841- Advanced Computer Forensics
Unix Forensics Lab
Due Date: Please submit your answers to the Linux Lab dropbox by midnight of July 2nd 2013.
******************************************************************************
To challenge yourself, you may work on the advanced Unix forensics lab analyzing the Lewis USB image and writing a report about this case. See the file UNIXForensicslab-usb for details.
******************************************************************************
Objective
This lab will use Autopsy, PTK, Sleuthkit and foremost to analyze a given image. Read the entire document before starting to be sure you have all the necessary tools and files required to complete the lab. You should further explore the tools used in this lab to ensure your familiarity with alternative investigation options.
Deliverable
Answer all the exercise questions and include screenshots as supporting data if necessary.
OPTIONS:
You can work on this lab by
1. using a bootable live CD, for example, backtrack 5
2. using the RLES vCloud.
3. using SANS Investigate Forensic Toolkit (SIFT) Workstation, http://computer-forensics.sans.org/community/downloads.
4. installing the software on your own system (check the appendix for more installation details).
If you choose to use the RLES vCloud, please continue.
Lab Setup for using RLES vCloud
This lab is designed to function on the RLES vCloud via https://rlesvcloud.rit.edu/cloud/org/NAT. Please FIRST read the RLES VCLOUD user guide in myCourses > Content > Hands-on Labs.
Special Browser Setting Requirement (See RLES VCLOUD user guide)
In order to view the console of virtual machines, the VMRC plugin must be installed within the browser. The first time the console is accessed, the plugin can be downloaded. In Internet Explorer, https://rlesvlcoud.rit.edu must be added to the Local intranet zone.
(Go to Tools -> Internet Options -> Security tab -> Local intranet, click the Sites button, click Advanced and add the URL.)
The interface is available by navigating to https://rlesvcloud.rit.edu/cloud/org/NAT. (Yes, we know the certificate wasn’t issued by a commonly trusted certificate authority. Also check the user guide for your browser compatibility).
Use your RIT Computer Account credentials to gain access to the rlesvcloud interface.
To start, you will first create your vApp by following the instructions of Add a vApp Template to My Cloud in the RLES VCLOUND user guide. Make sure to follow the vApp name convention defined in the RLES VCLOUND user guide and select the vApp template, 841_Linux_Forensics, from the Public Catalogs. No network/IP address is needed for this lab.
Double click on the virtual machine to power it on, now you should have a Linux forensics machine with all the forensics’ tools to provide you with a highly interesting experience in forensics investigation. Login to the virtual machine with
Username: root
Password: netsys
Exercise 1:Using Autopsy and Sleuthkit
Require.
FTK report PART I Familiar with FTK ImagerBonus Exerc.docxbudbarber38650
FTK report
PART I: Familiar with FTK Imager
Bonus Exercise 1 (5 points): Assume that you have a write-protected USB device.
Image a USB device or a floppy disk to create an image in a DD format. (Note: You are not able to use the 841_Win_Forensics_Updated VM to perform this bonus exercise. You have to use your own computer for this exercise).
Provide a snapshot from FTK Imager.
Requires: a USB device or a floppy disk
Launch FTK Imager
Click File > Create Disk Image
Click Physical Drive and Next
Select the device and select Raw (dd) Image Type
Exercise 2: View images
Click File > Add Evidence Item
Select Image file and then click Next
Browse to your WinLabEnCase.E01 image and click Finish
View the image in the Evidence Tree view
Question 1: What is the VBR file used for? How to export this file? How to export a file Hash?
VBR file contain information that will enable client machine to use the remote application . we can export this file by press export , hash file will export as a plain text.
Exercise 3: Convert the WinLabEnCase image to a DD image
Exercise 4: Verify images
Question 2: What are the results of verification? Comparing both hashes, are they same or not?
The verification matched and both hashes are the same
PART II: Working with FTK 1.8x
DETAILED PROCEDURES THAT MAY HELP YOU TO GO THROUGH THE FTK SOFTWARE
Exercise 1: Starting a New Case
Question 3: What information is required to create a new case using the FTK New Case Wizard?
The information needed are : investigator name , address , phone , email , case number , case name , case path , case folder and case destination
Question 4: What are the types of evidence that can be added to a case in FTK?
Image of drive , local drive , folders and individual file
Exercise 2: Working with FTK
Click the OVERVIEW tab; note the numbers for each type of file.
Question 5: How to make the number of the Checked Items to go up? How to make the number of Flagged Thumbnails to go up?
After open each file , items will added to the checked item folder , flagged thumbnails will go up with each file we change the point which down it from red to green .
File Signatures
A file type (JPEG, Word Document, MP3 file) can be determined by the file’s extension and by a header that precedes the data in the file. If a file’s extension has been changed, then the only way to determine its type is by looking at its header.
Question 6: Click on Bad Extension from Overview tab. Do you find any signature mismatch? What are they?
There are 11 files , 8 of them are TMP extension , 1 XLS , 1 PDF and 1 DOC
Data Carved Files:
Question 7: Check the number of Data Carved Files, what is the number?
zero
Question 8: Check the number of Data Carved Files from Overview, how many files added to the case by data carving?
TWO
Question 9: What are those files found by performing data carving process? Why is this process so important?
The files which found are the files with GIF extension , th.
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
Chapter 8: Common Forensic Tools
Overview
In this chapter, you'll learn more about:
· Explore disk imaging tools, forensic software tool sets, and miscellaneous software tools
· Understand computer forensic hardware
· Assemble your forensic tool kit
The first steps in any investigation nearly always involve old-fashioned detective work. As a forensic investigator, you need to observe and record your observations first. Once you start examining media contents, you'll need some tools to help you find and make sense of stored data.
Forensic investigators and computer examiners need several different types of tools to identify and acquire computer evidence. Some evidence is hidden from the casual observer and requires specialized tools to find and access. In this chapter, we'll examine a sampling of some common and popular tools available to carry out computer forensic tasks.
Disk Imaging and Validation Tools
After identifying the physical media that they suspect contains evidence, forensic investigators must make sure media is preserved before any further steps are taken. Preserving the media is necessary to provide assurance the evidence acquired is valid.
Chapter 3, "Computer Evidence," and Chapter 4, "Common Tasks," both emphasize the importance of copying all media first and then analyzing the copy. It's usually best to create an exact image of the media and verify that it matches the original before continuing the investigation. It's rare to examine the original evidence for any investigation that might end up in court. For other types of investigations, however, forensic investigators might perform a targeted examination on the original evidence. For example, assume the job is to examine a user's home folder on a server for suspected inappropriate material. It might be impossible or extremely difficult to create a mirror image of the disk drive, but the disk can be scanned for existing or deleted files while it is in use. Although examining media while in use might not always be the best practice, informal investigations use this technique frequently.
To Copy or Not to Copy?
Whenever possible, create a duplicate of the original evidence, verify the copy, and then examine the copy. Always invest the time and effort to copy original media for any investigation that might end up in a court of law. If you are sure your investigation will not end up in court, you might decide to analyze the original evidence directly. This is possible and desirable in cases where copying media would cause service interruptions.
Your choice of tools to use depends on several factors, including:
· Operating system(s) supported
Operating system(s) in which the tool runs
File systems the tool supports
· Price
· Functionality
· Personal preference
The following sections list some tools used to create and verify media copies. Some products appear in two places in the chapter. That's because several products play multiple roles. This section lists several products ...
What Are You Looking ForThe variety of operating systems, appli.docxalanfhall8953
What Are You Looking For?
The variety of operating systems, application programs, and storage methods available today means that when it comes to looking for evidence there are a multitude of places to look. Digital evidence can be found in numerous sources, including stored data, applications used to create data, and the computer system that produced the activity. Systems can be huge and complex, and they can change rapidly. Data can be hidden in many different locations and formats. After you find such data, you may have to process it to make it readable by people.
Discovering Evidence Using Connectors
In recent years, manufacturers have developed branded forensic workstations that provide external native connectors for a variety of media, such as Serial ATA (SATA), SCSI (Small Computer System Interface), flash media, and the older IDE (Integrated Drive Electronics) drives. SATA hard drives are more commonly used by individuals, while SCSI hard drives are more likely to be found in a corporate environment.) As a forensic investigator, you will encounter and work with many different types of media. You may also encounter connectors that hook up FireWire to SATA, SCSI, or IDE, and that hook up USB to SATA, SCSI, or IDE. A forensic investigator will determine what media the suspect has been using to store data and will have a variety of connectors on hand to aid the investigation.
connector
The part of a cable that plugs into a port or interface to connect devices. Male connectors are identified by exposed pins. Female connectors are identified by holes into which the male connector can be inserted.
The general discovery process is the same whether you are working with a SATA, SCSI, or IDE drive. You should adapt your techniques to suit the hardware you encounter.
To begin the discovery process for a drive, copy the image file onto your forensic workstation and then process it using one or several different forensic tools such as FTK, Encase, or ProDiscover.
