Lab - Performing File System Analysis with The Sleuth Kit

Lab Scenario

You are investigating a company breach, however they suspect it is an inside job. It is your job to scan all the systems to find the leak. Use The Sleuth Kit to make the search faster.

Lab Objectives

Learn how to perform an analysis of a file system which includes the filesystem type, Metadata, and Content.

Lab Environment

Windows 10

Lab Duration

Time: 15 Minutes

Lab Information

Starting Screen

-A tells hping to set the ACK flag for the packet and –p specifies which port on the remote host to send stuff to.

Select File Type

-F –P –U tells hping to set the FIN, PUSH, and URG flags respectively.



Select File Location

-1 puts hping in ICMP mode.

Deep Scan

-9 is hping’s listen mode. HTTP tells hping to listen for HTTP traffic and –I tells hping which interface to listen on.

Scan Results

--rand-dest tells hping to replace the x with a random number in the 1-255 range.


-Q tells hping to only display the sequence numbers and –S sets the SYN flag.


-8 tells hping to operate in scan mode, -V is verbose, and 50-56 is to scan ports 50-56.



-2 puts hping in UDP mode