Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan

Musaab Imran Digital Forensics CY-4T
DIGITAL FORENSICS
LAB
Assignment 03
SUBMITTED TO:
MA’AM MAIRA SULTAN
SUBMITTED BY:
MUSAAB IMRAN
(20I-1794)
1
Contents
Question# 01 ........................................................................................................ 3
network_capture.pcap ..................................................................................... 3
Question# 02 ...................................................................................................... 13
a. dict_attack.zip .......................................................................................... 13
b. suspect.zip ................................................................................................. 14
Question# 03 ...................................................................................................... 16
a. metadata.docx .......................................................................................... 16
b. metadata.jpg ............................................................................................. 20
2
Question# 01
In task 01 I used Wireshark to have an in-depth analysis of the pcap file shared. The tool was
also used to extract the asked information.
network_capture.pcap
1. How many packets are in the capture?
• Go to Statistics.
• Then go to Capture file properties.
A total of 28248 packets were captured.

2. How long is the capture (use HH:MM: SS format)?
Elapsed time: 03:30:18
3
3. What date/time was the first packet captured? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)?
The first packet was captured: 11/18/2009 13:32:45

4. How many HTTP packets are in the capture?
• Go to Statistics
• Go to HTPP
4
Total of 2446 HTTP packets were captured.

5. By the number of packets, what IP address had the highest number of total
packets sent/received to it?
• Go to Endpoints
5
IP 192.168.1.104 had the highest number of packets which is 13,875.
6. By a number of packets, what two IP addresses were the endpoints for the
largest conversation on port 80?
• Go to Endpoints
6
A list of ports with their respective information is shared.

• IP 151.207.240.23 has 2,954 packets.
• IP 198.189.255.82 has 6,476 packets.
7. What is the IP address of the DNS server on the network?

Apply dns filter in Wireshark and the dns traffic was displayed.
The IP can be seen highlighted in the screen shot.

IP = 192.168.1.1
7
8. What is the IP address that is provided for the domain hothardware.com?’
• Go to Resolved Addresses
• Search for hothardware.com

• IP for the domain hothardware.com = 72.1.97.153
8
9. What is the MAC address of the device with the IP address 192.168.1.105? (Use
the ##:##:##:##:##:## format)?
For finding the MAC address of the device we applied the filter of the IP given.
ip.addr = = 192.168.1.105 command was used.
• Go to Details
• Go to Ethernet II
• Go to Source
MAC address of the device with the IP = 192.168.1.105 = 00:08:74:38:01:b4
9
10. The pcap file contains multiple connections to the site www.turtlefiji.com.
• Go to file
• Go to export objects
• Go to HTTP
• Search for the key word “turtlefiji” all the connections with the “www.turtlefiji.com”
are displayed.
10
11. What is the MD5 hash of the file snorkeling1_th.jpg?
• Go to file
• Go to export objects
• Go to HTTP
• Search for snorkeling1_th.jpg

• Extract the file
11
• snorkeling1_th.jpg
Using the md5sum command in kali we calculated the hash of snorkeling1_th.jpg.

MD5 hash of snorkeling1_th.jpg = 94095b260a4125ebc4dab7c9273a847d
12
Question# 02
I couldn’t crack the passwords using the dictionary.txt provided. The tools like passware,
PassFab for zip, and john ripper weren’t able to crack the passwords. So, I used the
rockyou.txt file, which is kali’s wordlist having a password dictionary.
I used fcrack to crack the passwords of the two zips.
• The argument and methods used in the fcrack command.

• fcrackzip -u -v -D -p rockyou.txt suspect.zip
a. dict_attack.zip
13
When applied brute force another password was found for dict_attack.zip and this password
also works.
Password = 111111
OR
Password = rockyou.tH[
• The file was empty when I entered both of the passwords.

b. suspect.zip
14
When applied brute force another password was found for suspect.zip and this password also
works.
Password = charlie
OR
Password = rockyou.txM
• The file was empty when I entered both of the passwords.
15
Question# 03
You are provided with metadata.docx and metadata.jpg. You are required to analyze the files
using any tool and answer the following questions:
I used the ExifTool for the analysis of both of the files and the respective information was
extracted.
a. metadata.docx
1. What is the title of the document?
• The title of the document is DRAFT.
16
2. Who is the creator of the document?
• The creator of the document is debjones.
3. What is the date/time of when the document was created? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)
• The document was created on 03/26/2013 16:09:00Z.
17
4. Who was the last person to modify the document?
• The document was last modified by Edward Cincinnati.
5. How many times has the document been changed?
• The document was changed 7 times.
18
6. In minutes, what is the total amount of time that the document has been edited?
• The total amount of time the document has been edited is 40 minutes.
7. What is the name of the company where this document was drafted?
• Name of the company where the document was drafted: Department of Justice.
19
b. metadata.jpg
8. What is the name of the photographer who took the picture?
• Name of the Artist that took the picture: Ted Eytan.
20
9. What is the date/time of when the picture was taken? (Use the MM/DD/YYYY
HH:MM: SS 24-hour format in UTC)
• Date/Time Original: 12:29:2018 09:00:52.

10. What is the latitude and longitude of where the picture was taken?
GPS Latitude: 38 deg 42' 39.92" N

GPS Longitude: 75 deg 4' 28.92" W
21
11. According to the EXIF data what state was the picture taken in?
• The state where the picture was taken: DC.
22

Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan

Uploaded by

Copyright:

Available Formats

You might also like

Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Digital Forensics LAB Assignment 03: Ma'Am Maira Sultan

Uploaded by

Copyright:

Available Formats

Musaab Imran Digital Forensics CY-4T

A total of 28248 packets were captured.

Elapsed time: 03:30:18

The first packet was captured: 11/18/2009 13:32:45

Total of 2446 HTTP packets were captured.

IP 192.168.1.104 had the highest number of packets which is 13,875.

A list of ports with their respective information is shared.

7. What is the IP address of the DNS server on the network?

The IP can be seen highlighted in the screen shot.

8. What is the IP address that is provided for the domain hothardware.com?’

• Search for hothardware.com

11. What is the MD5 hash of the file snorkeling1_th.jpg?

• Search for snorkeling1_th.jpg

Using the md5sum command in kali we calculated the hash of snorkeling1_th.jpg.

• The argument and methods used in the fcrack command.

• The file was empty when I entered both of the passwords.

• The file was empty when I entered both of the passwords.

1. What is the title of the document?

• The title of the document is DRAFT.

2. Who is the creator of the document?

• The creator of the document is debjones.

• The document was created on 03/26/2013 16:09:00Z.

4. Who was the last person to modify the document?

• The document was last modified by Edward Cincinnati.

5. How many times has the document been changed?

• The document was changed 7 times.

8. What is the name of the photographer who took the picture?

• Name of the Artist that took the picture: Ted Eytan.

• Date/Time Original: 12:29:2018 09:00:52.

GPS Latitude: 38 deg 42' 39.92" N

• The state where the picture was taken: DC.

You might also like