Anti-Forensics Detection & Analysis Lab Purpose: Apply knowledge and skills learned about anti-forensics techniques. Practice detecting
and overcoming a wide variety of anti-forensic techniques.
Obtain the following 512MB USB image files from BlackBoard: o AntiForensics_A.001 MD5: 14EA9F129B75747D8319118B123847AE SHA-1: 1B50931A0695D8E525D61C7DEBB4690B71B540EB o AntiForensics_B.001 MD5: C55F980DC4A7972A7113D86E55EFBC46 SHA-1: 70ADC62977210D70DFF399376DDF63643D92D969 o AntiForensics_C.001 MD5: 0C11D069D370851B3D92C884DA413746 SHA-1: 4892B9960547BAA5C37D36AC3E7E04A659C3489A o AntiForensics_D.001 MD5: 16AB542DF4D76EB2DB0242C1E9D46900 SHA-1: 2E7CEF5B9D4B2B2698964BD66CEDD76EF900C817
Find all the evidence you can.
o Evidence is anything containing the word ‘EVIDENCE’ or anything containing a picture of your suspect’s dog. Information about your suspect is listed below.
o There are approximately 13 instances of anti-forensics / data obfuscation techniques (depending on how you count an instance).
o You may need to apply skills and knowledge learned in Digital Forensic Analysis I.
o Standard forensic reporting – metadata, discussion of findings, etc.
o Include screenshots of your findings, including tool reports, if available (e.g. for John the Ripper password cracking report, and any other tools you use that has a report or log function).
o Include a brief overview of your analytical strategy, steps taken, tools used, etc. Organize this section of your report by anti-forensics technique.
Rules, Caveats, Hints, etc.:
What you initially know about your suspect: Her name is Lily Quinones. She is a Cyber Security major at the University of Texas at San Antonio (UTSA). She is currently a Senior in the College of Business. This is all you know at this point. Perhaps the files on the USB image contain more information…
Analyze the UserAssist Registry Key provided to discover traces of programs used by the suspect.
Do not use FTK (or any other similarly designed / featured “all-in-one” digital forensics tool) to complete the lab. Such tools tend to do a good job at automatically extracting
Assignment status: Solved by our experts