand Compound Files (2 point) v. Flag Bad Extensions (2 point) vi. gtthearch Text Index ( 2 point) 2. How many files were loaded on ID THEFT 2.e01 disk image case? (2 points) 3. Carve the ID THEFT 2.e01 disk image. Use the default carved option. How many carved data files were found? Provide screenshot as evidence of your findings. (3 points) 4. Processing the Recycle Bin (20 points) Analyze the Recycle Bin information contained in the Recycler folder at the root of the drive and then answer the following questions. Provide screenshot as evidence of your findings. i. How many users' SID in the Recycler folder? ii. List all user ID numbers. iii. Which user deleted the NTFS Recycled Test File1.doc file? iv. How many gif files were found in ID THEFT 2.e01? v. Briefly describe the content of file "made the news.jpg". 5. What is the difference between the Recycled and Recycler folders? ( 5 point) 6. Name two pieces of evidentiary information contained in an INFO2 record. (2 points) 7. True or False: Recycle Bin functionality tracks removable media deletions. (2 point) 8. What is an Orphan folder? (5 point)