Week 3 Laboratory

Week 3 Lab Part 1: Automate Digital Evidence Discovery Using Paraben’s P2 Commander
Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks: * Open an existing case file using P2 Commander * Analyze the data in the image and the files saved in the case * Sort and identify evidence file types in a case using Paraben's P2 Commander forensic tool * Use P2 Commander to identify information for potential evidence contained in chat logs such as Skype chat * Analyze the contents of user profiles and data using the P2 Commander browser

Week 3 Lab Part 1 - Assessment Worksheet

Overview View the Demo Lab available in the Practice section of Learning Space Unit 5 and then answer the questions below. The video will demonstrate the use of Paraben's P2 Commander and outline the different forensics capabilities of the tool. Lab Assessment Questions & Answers 1. When talking about Information Security, what does the 'CIA' stands for?
CIA in information security stands for confidentiality, integrity and availability. 2. When would it be a good practice to classify data?
It would be a good practice to classify data when you need to extract files from a hard drive or system for investigating in order to accurately organize the findings. 3. What is Security classification?
Security classification is the security level assigned to a government document, file, or record based on the sensitivity or secrecy of the information. The four most common classification levels are top secret, secret, confidential, and restricted. 4. What are some challenges in capturing data with a RAID array?

5. What is a “smear” in forensic terms?
A “smear” in forensic terms is a partial piece of information that could potentially important for digital investigators to determine to source of. 6. What are some challenges you may encounter in acquiring evidence in a storage area network (SAN).

7. What are some tools that allow capture of volatile memory (RAM)?

8. What is an open source tool that allows for the analysis of volatile memory?

9. Why would a forensic investigator be interested in analyzing the RAM of a system?

10. What are two methods of capturing data in virtual machines?

Proceed to Part 2

Week 3 Lab Part 2: Apply Steganography to Uncover Modifications to an Image File
Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks: * Use the S-Tools for Windows utility to search for possible steganographic activity embedded in image files * Extract a cipher key text file * Identify the use of steganographic data concealment techniques for covert communication and potential injected data * Extract steganographically-sequestered data from identified image files while conserving their integrity * Report the details of hidden files

Week 3 Lab Part 2 - Assessment Worksheet

Overview View the Demo Lab in the Practice section of Learning Space Unit 6 and answer the questions below. This demonstration will show the use of S-Tools and the Windows Image viewer to properly identify and extract embedded data in a carrier image.

Lab Assessment Questions & Answers 1. What position is typically the least significant bit in a binary number?

2. What do the terms Little Endian and Big Endian deal with?

3. Attempt to describe a legitimate business need to leverage steganography.

4. Identify 3 Steganography tools not used in the lab.

5. What tools can be used to detect steganography?

6. What is steganography?
Steganography is the art of hiding secret messages among non-secret files, videos, or other messages. 7. What is Cryptology?

8. What is the difference between steganography and cryptology?

9. How can you protect the data that is hidden inside other files in case it is found?

10. What methods are usually used when hiding images, audio and video files?