Network Activity Files
Let's use an example case that involves the Internet and pictures. During your career as a forensic investigator, you may be called upon to investigate situations where an employee has illegally accessed and downloaded pictures of proprietary designs from a competitor's internal Web site and then used these designs in his or her own work.
After the forensic image has been added to your forensic computer, open your forensic software and start a case. Figure 6.1 shows the New Case Wizard from the AccessData Forensic Toolkit (FTK).
Figure 6.1: AccessData's Forensic Toolkit New Case Wizard
When a user logs on to a Windows XP, Vista, or Windows 7 system for the first time, a directory structure is created to hold that individual user's files and settings. This structure is called the profile. The profile creates a directory that has the same name as the user, along with various other folders and files.
Because this case involves searching for images that were downloaded .
FTK report PART I Familiar with FTK ImagerBonus Exerc.docxbudbarber38650
FTK report
PART I: Familiar with FTK Imager
Bonus Exercise 1 (5 points): Assume that you have a write-protected USB device.
Image a USB device or a floppy disk to create an image in a DD format. (Note: You are not able to use the 841_Win_Forensics_Updated VM to perform this bonus exercise. You have to use your own computer for this exercise).
Provide a snapshot from FTK Imager.
Requires: a USB device or a floppy disk
Launch FTK Imager
Click File > Create Disk Image
Click Physical Drive and Next
Select the device and select Raw (dd) Image Type
Exercise 2: View images
Click File > Add Evidence Item
Select Image file and then click Next
Browse to your WinLabEnCase.E01 image and click Finish
View the image in the Evidence Tree view
Question 1: What is the VBR file used for? How to export this file? How to export a file Hash?
VBR file contain information that will enable client machine to use the remote application . we can export this file by press export , hash file will export as a plain text.
Exercise 3: Convert the WinLabEnCase image to a DD image
Exercise 4: Verify images
Question 2: What are the results of verification? Comparing both hashes, are they same or not?
The verification matched and both hashes are the same
PART II: Working with FTK 1.8x
DETAILED PROCEDURES THAT MAY HELP YOU TO GO THROUGH THE FTK SOFTWARE
Exercise 1: Starting a New Case
Question 3: What information is required to create a new case using the FTK New Case Wizard?
The information needed are : investigator name , address , phone , email , case number , case name , case path , case folder and case destination
Question 4: What are the types of evidence that can be added to a case in FTK?
Image of drive , local drive , folders and individual file
Exercise 2: Working with FTK
Click the OVERVIEW tab; note the numbers for each type of file.
Question 5: How to make the number of the Checked Items to go up? How to make the number of Flagged Thumbnails to go up?
After open each file , items will added to the checked item folder , flagged thumbnails will go up with each file we change the point which down it from red to green .
File Signatures
A file type (JPEG, Word Document, MP3 file) can be determined by the file’s extension and by a header that precedes the data in the file. If a file’s extension has been changed, then the only way to determine its type is by looking at its header.
Question 6: Click on Bad Extension from Overview tab. Do you find any signature mismatch? What are they?
There are 11 files , 8 of them are TMP extension , 1 XLS , 1 PDF and 1 DOC
Data Carved Files:
Question 7: Check the number of Data Carved Files, what is the number?
zero
Question 8: Check the number of Data Carved Files from Overview, how many files added to the case by data carving?
TWO
Question 9: What are those files found by performing data carving process? Why is this process so important?
The files which found are the files with GIF extension , th.
Chapter 8 Common Forensic ToolsOverviewIn this chapter, youl.docxchristinemaritza
Chapter 8: Common Forensic Tools
Overview
In this chapter, you'll learn more about:
· Explore disk imaging tools, forensic software tool sets, and miscellaneous software tools
· Understand computer forensic hardware
· Assemble your forensic tool kit
The first steps in any investigation nearly always involve old-fashioned detective work. As a forensic investigator, you need to observe and record your observations first. Once you start examining media contents, you'll need some tools to help you find and make sense of stored data.
Forensic investigators and computer examiners need several different types of tools to identify and acquire computer evidence. Some evidence is hidden from the casual observer and requires specialized tools to find and access. In this chapter, we'll examine a sampling of some common and popular tools available to carry out computer forensic tasks.
Disk Imaging and Validation Tools
After identifying the physical media that they suspect contains evidence, forensic investigators must make sure media is preserved before any further steps are taken. Preserving the media is necessary to provide assurance the evidence acquired is valid.
Chapter 3, "Computer Evidence," and Chapter 4, "Common Tasks," both emphasize the importance of copying all media first and then analyzing the copy. It's usually best to create an exact image of the media and verify that it matches the original before continuing the investigation. It's rare to examine the original evidence for any investigation that might end up in court. For other types of investigations, however, forensic investigators might perform a targeted examination on the original evidence. For example, assume the job is to examine a user's home folder on a server for suspected inappropriate material. It might be impossible or extremely difficult to create a mirror image of the disk drive, but the disk can be scanned for existing or deleted files while it is in use. Although examining media while in use might not always be the best practice, informal investigations use this technique frequently.
To Copy or Not to Copy?
Whenever possible, create a duplicate of the original evidence, verify the copy, and then examine the copy. Always invest the time and effort to copy original media for any investigation that might end up in a court of law. If you are sure your investigation will not end up in court, you might decide to analyze the original evidence directly. This is possible and desirable in cases where copying media would cause service interruptions.
Your choice of tools to use depends on several factors, including:
· Operating system(s) supported
Operating system(s) in which the tool runs
File systems the tool supports
· Price
· Functionality
· Personal preference
The following sections list some tools used to create and verify media copies. Some products appear in two places in the chapter. That's because several products play multiple roles. This section lists several products ...
What Are You Looking ForThe variety of operating systems, appli.docxalanfhall8953
What Are You Looking For?
The variety of operating systems, application programs, and storage methods available today means that when it comes to looking for evidence there are a multitude of places to look. Digital evidence can be found in numerous sources, including stored data, applications used to create data, and the computer system that produced the activity. Systems can be huge and complex, and they can change rapidly. Data can be hidden in many different locations and formats. After you find such data, you may have to process it to make it readable by people.
Discovering Evidence Using Connectors
In recent years, manufacturers have developed branded forensic workstations that provide external native connectors for a variety of media, such as Serial ATA (SATA), SCSI (Small Computer System Interface), flash media, and the older IDE (Integrated Drive Electronics) drives. SATA hard drives are more commonly used by individuals, while SCSI hard drives are more likely to be found in a corporate environment.) As a forensic investigator, you will encounter and work with many different types of media. You may also encounter connectors that hook up FireWire to SATA, SCSI, or IDE, and that hook up USB to SATA, SCSI, or IDE. A forensic investigator will determine what media the suspect has been using to store data and will have a variety of connectors on hand to aid the investigation.
connector
The part of a cable that plugs into a port or interface to connect devices. Male connectors are identified by exposed pins. Female connectors are identified by holes into which the male connector can be inserted.
The general discovery process is the same whether you are working with a SATA, SCSI, or IDE drive. You should adapt your techniques to suit the hardware you encounter.
To begin the discovery process for a drive, copy the image file onto your forensic workstation and then process it using one or several different forensic tools such as FTK, Encase, or ProDiscover.
Network Activity Files
Let's use an example case that involves the Internet and pictures. During your career as a forensic investigator, you may be called upon to investigate situations where an employee has illegally accessed and downloaded pictures of proprietary designs from a competitor's internal Web site and then used these designs in his or her own work.
After the forensic image has been added to your forensic computer, open your forensic software and start a case. Figure 6.1 shows the New Case Wizard from the AccessData Forensic Toolkit (FTK).
Figure 6.1: AccessData's Forensic Toolkit New Case Wizard
When a user logs on to a Windows XP, Vista, or Windows 7 system for the first time, a directory structure is created to hold that individual user's files and settings. This structure is called the profile. The profile creates a directory that has the same name as the user, along with various other folders and files.
Because this case involves searching for images that were downloaded .
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxSANSKAR20
Evaluate a Health Website
Name Click here to enter text. Course Click here to enter text.Date Click here to enter text.
Pick one disease disorder or condition. Find two medicine-based websites that discuss it, such as WebMD, MedicineNet, the American Heart Association website, the American Diabetes Association website, and so on. Compare how the two websites you pick treat the subject. Then answer the following questions.
Question 1: What disease or condition did you pick?
Click here to enter text.
Question 2: What are the two websites you looked at?
1.
2.
Question 3: What differences did you find in how the two websites described the disease or condition?
Click here to enter text.
Question 4: Did one of the websites seem to be more reliable? If so, which, and why? If not, why not?
Click here to enter text.
Question 5: After reading the article, what three questions might a patient have about the condition that weren’t addressed?
1.
2.
3.
