Scribd
Upload
69 views2 pages

CSE 469 In-Class Lab2 Names: Steven Tran, Kshitiz Singh, Jason Truong ID: 1210776512

The document provides instructions for an in-class lab analyzing data from image files using various forensic tools. It outlines downloading and installing Volatility, Hex Workshop, and OpenStego to analyze a memory dump file to find a specific process ID, track changes to a file extension, extract a hidden message from a bit-shifted file, and use steganography to hide a file in an image. The lab results including the hidden messages are to be submitted as a PDF by the deadline.

Uploaded by

Steven Tran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
69 views2 pages

CSE 469 In-Class Lab2 Names: Steven Tran, Kshitiz Singh, Jason Truong ID: 1210776512

The document provides instructions for an in-class lab analyzing data from image files using various forensic tools. It outlines downloading and installing Volatility, Hex Workshop, and OpenStego to analyze a memory dump file to find a specific process ID, track changes to a file extension, extract a hidden message from a bit-shifted file, and use steganography to hide a file in an image. The lab results including the hidden messages are to be submitted as a PDF by the deadline.

Uploaded by

Steven Tran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

CSE 469 In-Class Lab2

Names: Steven Tran, Kshitiz Singh, Jason Truong ID: 1210776512


Overview
1. Analyzing data from the acquired image file
2. Tracing the file attributes like file extension.
3. Discovering hiding data using bit shifting and steganography technology.
Prerequisite: Windows 10 compatible, 32 or 64 bits
1. Download and install:
1) Volatility (https://www.volatilityfoundation.org/)
2) Hex workshop (http://www.hexworkshop.com/ )
3) OpenStego (https://www.openstego.com/)
* OpenStego needs javaw.exe, so download and install Java from https://java.com/en/
2. Download and unzip the test files at https://www.dropbox.com/s/yr5g8lnyrbxbpqc/lab2.zip?dl=0
3. Submit the result of this form as pdf to Gradscope https://www.gradescope.com/courses/79694/
deadline is at beginning next class.

Analyzing data from the acquired image file using related tools
1. Finding a specific process in a memory dump file using tool "Volatility"
- What is the PID # of "notepad.exe" in test2.img?
1568

2. Track file extension changes using Hexa workshop


- What is the extent and contents of the test2.exe?
.pptx file
Contents: Evidence for CSE469

3. Bit Shifted file


- What is the message of the test2.txt using bit shifting?
Health is the number one!

4. Steganograhpy exercise using tool "Openstego"


- Make test2.png with test2.txt.
- Attach test2.jpg and test2.png here
Jpg/png

- What is the message of the test2.txt?


Let's call it a day

You might also like