Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
1K views

Computer Forensics Lab 1 Report

This document contains MD5 and SHA1 hash values generated by FTK Imager for various files found on an evidence drive image. The hashes were generated for files found in unallocated space, desktop folders, and the recycle bin folder. The lab report notes that EnCase Imager and P2 Commander generated matching hash values to FTK Imager despite differences in letter case formatting between tools.

Uploaded by

Jim
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views

Computer Forensics Lab 1 Report

This document contains MD5 and SHA1 hash values generated by FTK Imager for various files found on an evidence drive image. The hashes were generated for files found in unallocated space, desktop folders, and the recycle bin folder. The lab report notes that EnCase Imager and P2 Commander generated matching hash values to FTK Imager despite differences in letter case formatting between tools.

Uploaded by

Jim
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Computer Forensics Lab 1

FTK Imager MD5 Hashes:


File 043458.csv
MD5,SHA1,FileNames
"4d88b734fef2fc0ea51077c18e37cd20","e22e7b8fde464946fb254c1ce8a428877b0
093b4","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\[unallocated
space]\043458"

Badnotes1.csv
MD5,SHA1,FileNames
"8ff69e959d96e0d9f7d09f9b7c2fd7e0","775717956789a3156112779a0212299d8a
e38f88","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\
[root]\Documents and Settings\Administrator\Desktop\badnotes1.txt"

Badnotes2.csv

MD5,SHA1,FileNames
"1ebd8f793366682e9ba65eb9b9d22075","56e02aaf0a9697e39cbff1bb2be993ef1b
8a2faa","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\
[root]\Documents and Settings\Administrator\Desktop\badnotes2.txt"

DC1.csv

MD5,SHA1,FileNames
"8ff69e959d96e0d9f7d09f9b7c2fd7e0","775717956789a3156112779a0212299d8a
e38f88","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\
[root]\RECYCLER\S-1-5-21-839522115-162531612-2147315267-500\Dc1.txt"

DC2.csv

MD5,SHA1,FileNames
"1ebd8f793366682e9ba65eb9b9d22075","56e02aaf0a9697e39cbff1bb2be993ef1b
8a2faa","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\
[root]\RECYCLER\S-1-5-21-839522115-162531612-2147315267-500\Dc2.txt"

Info2.csv
MD5,SHA1,FileNames
"ffe0bdb5a41ab189ad31164d5b7d0d67","97e8144a076e0e6152f84ffeb955b2f8438
0a20f","evidence_drive.e01.E01\Partition 1 [2555MB]\NONAME [NTFS]\
[root]\RECYCLER\S-1-5-21-839522115-162531612-2147315267-500\INFO2"

15. In the Lab Report file describe how the value produced by EnCase Imager compares to the value produced by
FTK Imager: They have the same MD5 hash.

8. In the Lab Report file describe how the value produced by P2 Commander compares to the value produced by
FTK Imager. The P2 Commander has the same MD5 hash value as FTK imager. But the P2 makes letters
uppercase.

You might also like