Maria Botello ITSY 2343.271
Professor Walton January 26, 2020
LAB 8.1
1. How many deleted files are in the Videos folder?
24
14
12
8
2. How many different cameras (denoted as “device models“) did you find in the evidence?
2
125
14
84
3. What file system is used in the jo-favorites-usb-2009-12-11.E01 image? FAT32
4. Autopsy doesn’t provide camera information, such as exposure time or flash use. True or False?
5. Autopsy displays hash values for video files. True or False?
LAB 8.2
6. What date was the first video created? 11/20/2009
7. How many QuickTime videos (.mov files) are listed in the jo-favorites-usb-2009-12-11.E01 Videos
folder? 4
8. OSForensics has a built-in viewer to play video files. True or False?
9. According to the HTML report you created, what’s the create date for the MontereyKitty.m4v
file? (Hint: Look under Other Artifacts, Files.)
11/21/2009, 4:36:30
11/20/2009, 8:57:26
11/11/2009, 9:16:56
11/18/2009, 4:36:30
10. In this lab, you viewed information about the DSC000009.JPG file in the File Info tab of the File
and Hex Viewer window. What’s the starting logical cluster number (LCN) for this file?
16,692
335,872
334,501
15,592
LAB 8.3
11. How many duplicate JPG files are in the jo-favorites-usb-2009-12-11.E01 image?
55
98
84
49
12. What’s the MD5 hash value of the Cat.mov file?
994FB0038374FDD3655553E904FCC1B7
AF72ABAF3E16CFB9758C8F82524C0C55
This study source was downloaded by 100000850872992 from CourseHero.com on 04-02-2023 09:05:27 GMT -05:00
https://www.coursehero.com/file/56569430/Lab-Assignment-Ch-8docx/
Professor Walton January 26, 2020
LAB 8.1
1. How many deleted files are in the Videos folder?
24
14
12
8
2. How many different cameras (denoted as “device models“) did you find in the evidence?
2
125
14
84
3. What file system is used in the jo-favorites-usb-2009-12-11.E01 image? FAT32
4. Autopsy doesn’t provide camera information, such as exposure time or flash use. True or False?
5. Autopsy displays hash values for video files. True or False?
LAB 8.2
6. What date was the first video created? 11/20/2009
7. How many QuickTime videos (.mov files) are listed in the jo-favorites-usb-2009-12-11.E01 Videos
folder? 4
8. OSForensics has a built-in viewer to play video files. True or False?
9. According to the HTML report you created, what’s the create date for the MontereyKitty.m4v
file? (Hint: Look under Other Artifacts, Files.)
11/21/2009, 4:36:30
11/20/2009, 8:57:26
11/11/2009, 9:16:56
11/18/2009, 4:36:30
10. In this lab, you viewed information about the DSC000009.JPG file in the File Info tab of the File
and Hex Viewer window. What’s the starting logical cluster number (LCN) for this file?
16,692
335,872
334,501
15,592
LAB 8.3
11. How many duplicate JPG files are in the jo-favorites-usb-2009-12-11.E01 image?
55
98
84
49
12. What’s the MD5 hash value of the Cat.mov file?
994FB0038374FDD3655553E904FCC1B7
AF72ABAF3E16CFB9758C8F82524C0C55
This study source was downloaded by 100000850872992 from CourseHero.com on 04-02-2023 09:05:27 GMT -05:00
https://www.coursehero.com/file/56569430/Lab-Assignment-Ch-8docx/
