Lab - Raw Image Analysis with Autopsy

Lab Scenario

You are investigating a crime scene and find a hard drive taped under a desk in the room of the alleged criminal. You take it to the forensics department and they duplicate the hard drive. Use Autopsy to analyze the replicated hard drive and examine the contents.

Lab Objectives

Learn how to perform an analysis of a file system which includes the filesystem type, Metadata, and Content.

Lab Environment

Kali Linux

Lab Duration

Time: 20 Minutes

Lab Information

Starting Screen

-A tells hping to set the ACK flag for the packet and –p specifies which port on the remote host to send stuff to.



Select File Type

-F –P –U tells hping to set the FIN, PUSH, and URG flags respectively.

 

 

Select File Location

-1 puts hping in ICMP mode.




Deep Scan


-9 is hping’s listen mode. HTTP tells hping to listen for HTTP traffic and –I tells hping which interface to listen on.




Scan Results

--rand-dest tells hping to replace the x with a random number in the 1-255 range.




SEQUENCE NUMBER COLLECTING

-Q tells hping to only display the sequence numbers and –S sets the SYN flag.




SYN SCAN

-8 tells hping to operate in scan mode, -V is verbose, and 50-56 is to scan ports 50-56.

 


UDP MODE

-2 puts hping in UDP mode

 

Return%20to%20Cyberninja