Professional Documents
Culture Documents
Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan
Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan
Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan
DIGITAL FORENSICS
LAB
Assignment 03
SUBMITTED TO:
MA’AM MAIRA SULTAN
SUBMITTED BY:
MUSAAB IMRAN
(20I-1794)
1
Musaab Imran Digital Forensics CY-4T
Contents
Question# 01 ........................................................................................................ 3
network_capture.pcap ..................................................................................... 3
Question# 02 ...................................................................................................... 13
a. dict_attack.zip .......................................................................................... 13
b. suspect.zip ................................................................................................. 14
Question# 03 ...................................................................................................... 16
a. metadata.docx .......................................................................................... 16
b. metadata.jpg ............................................................................................. 20
2
Musaab Imran Digital Forensics CY-4T
Question# 01
In task 01 I used Wireshark to have an in-depth analysis of the pcap file shared. The tool was
also used to extract the asked information.
network_capture.pcap
1. How many packets are in the capture?
• Go to Statistics.
• Then go to Capture file properties.
3
Musaab Imran Digital Forensics CY-4T
3. What date/time was the first packet captured? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)?
• Go to Statistics
• Go to HTPP
4
Musaab Imran Digital Forensics CY-4T
• Go to Statistics
• Go to Endpoints
5
Musaab Imran Digital Forensics CY-4T
6. By a number of packets, what two IP addresses were the endpoints for the
largest conversation on port 80?
• Go to Statistics
• Go to Endpoints
6
Musaab Imran Digital Forensics CY-4T
7
Musaab Imran Digital Forensics CY-4T
• Go to Statistics
• Go to Resolved Addresses
8
Musaab Imran Digital Forensics CY-4T
9. What is the MAC address of the device with the IP address 192.168.1.105? (Use
the ##:##:##:##:##:## format)?
For finding the MAC address of the device we applied the filter of the IP given.
ip.addr = = 192.168.1.105 command was used.
• Go to Details
• Go to Ethernet II
• Go to Source
MAC address of the device with the IP = 192.168.1.105 = 00:08:74:38:01:b4
9
Musaab Imran Digital Forensics CY-4T
10. The pcap file contains multiple connections to the site www.turtlefiji.com.
• Go to file
• Go to export objects
• Go to HTTP
• Search for the key word “turtlefiji” all the connections with the “www.turtlefiji.com”
are displayed.
10
Musaab Imran Digital Forensics CY-4T
• Go to file
• Go to export objects
• Go to HTTP
11
Musaab Imran Digital Forensics CY-4T
• snorkeling1_th.jpg
12
Musaab Imran Digital Forensics CY-4T
Question# 02
I couldn’t crack the passwords using the dictionary.txt provided. The tools like passware,
PassFab for zip, and john ripper weren’t able to crack the passwords. So, I used the
rockyou.txt file, which is kali’s wordlist having a password dictionary.
I used fcrack to crack the passwords of the two zips.
13
Musaab Imran Digital Forensics CY-4T
When applied brute force another password was found for dict_attack.zip and this password
also works.
Password = 111111
OR
Password = rockyou.tH[
14
Musaab Imran Digital Forensics CY-4T
When applied brute force another password was found for suspect.zip and this password also
works.
Password = charlie
OR
Password = rockyou.txM
15
Musaab Imran Digital Forensics CY-4T
Question# 03
You are provided with metadata.docx and metadata.jpg. You are required to analyze the files
using any tool and answer the following questions:
I used the ExifTool for the analysis of both of the files and the respective information was
extracted.
a. metadata.docx
16
Musaab Imran Digital Forensics CY-4T
3. What is the date/time of when the document was created? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)
17
Musaab Imran Digital Forensics CY-4T
18
Musaab Imran Digital Forensics CY-4T
6. In minutes, what is the total amount of time that the document has been edited?
• The total amount of time the document has been edited is 40 minutes.
7. What is the name of the company where this document was drafted?
• Name of the company where the document was drafted: Department of Justice.
19
Musaab Imran Digital Forensics CY-4T
b. metadata.jpg
20
Musaab Imran Digital Forensics CY-4T
9. What is the date/time of when the picture was taken? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)
11. According to the EXIF data what state was the picture taken in?
22