Page 1
Assessment item 1
File Systems and Advanced Scripting
Value: 15%
Due Date: 26-Aug-2018
Return Date: 31-Aug-2018
Length: 15 - 20 pages including screenshots
Submission method options: Alternative submission method
Task
back to top
In this assignment you will develop simple scripts to manage the user and file system whilst
developing some expertise in managing a complex file system.
Part 1: Automated Account Management (4 marks)
You have been asked by your boss to prepare two shell scripts which manage user information.
You are to prepare a simple shell script which reads a text file called users.txt. The file is in the
form
dfs /home/dfs Daniel Saffioti
and creates these users on the system without any interactive input. To do this you will need to
use the adduser(1) and passwd(1) commands. You will need to randomly produce the password
and report this to the administrator.
You can assume the fields being username, home directory and GCOS string are separate by a
single white space.
You can assume all users are in the same group.
The program should output the username and generated password once created.
Part 2: Design of a File System (3 marks)
https://outlines.csu.edu.au/delivery/published/ITC333/201860/SM/I/outline.html#contentPanel
You work for the Information Technology Department in your University and you have been
asked to build a server to store user data (home directories).
The volumes can grow without bounds, so it was felt that the ZFS file system should be used for
each volume. The operating system itself need not be on a ZFS volume.
All volumes including the operating system should be engineered in such a way to ensure the
best data protection is afforded in the event of local disk failure. It is expected that no more than
1 hours worth of data will be lost.
The volumes required are as follows:
1. uni0 with mount point /users/ug& quota of 200G.
2. uni1 with mount point /users/pg& quota of 20 ...
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
Assessment item 1
File Systems and Advanced Scripting
Value: 15%
Due Date: 26-Aug-2018
Return Date: 31-Aug-2018
Length: 15 - 20 pages including screenshots
Submission method options: Alternative submission method
Task
back to top
In this assignment you will develop simple scripts to manage the user and file system whilst
developing some expertise in managing a complex file system.
Part 1: Automated Account Management (4 marks)
You have been asked by your boss to prepare two shell scripts which manage user information.
You are to prepare a simple shell script which reads a text file called users.txt. The file is in the
form
dfs /home/dfs Daniel Saffioti
and creates these users on the system without any interactive input. To do this you will need to
use the adduser(1) and passwd(1) commands. You will need to randomly produce the password
and report this to the administrator.
You can assume the fields being username, home directory and GCOS string are separate by a
single white space.
You can assume all users are in the same group.
The program should output the username and generated password once created.
Part 2: Design of a File System (3 marks)
https://outlines.csu.edu.au/delivery/published/ITC333/201860/SM/I/outline.html#contentPanel
You work for the Information Technology Department in your University and you have been
asked to build a server to store user data (home directories).
The volumes can grow without bounds, so it was felt that the ZFS file system should be used for
each volume. The operating system itself need not be on a ZFS volume.
All volumes including the operating system should be engineered in such a way to ensure the
best data protection is afforded in the event of local disk failure. It is expected that no more than
1 hours worth of data will be lost.
The volumes required are as follows:
1. uni0 with mount point /users/ug& quota of 200G.
2. uni1 with mount point /users/pg& quota of 200G.
3. uni2 with mount point /users/deleted& reservation of 100G.
4. uni3 with mount point /users/staff& reservation of 100G.
5. uni4 with mount point /users/guest & reservation of 250G.
Given the above your task is as follows define a strategy for how you will ensure the volumes
outlined above are provisioned whilst ensuring there data protection. Document this accordingly
along with a suitable rationale for your design.
Part 3: Implementing the Filesystem (4 marks)
Given the strategy defined in part two, your job is to implement the storage system.
1. To do this install the latest version of Ubuntu Server on a virtual machine. You will need to
ensure the networking is bridged and the root portioning is managed appropriately. You will
need to add additional virtual disks to meet the storage needs above.
2. Install the ZFS package and configure it such that pools of storage are created to meet the above
requirements including redundan.
The article briefly touches upon hiding, finding and destroying data
on Linux file systems. It should become clear that the area of computer
forensics, aimed at recovering the evidence from captured disk drives,
has many challenges, requiring knowledge of hardware, operating
systems and application software.
How to remove files safely from an HDD or SSD in Windows 10Hetman Software
You select a file and press Delete, and it disappears. But what actually happens to the file? Does it vanish or get erased from the disk permanently? If you are an advanced Windows user, you know for sure it’s quite the contrary.
Advanced Computer Forensics
Windows EnCase Forensics Lab
Due date: Please submit your work to Windows EnCase Lab dropbox by July 2nd, 2013.
Lab Setup for using RLES vCloud
This lab is designed to function on the RLES vCloud. The interface is available by navigating to https://rlesvcloud.rit.edu/cloud/org/NAT. If you did the Linux forensics lab on RLES vCloud, you should have created a vApp with the Linux VMware image. If you did not use the RLES vCloud for your first lab, please follow the instruction described in the Linux Forensics Lab to create a vApp. Now, you will add the vApp template, Windows 7 w/FTK 7 EnCase image, from the Public Catalogs to the same vApp following the instruction of Add Virtual Machines to a vApp (Page 8 in RLES vCloud User Guide) with the following setting:
· Set network to be Net_Network
· Select DHCP to create an IP address (when you use DHCP, fencing option is NOT necessary.)
Note: If you get an error when trying to start a vApp (or a VM within a vApp), try these steps:
1. Open up your vApp and click on the Virtual Machines tab. Right-click your VM and choose "Properties".
2. Click on the Hardware tab. At the bottom of the page, click on the MAC address and choose "Reset".
3. Click OK. When it asks if you want to enable guest customization, click No.
4. Give it a minute to update your VM, then try starting it.
Power on the Windows Virtual machine and login to the system with:
Username: Student
Password: student
EnCase 7 is installed on the virtual machine. When you start the EnCase application, you should see “EnCase Forensic (not Acquisition)” on the top of the application.
EnCase 7 Tutorial
· The EnCase Forensics V7 User Guide posted in myCourses under Hands-on Labs.
· EnCase 7 Essentials webinar series at http://www.encaseondemand.com/EnCasev7Essentials/tabid/2617/index.aspx
The following image files will be used for this lab and they are located in the local drive E:\
1) WinLabRaw.img – Raw Image from dd
2) WinLabEnCase.E01 -- EnCase evidence file
Note: “WinLabEnCase Image” in this documentation = “Lab5 image” in your EnCase image.
PART I: Familiar with EnCase
Exercise 1: Starting a New Case
Launch EnCase for Windows – make sure that you are in the EnCase forensics mode (on the top of the software, you should see EnCase Forensic Training, NOT acquisition mode.)
Click the “New Case” button under CASE FILE to begin a new case.
Use the #1 Basic Template and name the case “Case 1”
Record the defaults that EnCase gives you for its folders. It is safe to use these defaults in our experiments.
Add a Raw Image to the exist case
You can add a raw disk image, for example, the dd image, to your case.
Click EVIDENCE > Add Evidence, then click Add Raw Image
Enter “WinLabRaw Image” in the “Name” field.
Under “Image Type” choose “Disk” and click “OK”.
Under Component Files, click New, locate and select the “WinLabRaw.img” file from E:\
The image will now be added to your case. Double clic.
Don't break the door, the key is under the doormatGerard Fuguet
The multimedia content has an exponential increase. The final user feels the need to get the media content each time faster. One of the easiest way to get this content, is centralizing it in one place, and in most cases, making it available to the public, to the internet (almost all the things are connected to the network). This type of architecture is called “Media Server”, who is able to serve this type of content to many devices (Smartphones, computers, TV…). The processes that we focus on this white paper has relation with a software integration in a Media Server in order to get access through this intermediate element.
We will demonstrate how easy is get all content of a Media Server, in particular, a Plex, through a third party application without protection. This situation motivated me to write it.
The intention is take consciousness of these situations and let any user to know how easy get is any type of content of anyone if this is not well protected (We do not distortion with deep technical terms).
For this Portfolio Project, you will write a paper about John A.docxevonnehoggarth79783
For this Portfolio Project, you will write a paper about "John Adams" as well as any event in U.S. history that is relevant to your major area of study or of interest to you. You will write about John Adams from the perspective of another historical personality who lived at the same time as the person or event you are going to describe.
For your historical personality, try to select someone from an under-represented population (examples of possible perspectives include that of Anne Hutchinson, Pocahontas, or Sojourner Truth). This analysis is to make you think about how events/people’s actions were interpreted at the time.
Key Points::
Remember that you will be writing from the perspective of a historical person about another person or an event from a period of U.S. history up to Reconstruction. From your historical person’s perspective, provide a thorough summary of the person or event you’ve chosen to write about, including the incidents that took place and any key individuals involved or affected.
Address the general importance of the person or event in the context of U.S. history.
Now, explain specifically how the person or event changed “your” daily life—“you” being the historical persona you have adopted.
Think long-term: How will the person or the event you are describing make a long-term impact in the lives of people who are in the under-represented group to which your historical person/perspective belongs?
Paper Requirements:
Your paper must be four to six pages, not including the required references and title pages.
