BackBox Indonesia
Practical Digital Forensic - Printable Version

+- BackBox Indonesia (https://www.backboxindonesia.or.id)
+-- Forum: Defence (https://www.backboxindonesia.or.id/forum-21.html)
+--- Forum: Forensics (https://www.backboxindonesia.or.id/forum-22.html)
+--- Thread: Practical Digital Forensic (/thread-61.html)

Practical Digital Forensic - Aiden_ - 03-14-2016

assalamualaikum

Terdapat Forensic Challenge dari honeypot (http://old.honeynet.org/scans/scan24/)


Pertanyaan dari challenge tsb adalah sbb :


Make sure you check the MD5 checksum of your download before you unzip it.
Questions
You can find all the criteria for judging and rules at the SotM main page.
  1. Who is Joe Jacob's supplier of marijuana and what is the address listed for the supplier?
  2. What crucial data is available within the coverpage.jpg file and why is this data crucial?
  3. What (if any) other high schools besides Smith Hill does Joe Jacobs frequent?
  4. For each file, what processes were taken by the suspect to mask them from others?
  5. What processes did you (the investigator) use to successfully examine the entire contents of each file?
Bonus Question:
  1. What Microsoft program was used to create the Cover Page file. What is your proof (Proof is the key to getting this question right, not just making a guess).

Bahan Forensic
image.zip
(old.honeynet.org/scans/scan24/image.zip)
md5 : b676147f63923e1f428131d59b1d6a72


Tool yang digunakan :
  • Foremost
  • Autopsy
  • Strings

Tahapan Forensic


Pertanyaan 1-4 baru bisa dijawab setelah kita menyelesaikan pertanyaan no.5 yaitu proses investigasi nya, so let's comple no.5 question :v


untuk mengetahui jenis apakah file image ini kita bisa menggunakan file...

[Image: 0p30gty.png]

dari output tsb bisa kita lihat bahwa itu merupakan sebuah partisi dengan file system fat12

langsung saja mount partisi tsb..
[Image: R1bLk8P.png] 
Terdapat file
  • cover page.jpgc
  • SCHEDU~1.EXE
[Image: 4gqNVu8.png] 
huhuhu cukup mengenaskan karena kedua file tsb tidak bisa langsung kita oprekk :v
tenang untuk investigasi lebih lanjut kita bisa menggunakan autopsy


--------------------- SNIPPPP ------------------------
untuk kelanjutan nya bisa langsung download : Digital Forensic
karena telah melebihi minimum karakter membuat thread

jgn lupaa rep+++ yaa :heart: :heart: :heart:

dan mohon maaf apabila bnyk penjelasan yang missed dan kurang tepat

RE: Practical Digital Forensic - kcnewbie - 03-14-2016

link gambar mati bro :3

RE: Practical Digital Forensic - Aiden_ - 03-14-2016

(03-14-2016, 05:39 AM)kcnewbie Wrote: link gambar mati bro :3

link gambar yang mana yang mati bang ?