Professional Documents
Culture Documents
DTF Skill 7: 19Cs3259S-Digital Forensics
DTF Skill 7: 19Cs3259S-Digital Forensics
Task 1: In this activity you will examine several files to determine their signatures and
then look up those values.
Q1. What is the file signature, file type, and file extension associated with File1?
Signature: 50 4B 03 04 14 06 00 00
Q2. What is the file signature, file type, and file extension associated with File2?
Signature: D0 CF 11 E0 A1
Q3. What is the file signature, file type, and file extension associated with File3?
Signature: 25 50 44 46
Q4. What is the file signature, file type, and file extension associated with File4?
Signature: 53 43 43 41
Extension: PF
Q5. What is the file signature, file type, and file extension associated with File5?
Signature: 4C 00 00 00
Extension: LNK
Q6. What is the file signature, file type, and file extension associated with File6?
Signature:4D 5A 90 00
Extension: API, AX
Q7. What is the file signature, file type, and file extension associated with File7?
Signature: 4D 5A 90 00
Extension: API, AX
Q8. What is the file signature, file type, and file extension associated with File8?
Signature: FF D8 FF E0
Task 2: In this task you will examine meta data contained within Microsoft Office files.
2
19CS3259S- DIGITAL FORENSICS
Charles Galileo
Michael Robinson
Q5. What is the benefit of looking through the properties this way as compared to looking
at properties from within the Microsoft Word application?
Task 3: In this activity you will examine EXIF data stored in the header of a graphics file.
3
19CS3259S- DIGITAL FORENSICS
Q1. When was the picture taken?
Apple iPhone 5s
Q3. Was the picture taken with the front camera lens or the back camera lens?
Q4. What were the GPS coordinates of the camera/phone when the picture was taken?
Viva Voce:
1. What is the difference between stand-alone and networked computers?
On a stand-alone computer, the operating system automatically sets up the computer. On a network computer,
the computer is joined to a domain and the administrator has to specify the domain name and join the computer.
Benefits of having a stand-alone computer is that you are not bound by a separate administrator.
A benefit of having a network computer is that users do not have to manage items such as updates as these are
taken care of by the administrator.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether
to allow or block specific traffic based on a defined set of security rules.
A sniffer is a software or hardware tool that allows the user to “sniff” or monitor your internet traffic in real time,
capturing all the data flowing to and from your computer.
There are two basic types of nfats: “Catch-it-as-you-can systems” which capture network traffic, has the ability to
store large amounts of data and is able to analyze that data in batch mode;
and “stop, look and listen systems” which analyze each packet but without the storage capacity of the other.
Honeypots are decoy systems or servers deployed alongside production systems within your
network. When deployed as enticing targets for attackers, honeypots can add security monitoring
opportunities for blue teams and misdirect the adversary from their true target.