Use at least five sources, not including the textbook. Include a scholarly journal article. Include at least one
primary
source from those identified in the syllabus.
Definition of a Primary Source
: A primary source is any source, document or artifact that was created at the time of the event. It was usually created by someone who witnessed the event, lived during or even shortly afterwards, or somehow would have first-hand knowledge of that event. A secondary source, by contrast, is written by a historian or someone writing about the event after it happened.
Have an introduction and strong thesis statement. Make use of support and examples supporting your thesis
Finish with a forceful conclusion reiterating your main idea.
Format your paper according to the
CSU-Global Guide to Writing and APA Requirements
(Links to an external site.)
.
.
For this portfolio assignment, you are required to research and anal.docxevonnehoggarth79783
For this portfolio assignment, you are required to research and analyze a TV program that ran between 1955 and 1965.
To successfully complete this essay, you will need to answer the following questions:
What is the background of this show? Explain what years it was on TV, describe the channel it aired on, the main characters, setting, etc..
What social issues and historical events were taking place at the time the show was being broadcast?
Did these issues affect the television show in any way?
Did the television show make an impact on popular culture?
Your thesis for the essay should attempt to answer this question:
Explain the cultural relevance of the show, given the information gathered from the show's background, and cultural history. How can television act as a reflection of the social, political, and cultural current events?
.
For this paper, discuss the similarities and differences of the .docxevonnehoggarth79783
For this paper, discuss the similarities and differences of the impacts of the causes of the 2008 Great Recession and the current world crisis with the CoVID-19 virus*
How did the regulations you've studied over the past few chapters and in the Financial Crisis Chapter (Chapter 12) prepare banks and other financial institutions to better weather the effects of the stay-at-home orders and other impacts of the pandemic? Are there other regulations that could be placed on the banking industry that would make sense and help them through these trying times?
*Note: I am not trying to downplay or minimize in any way the "human" impact or any other non-economic impacts of the virus; this paper is just focusing on one component of the costs, among the many different impacts (perhaps much more important impacts)
4 pages 4 resources
.
For this paper, discuss the similarities and differences of the impa.docxevonnehoggarth79783
For this paper, discuss the similarities and differences of the impacts of the causes of the 2008 Great Recession and the current world crisis with the CoVID-19 virus*
How did the regulations you've studied over the past few chapters and in the Financial Crisis Chapter (Chapter 12) prepare banks and other financial institutions to better weather the effects of the stay-at-home orders and other impacts of the pandemic? Are there other regulations that could be placed on the banking industry that would make sense and help them through these trying times?
*Note: I am not trying to downplay or minimize in any way the "human" impact or any other non-economic impacts of the virus; this paper is just focusing on one component of the costs, among the many different impacts (perhaps much more important impacts)
.
More Related Content
Similar to 841- Advanced Computer ForensicsUnix Forensics LabDue Date.docx
Evaluate a Health WebsiteName Click here to enter text.Course Cli.docxSANSKAR20
Evaluate a Health Website
Name Click here to enter text. Course Click here to enter text.Date Click here to enter text.
Pick one disease disorder or condition. Find two medicine-based websites that discuss it, such as WebMD, MedicineNet, the American Heart Association website, the American Diabetes Association website, and so on. Compare how the two websites you pick treat the subject. Then answer the following questions.
Question 1: What disease or condition did you pick?
Click here to enter text.
Question 2: What are the two websites you looked at?
1.
2.
Question 3: What differences did you find in how the two websites described the disease or condition?
Click here to enter text.
Question 4: Did one of the websites seem to be more reliable? If so, which, and why? If not, why not?
Click here to enter text.
Question 5: After reading the article, what three questions might a patient have about the condition that weren’t addressed?
1.
2.
3.
Page 1
Assessment item 1
File Systems and Advanced Scripting
Value: 15%
Due Date: 26-Aug-2018
Return Date: 31-Aug-2018
Length: 15 - 20 pages including screenshots
Submission method options: Alternative submission method
Task
back to top
In this assignment you will develop simple scripts to manage the user and file system whilst
developing some expertise in managing a complex file system.
Part 1: Automated Account Management (4 marks)
You have been asked by your boss to prepare two shell scripts which manage user information.
You are to prepare a simple shell script which reads a text file called users.txt. The file is in the
form
dfs /home/dfs Daniel Saffioti
and creates these users on the system without any interactive input. To do this you will need to
use the adduser(1) and passwd(1) commands. You will need to randomly produce the password
and report this to the administrator.
You can assume the fields being username, home directory and GCOS string are separate by a
single white space.
You can assume all users are in the same group.
The program should output the username and generated password once created.
Part 2: Design of a File System (3 marks)
https://outlines.csu.edu.au/delivery/published/ITC333/201860/SM/I/outline.html#contentPanel
You work for the Information Technology Department in your University and you have been
asked to build a server to store user data (home directories).
The volumes can grow without bounds, so it was felt that the ZFS file system should be used for
each volume. The operating system itself need not be on a ZFS volume.
All volumes including the operating system should be engineered in such a way to ensure the
best data protection is afforded in the event of local disk failure. It is expected that no more than
1 hours worth of data will be lost.
The volumes required are as follows:
1. uni0 with mount point /users/ug& quota of 200G.
2. uni1 with mount point /users/pg& quota of 20 ...
Assessment item 1 File Systems and Advanced Scripting .docxdavezstarr61655
Assessment item 1
File Systems and Advanced Scripting
Value: 15%
Due Date: 26-Aug-2018
Return Date: 31-Aug-2018
Length: 15 - 20 pages including screenshots
Submission method options: Alternative submission method
Task
back to top
In this assignment you will develop simple scripts to manage the user and file system whilst
developing some expertise in managing a complex file system.
Part 1: Automated Account Management (4 marks)
You have been asked by your boss to prepare two shell scripts which manage user information.
You are to prepare a simple shell script which reads a text file called users.txt. The file is in the
form
dfs /home/dfs Daniel Saffioti
and creates these users on the system without any interactive input. To do this you will need to
use the adduser(1) and passwd(1) commands. You will need to randomly produce the password
and report this to the administrator.
You can assume the fields being username, home directory and GCOS string are separate by a
single white space.
You can assume all users are in the same group.
The program should output the username and generated password once created.
Part 2: Design of a File System (3 marks)
https://outlines.csu.edu.au/delivery/published/ITC333/201860/SM/I/outline.html#contentPanel
You work for the Information Technology Department in your University and you have been
asked to build a server to store user data (home directories).
The volumes can grow without bounds, so it was felt that the ZFS file system should be used for
each volume. The operating system itself need not be on a ZFS volume.
All volumes including the operating system should be engineered in such a way to ensure the
best data protection is afforded in the event of local disk failure. It is expected that no more than
1 hours worth of data will be lost.
The volumes required are as follows:
1. uni0 with mount point /users/ug& quota of 200G.
2. uni1 with mount point /users/pg& quota of 200G.
3. uni2 with mount point /users/deleted& reservation of 100G.
4. uni3 with mount point /users/staff& reservation of 100G.
5. uni4 with mount point /users/guest & reservation of 250G.
Given the above your task is as follows define a strategy for how you will ensure the volumes
outlined above are provisioned whilst ensuring there data protection. Document this accordingly
along with a suitable rationale for your design.
Part 3: Implementing the Filesystem (4 marks)
Given the strategy defined in part two, your job is to implement the storage system.
1. To do this install the latest version of Ubuntu Server on a virtual machine. You will need to
ensure the networking is bridged and the root portioning is managed appropriately. You will
need to add additional virtual disks to meet the storage needs above.
2. Install the ZFS package and configure it such that pools of storage are created to meet the above
requirements including redundan.
The article briefly touches upon hiding, finding and destroying data
on Linux file systems. It should become clear that the area of computer
forensics, aimed at recovering the evidence from captured disk drives,
has many challenges, requiring knowledge of hardware, operating
systems and application software.
How to remove files safely from an HDD or SSD in Windows 10Hetman Software
You select a file and press Delete, and it disappears. But what actually happens to the file? Does it vanish or get erased from the disk permanently? If you are an advanced Windows user, you know for sure it’s quite the contrary.
Advanced Computer Forensics
Windows EnCase Forensics Lab
Due date: Please submit your work to Windows EnCase Lab dropbox by July 2nd, 2013.
Lab Setup for using RLES vCloud
This lab is designed to function on the RLES vCloud. The interface is available by navigating to https://rlesvcloud.rit.edu/cloud/org/NAT. If you did the Linux forensics lab on RLES vCloud, you should have created a vApp with the Linux VMware image. If you did not use the RLES vCloud for your first lab, please follow the instruction described in the Linux Forensics Lab to create a vApp. Now, you will add the vApp template, Windows 7 w/FTK 7 EnCase image, from the Public Catalogs to the same vApp following the instruction of Add Virtual Machines to a vApp (Page 8 in RLES vCloud User Guide) with the following setting:
· Set network to be Net_Network
· Select DHCP to create an IP address (when you use DHCP, fencing option is NOT necessary.)
Note: If you get an error when trying to start a vApp (or a VM within a vApp), try these steps:
1. Open up your vApp and click on the Virtual Machines tab. Right-click your VM and choose "Properties".
2. Click on the Hardware tab. At the bottom of the page, click on the MAC address and choose "Reset".
3. Click OK. When it asks if you want to enable guest customization, click No.
4. Give it a minute to update your VM, then try starting it.
Power on the Windows Virtual machine and login to the system with:
Username: Student
Password: student
EnCase 7 is installed on the virtual machine. When you start the EnCase application, you should see “EnCase Forensic (not Acquisition)” on the top of the application.
EnCase 7 Tutorial
· The EnCase Forensics V7 User Guide posted in myCourses under Hands-on Labs.
· EnCase 7 Essentials webinar series at http://www.encaseondemand.com/EnCasev7Essentials/tabid/2617/index.aspx
The following image files will be used for this lab and they are located in the local drive E:\
1) WinLabRaw.img – Raw Image from dd
2) WinLabEnCase.E01 -- EnCase evidence file
Note: “WinLabEnCase Image” in this documentation = “Lab5 image” in your EnCase image.
PART I: Familiar with EnCase
Exercise 1: Starting a New Case
Launch EnCase for Windows – make sure that you are in the EnCase forensics mode (on the top of the software, you should see EnCase Forensic Training, NOT acquisition mode.)
Click the “New Case” button under CASE FILE to begin a new case.
Use the #1 Basic Template and name the case “Case 1”
Record the defaults that EnCase gives you for its folders. It is safe to use these defaults in our experiments.
Add a Raw Image to the exist case
You can add a raw disk image, for example, the dd image, to your case.
Click EVIDENCE > Add Evidence, then click Add Raw Image
Enter “WinLabRaw Image” in the “Name” field.
Under “Image Type” choose “Disk” and click “OK”.
Under Component Files, click New, locate and select the “WinLabRaw.img” file from E:\
The image will now be added to your case. Double clic.
Don't break the door, the key is under the doormatGerard Fuguet
The multimedia content has an exponential increase. The final user feels the need to get the media content each time faster. One of the easiest way to get this content, is centralizing it in one place, and in most cases, making it available to the public, to the internet (almost all the things are connected to the network). This type of architecture is called “Media Server”, who is able to serve this type of content to many devices (Smartphones, computers, TV…). The processes that we focus on this white paper has relation with a software integration in a Media Server in order to get access through this intermediate element.
We will demonstrate how easy is get all content of a Media Server, in particular, a Plex, through a third party application without protection. This situation motivated me to write it.
The intention is take consciousness of these situations and let any user to know how easy get is any type of content of anyone if this is not well protected (We do not distortion with deep technical terms).
For this Portfolio Project, you will write a paper about John A.docxevonnehoggarth79783
For this Portfolio Project, you will write a paper about "John Adams" as well as any event in U.S. history that is relevant to your major area of study or of interest to you. You will write about John Adams from the perspective of another historical personality who lived at the same time as the person or event you are going to describe.
For your historical personality, try to select someone from an under-represented population (examples of possible perspectives include that of Anne Hutchinson, Pocahontas, or Sojourner Truth). This analysis is to make you think about how events/people’s actions were interpreted at the time.
Key Points::
Remember that you will be writing from the perspective of a historical person about another person or an event from a period of U.S. history up to Reconstruction. From your historical person’s perspective, provide a thorough summary of the person or event you’ve chosen to write about, including the incidents that took place and any key individuals involved or affected.
Address the general importance of the person or event in the context of U.S. history.
Now, explain specifically how the person or event changed “your” daily life—“you” being the historical persona you have adopted.
Think long-term: How will the person or the event you are describing make a long-term impact in the lives of people who are in the under-represented group to which your historical person/perspective belongs?
Paper Requirements:
Your paper must be four to six pages, not including the required references and title pages.
Use at least five sources, not including the textbook. Include a scholarly journal article. Include at least one
primary
source from those identified in the syllabus.
Definition of a Primary Source
: A primary source is any source, document or artifact that was created at the time of the event. It was usually created by someone who witnessed the event, lived during or even shortly afterwards, or somehow would have first-hand knowledge of that event. A secondary source, by contrast, is written by a historian or someone writing about the event after it happened.
Have an introduction and strong thesis statement. Make use of support and examples supporting your thesis
Finish with a forceful conclusion reiterating your main idea.
Format your paper according to the
CSU-Global Guide to Writing and APA Requirements
(Links to an external site.)
.
.
For this portfolio assignment, you are required to research and anal.docxevonnehoggarth79783
For this portfolio assignment, you are required to research and analyze a TV program that ran between 1955 and 1965.
To successfully complete this essay, you will need to answer the following questions:
What is the background of this show? Explain what years it was on TV, describe the channel it aired on, the main characters, setting, etc..
What social issues and historical events were taking place at the time the show was being broadcast?
Did these issues affect the television show in any way?
Did the television show make an impact on popular culture?
Your thesis for the essay should attempt to answer this question:
Explain the cultural relevance of the show, given the information gathered from the show's background, and cultural history. How can television act as a reflection of the social, political, and cultural current events?
.
For this paper, discuss the similarities and differences of the .docxevonnehoggarth79783
For this paper, discuss the similarities and differences of the impacts of the causes of the 2008 Great Recession and the current world crisis with the CoVID-19 virus*
How did the regulations you've studied over the past few chapters and in the Financial Crisis Chapter (Chapter 12) prepare banks and other financial institutions to better weather the effects of the stay-at-home orders and other impacts of the pandemic? Are there other regulations that could be placed on the banking industry that would make sense and help them through these trying times?
*Note: I am not trying to downplay or minimize in any way the "human" impact or any other non-economic impacts of the virus; this paper is just focusing on one component of the costs, among the many different impacts (perhaps much more important impacts)
4 pages 4 resources
.
For this paper, discuss the similarities and differences of the impa.docxevonnehoggarth79783
For this paper, discuss the similarities and differences of the impacts of the causes of the 2008 Great Recession and the current world crisis with the CoVID-19 virus*
How did the regulations you've studied over the past few chapters and in the Financial Crisis Chapter (Chapter 12) prepare banks and other financial institutions to better weather the effects of the stay-at-home orders and other impacts of the pandemic? Are there other regulations that could be placed on the banking industry that would make sense and help them through these trying times?
*Note: I am not trying to downplay or minimize in any way the "human" impact or any other non-economic impacts of the virus; this paper is just focusing on one component of the costs, among the many different impacts (perhaps much more important impacts)
.
For this paper choose two mythological narratives that we have exami.docxevonnehoggarth79783
For this paper choose two mythological narratives that we have examined so far in this course, or that you are otherwise personally familiar with. The two myths that you choose should have one or more elements in common, possibly including (but not limited to):
Overarching story (e.g., creation, flood) or story elements (e.g., descent into the underworld, establishment of divine rulership, rapture of mortals by gods, divine disguise)
Narrative structure (e.g., repetitive patterns, discursion)
Themes (e.g., love, jealousy, mortality, revenge, mutability/transformation, limits of human power/knowledge)
Characters (e.g., tricksters)
Cultural functions (e.g., reinforcement of societal norms, explanation of origins of society, explanation of natural phenomena, incorporation in ritual practices, entertainment)
Compare and contrast the two myths you choose, taking into consideration the various elements noted above and any others you deem relevant. (In making comparisons, you do not necessarily need to apply the specifically "comparativist" approach discussed in the course as one historical strand of mythological analysis.)
While you are welcome to reference external sources, this is not a research paper and the use of secondary sources is not required or expected. If you choose to examine a myth not discussed in the course, however, please indicate the source from which you have taken this.
.
For this module, there is only one option. You are to begin to deve.docxevonnehoggarth79783
For this module, there is only one option. You are to begin to develop your diversity consciousness by
identifying a current event in the news pertaining to social inequality in terms social class, gender, or racial ethnicity.
You are to
provide the link to this news article and analyze
the report including in your discussion the following:
What social inequality is being demonstrated in this current even? Describe it
What relationship is going on between the “majority” and “minority group.” Define who is the majority and who is the minority. Describe why you have identified the group as minority and majority.
Who is being marginalized in this event? How? Why do you believe they are being marginalized?
Is any group being “blamed” in this event? Is this “blame” at the individual level or the societal level – or both?
Who has the power in this situation? What is that power?
Who has the privilege in this situation? What is that privilege?
What suggestions do you have that would assist in addressing this social inequality?
What did you learn? (How did this develop your diversity consciousness?)
need to cite using apa and needs to be at least 250 words
.
For this Major Assignment 2, you will finalize your analysis in .docxevonnehoggarth79783
For this Major Assignment 2, you will finalize your analysis in your Part 3, Results section, and finalize your presentation of results from the different data sources. Also, for this week, you will complete the Part 4, Trustworthiness and Summary section to finalize the last part of this Major Assignment 2.
To prepare for this Assignment:
· Review the social change articles found in this week’s Learning Resources.
Part 4: Trustworthiness and Summary
D. Trustworthiness—summarize across the different data sources and respond to the following:
o What themes are in common?
o What sources have different themes?
o Explain the trustworthiness of your findings, in terms of:
§ Credibility
§ Transferability
§ Dependability strategies
§ Confirmability
Summary
· Based on the results of your analyses, how would you answer the question: “What is the meaning of social change for Walden graduate students?”
· Self-Reflection—Has your own understanding of you as a positive social change agent changed? Explain your reasoning.
· Based on your review of the three articles on social change, which one is aligned with your interests regarding social change and why?
By Day 7
Submit
Parts 1, 2, 3, and 4 of your Major Assignment 2.
.
For this Final Visual Analysis Project, you will choose one website .docxevonnehoggarth79783
For this Final Visual Analysis Project, you will choose one website that you visit frequently (it must be a professional business website, not your own personal website). Feel free to use websites such as Nike, Apple, Northwestern Mutual, etc. or a website that applies to your career choices.
Once you choose your website, you will begin to consider the effects the visual elements have on the viewers and
create a thesis statement and outline using the response elements 1-5 below.
For the Thesis & Outline TEMPLATE document click
here
.
APA title page, reference page, and formatting.
Use at least four academic/scholarly sources.
Use properly cited quotes and paraphrases when necessary.
Complete, polished, and error-free cohesive sentences.
Contains an introduction, body, and conclusion.
Sensory Response –
When analyzing the viewer’s sensory response to a particular visual, it is important to consider the visual elements that attract the eyes. Close your eyes when considering a visual. When you open your eyes, what are the first visual elements that you see? When analyzing a viewer’s Sensory Response, you may consider analyzing at least two of the following effects:
Colors
Lines
Shapes
Balance
Contrast
Perceptual Response –
When analyzing a viewer’s perception of visuals, it is important to consider the audience. Consider who is or is not attracted to this type of visual communication. When analyzing a viewer’s Perceptual Response, consider at least two of the following effects:
Target audience specifics (age, profession, gender, financial status, etc.)
Cultural familiarity elements (ethnicity, religious preference, social groups, etc)
Cognitive visuals (viewer’s memories, experiences, values, beliefs, etc.)
Technical Response –
When analyzing a viewer’s response to certain visuals, we need to consider the technical visual aspects that may affect perception. Describe how visuals affect the interpretation of the intended media communication message. Address specific technological elements that impact perception. When analyzing the Technical Response, consider the Laws of Perceptual Organization (similarity, proximity, continuity, common fate, etc), and at least two of the following types of visuals:
Drop-down menus
Hover-over highlighting
Animations
Quality of visuals
Emotional Response
– When analyzing a viewer’s Emotional Response, it is important to consider the targeted audience preferences and emotional intelligence. Discuss what the viewer might want to see and what type of visual presentation will set the tone for that response. When analyzing the Emotional Response, consider the effects of at least two of the following types of visuals:
Mood setting colors
Mood setting lighting
Persuasive images
Positioning of search or purchase buttons
Social media icons and share options
Ethical Response -
When analyzing a viewer’s Ethical Response, it is important to consider the ta.
For this essay, you will select one of the sources you have found th.docxevonnehoggarth79783
For this essay, you will select one of the sources you have found through your preliminary research about your research topic (see Assignment 1.1). Which source you choose is up to you; however, it should be substantial enough that you will be able to talk about it at length, and intricate enough that it will keep you (and your reader) interested. For more info see attached document
.
For this discussion, you will address the following prompts. Keep in.docxevonnehoggarth79783
For this discussion, you will address the following prompts. Keep in mind that the article or video you’ve chosen should not be about critical thinking, but should be about someone making a statement, claim, or argument related to Povetry & Income equality. One source should demonstrate good critical thinking skills and the other source should demonstrate the lack or absence of critical thinking skills. Personal examples should not be used.
1. Explain at least five elements of critical thinking that you found in the reading material.
2.Search the Internet, media, and find an example in which good critical thinking skills are being demonstrated by the author or speaker. Summarize the content and explain why you think it demonstrates good critical thinking skills.
3.Search the Internet, media, or and find an example in which the author or speaker lacks good critical thinking skills. Summarize the content and explain why you think it demonstrates the absence of good, critical thinking skills.
Your initial post should be at least 250 words in length, which should include a thorough response to each question.
Due midnight Thursday April 22,2020
.
For this discussion, research a recent science news event that h.docxevonnehoggarth79783
For this discussion, research a recent science news event that has occurred in the last six months. The event should come from a well-known news source, such as ABC, NBC, CBS, Fox, NPR, PBS, BBC, National Geographic, The New York Times, and so on. Post a link to the news story, and in your initial post:
* Summarize your news story and its contributions to the science or STEM fields
* If your news event is overtly related to globalization, explain how this event contributes to global studies. If your news event does not directly relate to globalization, how could the science behind your event be applied to global studies?
.
For this Discussion, review the case Learning Resources and the .docxevonnehoggarth79783
For this Discussion, review the case Learning Resources and the case study excerpt presented. Reflect on the case study excerpt and consider the therapy approaches you might take to assess, diagnose, and treat the patient’s health needs.
Case: An elderly widow who just lost her spouse.
Subjective: A patient presents to your primary care office today with chief complaint of insomnia. Patient is 75 YO with PMH of DM, HTN, and MDD. Her husband of 41 years passed away 10 months ago. Since then, she states her depression has gotten worse as well as her sleep habits. The patient has no previous history of depression prior to her husband’s death. She is awake, alert, and oriented x3. Patient normally sees PCP once or twice a year. Patient denies any suicidal ideations. Patient arrived at the office today by private vehicle. Patient currently takes the following medications:
•
Metformin 500mg BID
•
Januvia 100mg daily
•
Losartan 100mg daily
•
HCTZ 25mg daily
•
Sertraline 100mg daily
Current weight: 88 kg
Current height: 64 inches
Temp: 98.6 degrees F
BP: 132/86
By Day 3 of Week 7
Post
a response to each of the following:
• List three questions you might ask the patient if she were in your office. Provide a rationale for why you might ask these questions.
• Identify people in the patient’s life you would need to speak to or get feedback from to further assess the patient’s situation. Include specific questions you might ask these people and why.
• Explain what, if any, physical exams, and diagnostic tests would be appropriate for the patient and how the results would be used.
• List a differential diagnosis for the patient. Identify the one that you think is most likely and explain why.
• List two pharmacologic agents and their dosing that would be appropriate for the patient’s antidepressant therapy based on pharmacokinetics and pharmacodynamics. From a mechanism of action perspective, provide a rationale for why you might choose one agent over the other.
• For the drug therapy you select, identify any contraindications to use or alterations in dosing that may need to be considered based on the client’s ethnicity. Discuss why the contraindication/alteration you identify exists. That is, what would be problematic with the use of this drug in individuals of other ethnicities?
• Include any “check points” (i.e., follow-up data at Week 4, 8, 12, etc.), and indicate any therapeutic changes that you might make based on possible outcomes that may happen given your treatment options chosen.
Respond to the these discussions. All questions need to be addressed.
Discussion 2 Me
Treatment of a Patient with Insomnia
The case presented this week, is that of a 75-year-old widow who just lost her spouse 10-months ago. Th patient presents with chief complaints of insomnia. Past medical history of DM, HTN, and MDD is reported. Since the passing of her husband, she states her depression has gotten worse .
For this Discussion, give an example of how an event in one part.docxevonnehoggarth79783
For this Discussion, give an example of how an event in one part of the world can cause a response elsewhere in the world:
Reviewing the aspects of your event, analyze the cause and effect of global influences through direct or indirect means.
What aspects of diversity are evident in your event?
How can understanding diversity benefit a society?
.
For this discussion, consider the role of the LPN and the RN in .docxevonnehoggarth79783
For this discussion, consider the role of the LPN and the RN in the nursing process.
How would the LPN and RN collaborate to develop the nursing plan of care to ensure the patient is achieving their goal?
What are the role expectations for the LPN and RN in the nursing process?
Pls include two references and intext citation.
.
For this discussion, after you have viewed the videos on this topi.docxevonnehoggarth79783
For this discussion, after you have viewed the videos on this topic posted in this week's assignment, please answer the questions posted with this week's discussion.
After posting your individual answers to questions, you are required to respond to 2 students answers with meaningful/thoughtful input on their comments. Your responses must be minimum of a paragraph with at least 3 sentences. Your comments to 2 students
Video #1: History of Homosexuality on Film -- https://youtu.be/SeDhMKd83r4
Video #2: The Gay Culture, According to Television -- https://youtu.be/EbdxRZJfRp4
Video #3: Top 10 Groundbreaking Moments for LGBTQ Characters on TV -- https://youtu.be/yXJAzPJFjQ8
Video #4: I'm Gay, But I'm not ... -- https://criticalmediaproject.org/im-gay-but-im-not/
Video #5: Acting Gay - One Word Cut -- https://youtu.be/a4jfiqiIy0A
LGBTQ+ Questions:
· Name some common stereotypes associated with LGBTQ community?
· What role does media play in establishing & perpetuating these stereotypes?
· Name 2 LGBTQ characters, 1 one from current show/movie; 1 from 10-15 years ago
. Are there differences in the characters?
. Have things changed? Evolved? Improved?
· Are LGBTQ characters portrayed differently than straight characters?
· Why do stories involving LGBTQ characters revolve around their sexuality or sexual orientation?
Acting Gay - One Word: What is your one-word association with the saying "Acting Gay"? Why did you choose this word?
Jarrett Kelley
LGBTQ Discussion
COLLAPSE
Top of Form
1. Some common stereotypes that coincide with the LGBTQ community are promiscuous, non-religious, flamboyant, mentally ill, high sex drives, etc.
2. The media plays a role in establishing these stereotypes because the general public is always watching these shows, reading the news, and listening to stories about different cultures and groups and media that they may not see or interact with in their lives. Therefore, media is an outlet to show these things in a easy way to gain knowledge about people without meeting people face-to-face apart of these groups when sometimes the stereotypes shown can't represent everyone in those groups.
3. Currently, in Marvel's Runaways, that ended in December, there are two lesbian superheros that share a kiss at the end of a season. Karolina, one of the characters, wants to get away from her childhood of religious upbringing and wants to pursue her own life with her superpower of glowing colors. Nico is shown with a Gothic appearance and can be seen as aggressive but down to earth as well. The War at Home was a television show on Fox and a character named Kenny, who is sixteen years old, is kicked out of his house by his parents after finding out he is gay.
a. There are some differences in the characters as Karolina is more flamboyant and colorful, compared to Nico who is goth and likes to remain strictly to business. Kenny is quiet most of the time about his life, especially about his gay crush until his p.
For this discussion choose one of the case studies listed bel.docxevonnehoggarth79783
For this "discussion" choose
one
of the case studies listed below and mention which case study number you picked. After completing your readings, you should be able to identify the psychological disorder associated to each. After choosing one case study, identify the diagnosis, symptoms in your words and treatment plan for that diagnosis. Provide
in-text citations and references in APA format
to indicate where you are getting information from regarding diagnosis and treatment options).
This is the Case Study I chose:
Martin is a 21 year-old business major at a large university. Over the past few weeks his family and friends have noticed increasingly bizarre behaviors. On many occasions they’ve overheard him whispering in an agitated voice, even though there is no one nearby. Lately, he has refused to answer or make calls on his cell phone, claiming that if he does it will activate a deadly chip that was implanted in his brain by evil aliens. His parents have tried to get him to go with them to a psychiatrist for an evaluation, but he refuses. He has accused them on several occasions of conspiring with the aliens to have him killed so they can remove his brain and put it inside one of their own. He has stopped attended classes altogether. He is now so far behind in his coursework that he will fail if something doesn’t change very soon. Although Martin occasionally has a few beers with his friends, he’s never been known to abuse alcohol or use drugs. He does, however, have an estranged aunt who has been in and out of psychiatric hospitals over the years due to erratic and bizarre behavior.
The Psychological disorder is: SCHIZOPHRENIA
I have attached the reading as well.
Please Consider the following:
APA Format
Only sources from the text
250 words or more
Please let me know if you need anything else.
.
For this assignment, you will use what youve learned about symbolic.docxevonnehoggarth79783
For this assignment, you will use what you've learned about symbolic interactionism to develop your own analysis.
Your assignment is to select a television program that you know contains social inequality or social class themes. In 3-5 pages make sure to provide the following:
Provide a brief introduction that includes the program's title, describes the type of program, and explains which social theme you are addressing
Describe and explain scenes that apply to the social theme.
Identify all observed body language, facial expressions, gestures, posture stances, modes of dress, nonverbal cues, symbols, and any other observed nonverbal forms of communication in the scenes.
Explain your interpretation of the meanings of the identified nonverbal communications and symbolism.
Summarize how these interpretations are important to the sociological understanding of your chosen social inequality or social class theme.
Suggest how your interpretation of the respective meanings might be generalized to society as a whole.
.
For this Assignment, you will research various perspectives of a mul.docxevonnehoggarth79783
For this Assignment, you will research various perspectives of a multicultural education issue and develop an advocacy plan to effectively communicate and advocate for a culturally responsive solution. During the development of your advocacy plan, synthesize and reflect on the major learning points that are applicable to leading culturally responsive social change in your context.
To prepare for this Assignment, review the issues you identified in the Equity Audit assignment.
Review Chapters 1–5 (pp. 1–64) of “An Introduction to Advocacy: Training Guide.”
Develop and submit your advocacy plan. To complete this Assignment, use the document below:
.
For this assignment, you will be studying a story from the Gospe.docxevonnehoggarth79783
For this assignment, you will be studying a story from the Gospels. More specifically, you will be studying Jesus encounter with Mary and Martha in Luke 10:38-42. You will use the template below in order to complete a study of this passage. In your study, you will use the skills of Observation, Interpretation, Correlation, and Application that you have become familiar with through your reading in
Everyday Bible Study
.
.
For this assignment, you will discuss how you see the Design Princip.docxevonnehoggarth79783
For this assignment, you will discuss how you see the Design Principles used in a 2D print. You can select a 2D print from your home, workplace, or use the CSU Art Appreciation LibGuide to find a print in an online museum. Take a photograph of the print or save an image of the print, and include it in the worksheet.In Unit II, our assignment was to describe an artwork using the Visual Elements. We can think of the Design Principles as a way that the artist organized the Visual Elements. Instead of focusing on the small parts of the artwork (like line, shape, and mass) the Design Principles look at the whole artwork and how all the elements work together. Provide a detailed description of the design principles in your 2D print, using full and complete sentences. For Design Principles, make sure you describe how the artist used the ones in Chapter 5: unity and variety, balance, emphasis, repetition and rhythm, and scale and proportion. Questions to consider are included below:
Unity: what elements work together to make a harmonious whole?
Variety: What creates diversity?
Balance: Is it symmetrical or asymmetrical?
Emphasis: What is the focal point?
Repetition and rhythm: Is an element repeated?
Scale and proportion: Are the objects in proportion to each other?
Be sure to describe exactly where in the artwork you see each Principle. You'll want to describe each artwork using the terms we learned in this unit's reading. Remember to write in complete sentences and use proper grammar.
.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
1. 841- Advanced Computer Forensics
Unix Forensics Lab
Due Date: Please submit your answers to the Linux Lab dropbox
by midnight of July 2nd 2013.
*****************************************************
*************************
To challenge yourself, you may work on the advanced Unix
forensics lab analyzing the Lewis USB image and writing a
report about this case. See the file UNIXForensicslab-usb for
details.
*****************************************************
*************************
Objective
This lab will use Autopsy, PTK, Sleuthkit and foremost to
analyze a given image. Read the entire document before starting
to be sure you have all the necessary tools and files required to
complete the lab. You should further explore the tools used in
this lab to ensure your familiarity with alternative investigation
options.
Deliverable
Answer all the exercise questions and include screenshots as
supporting data if necessary.
OPTIONS:
You can work on this lab by
1. using a bootable live CD, for example, backtrack 5
2. using the RLES vCloud.
3. using SANS Investigate Forensic Toolkit (SIFT) Workstation,
http://computer-forensics.sans.org/community/downloads.
4. installing the software on your own system (check the
2. appendix for more installation details).
If you choose to use the RLES vCloud, please continue.
Lab Setup for using RLES vCloud
This lab is designed to function on the RLES vCloud via
https://rlesvcloud.rit.edu/cloud/org/NAT. Please FIRST read
the RLES VCLOUD user guide in myCourses > Content >
Hands-on Labs.
Special Browser Setting Requirement (See RLES VCLOUD user
guide)
In order to view the console of virtual machines, the VMRC
plugin must be installed within the browser. The first time the
console is accessed, the plugin can be downloaded. In Internet
Explorer, https://rlesvlcoud.rit.edu must be added to the Local
intranet zone.
(Go to Tools -> Internet Options -> Security tab -> Local
intranet, click the Sites button, click Advanced and add the
URL.)
The interface is available by navigating to
https://rlesvcloud.rit.edu/cloud/org/NAT. (Yes, we know the
certificate wasn’t issued by a commonly trusted certificate
authority. Also check the user guide for your browser
compatibility).
Use your RIT Computer Account credentials to gain access to
the rlesvcloud interface.
To start, you will first create your vApp by following the
instructions of Add a vApp Template to My Cloud in the RLES
VCLOUND user guide. Make sure to follow the vApp name
convention defined in the RLES VCLOUND user guide and
select the vApp template, 841_Linux_Forensics, from the Public
3. Catalogs. No network/IP address is needed for this lab.
Double click on the virtual machine to power it on, now you
should have a Linux forensics machine with all the forensics’
tools to provide you with a highly interesting experience in
forensics investigation. Login to the virtual machine with
Username: root
Password: netsys
Exercise 1:Using Autopsy and Sleuthkit
Requires: floppy.dd disk image (located in the Images folder on
desktop).
Review http://www.sleuthkit.org/sleuthkit/tools.php, which lists
all of the tools that make up Sleuthkit. Make sure to review all
commands now otherwise this lab will be extremely difficult to
complete.
Autopsy 2.21 was installed in /usr/local/autopsy‐2.21/ with
default evidence locker: /usr/local/evidence
To Start autopsy:
Start a terminal (go to applications -> Accessories->Terminal)
and type in
$ /usr/local/autopsy-2.21/autopsy
While this process is running, open a web browser point it
to the URL indicated – http://localhost:9999/autopsy
Click on “New Case”.
Enter “UnixLab-Case01” as the case name; then click “New
Case”. Confirm the information and click “OK”. (Names with
spaces will not work.)
4. Click “Add Host”.
Enter “Host1” under “Host Name” and “EST” under “Timezone”
and click “Add Host”.
Question 1: What other information can be set?
Time skew adjustment : describe how many seconds this
computer’s clock was out of sync.
Confirm the information and click “ADD HOST”.
Click “Add Image”.
Click “ADD IMAGE FILE”.
Select “Partition” instead of “Disk”.
In “Location” type the path to the image file “floppy.dd”. (The
file floppy.dd is located in the fold called Images on desktop.)
In “Import Method” select “Copy to Evidence Locker”.
Question 2: What other options are available to you? When
might you want to use the alternatives?
To analyze the image file, it must be located in the evidence
locker. It can be imported from its current location using a
symbolic link, by copying it, or by moving it. Note that if a
system failure occurs during the move, then the image could
become corrupt
The md5 hash value for floppy.dd is:
ee54a82de158cb154252439c88d6859e
Review the options for checking / creating md5’s and select the
appropriate entry based on the information you currently have.
Question 3: Which selection did you make and why?
I choose the option to calculate the hash value and I got the
5. same value to the one which Is above
Then I added the hash value and enable the verification of hash
after importing
Autopsy and Sleuthkit identifies the file system type to be
fat12.
Question 4: How would you determine the file system type of an
image file? Include a screenshot to support your statement.
We can use “fsstat” command which can give us the file system
type of the image
In “Mount Point” type “a:”
Question 5: Why might the ”original mount point” setting be
useful?
Because it is a floppy image so usually it is in “a” partition
Click “Add”.
Confirm the information and click “OK”.
Click “Analysis” and choose “FILE ANALYSIS”
Click some of the files shown. In the information window at the
bottom click on the “display” and “report” links.
Question 6: What information can you get from “File
Analysis”?
From report we can get a lot of information like file location ,
MD5 of file , SHA-1 of file , file system type and data
generation date this regarding the general information , for the
meta data information we can get information like directory
entry , file size and sectors used
6. From here you can recover any of the files shown, including
deleted ones. Next you will recover a deleted file.
Choose one of the deleted files. In the information window click
“Export”.
Depending on your browser, it will either ask you to save the
file or it will automatically create the file in you downloads
folder.
Question 7: How can you determine that a file has been deleted?
Because it shows in red color with a mark on the DEL Column
Try opening the file. Run the “file” command on the file on
your terminal.
Question 8: What other information available from the “file”
command? Include a screenshot to support your statement.
File command will give us information about the content of the
file
Click “File Type”. Then click “Sort Files by Type”. Then click
“OK”.
Question 9: What other options are available? How might they
be useful in an investigation?
We can Sort files into categories by type and ignore the
unknown file types also we can Save a copy of files in category
directory and we can choose to save only graphic images and
this maybe help us in investigation to save the time and reduce
the amount of data which we need to look inside in order to
achieve what we are looking for
Copy the URL of “Output can be found by viewing”. Then open
7. a new browser window, paste the URL into the new window and
load the page.
Question 10: What similarities and differences can you observe
between the current page and the new page you opened? Is there
any additional information available on either page? How might
you use any such information (if it exists)?
The two pages are exactly similar to each other same number of
files (41) , same number of file skipped (8) , same number of
extension mismatch (4) and same number of categories (33)
with the same number of files in each category
The Sorter Output window shows you how many of each file
type were found (categories can be added). Click one of the file
type links.
Question 11: What information are you shown and why is this
information useful?
It gives us information regarding the file type we choose , as
example , I clicked on the documents file which contain one file
only and I got information like creation time , last saved time ,
number of pages ,number of words and file location on the disk
, this information is useful because it help us to focus on the
type of files we are looking for and get all the above
information from it
Click on “Meta Data” and provide a valid inode number.
Question 12: Knowing an inode number, how can one determine
the data blocks referenced by that inode (provide both a GUI
answer and a CMD-LINE answer).
Click on “Image Details” and read the information given.
8. Question 13: What information can you get from this window?
It gives us a lot of information like file system information
which contain , file system type and details of file system
layout . meta data information , content information which
contain sector size ,cluster size and total cluster range , and
finally a details of file contents .
Question 14: What is a superblock and what is its purpose?
The superblock is essentially file system metadata and defines
the file system type, size, status, and information about other
metadata structures (metadata of metadata). The superblock is
very critical to the file system and therefore is stored in
multiple redundant copies for each file system. The superblock
is a very "high level" metadata structure for the file system. For
example, if the superblock of a partition, /var, becomes corrupt
then the file system in question (/var) cannot be mounted by the
operating system , The backup copies themselves are stored in
block groups spread through the file system with the first stored
at a 1 block offset from the start of the partition. This is
important in the event that a manual recovery is necessary.
Click “Close”.
Back in the “Host Manager” click “File Activity Timelines”.
Click “Create Data File”.
Select the disk image and click “OK”
Confirm the information.
Question 15: What command line tools were run? What other
options can be passed to these tools?
Running fls -r -m on vol1
9. Click “OK”.
In the “Create Timeline” window you can select the starting and
ending dates of file activity that you want to see. For this lab
you will choose none so you will see all activity.
Under “Enter the file name to save as” enter “fa_lab2”
Click “OK”.
Note where the timeline is saved to and click “OK”.
Note the information. Click the links at the top to look at other
dates.
Question 16: What is the significance of the information? How
might this be useful?
We can see the dates of the files and when they used , which
files deleted from the hard disk , size of each file and the
location of the file on disk
Click “Close”.
Back to “Host Manager” click “Image Integrity”.
Question 17: What comparisons are being made? How does it
know?
Check the MD5 of the image , body and the time line to ensure
that all them are correct by compare the original MD5 with the
current MD5 of each file
Click “OK”.
Question 18. Explore any other features of Autopsy & Sleuthkit,
and include any interesting results.
10. We can add event to the event sequencer and chose the desired
date which we want that event to be used and also we can add
notes with each analysis and this will be helpful for any one
who look at our work later
After you are done, close the case by clicking “Close Host” then
“Close Case”. You can reopen the case to work on it later if you
choose to.
Exercise 2: Using Foremost
“Foremost is a console program to recover files based on their
headers and footers. Foremost can work on image files, such as
those generated by dd, Safeback, Encase, etc, or directly on a
drive. The headers and footers are specified by a configuration
file, so you can pick and choose which headers you want to look
for.” (From the Foremost website)
Read the document from
http://foremost.sourceforge.net/foremost.html to understand
more about foremost and how to setup the foremost.conf.
Run foremost against the floppy.dd disk image in your terminal.
Question 19: What files did it identify? Did it match the
extension of the file?
I got a lot of folders for different file extensions and one file
called audit.txt
Question 20: Why is foremost capable of being independent of
filesystem, volume, and media?
Because Foremost is a console program to recover files based
on their headers , footers and internal data structures .
11. APPENDIX
(If you choose to run this lab on your own system!)
You may use a Helix 1.9 or later version of live Linux CD
(http://www.e-fense.com/helix/) instead of install all the
software to your system. The Helix live CD includes all the
software (Except PTK) you need for this lab. If you do not have
a Linux/Unix system, a live Linux CD is definitely your choice.
If you use Helix live CD, you can skip “Installing software”
A. Installing Autopsy and SleuthkitDownload the latest version
of Autopsy and Sleuthkit from
http://www.sleuthkit.org/sleuthkit/download.php and
http://www.sleuthkit.org/autopsy/download.php
BE SURE to verify the source code using gpg
Install Sleuthkit:
Select the latest version of Sleuthkit and unpack the distribution
to /usr/local
Compile the source code (run “make”).
Copy the manfiles for sleuthkit to the appropriate locations in
/usr/share/man to make the man pages available to your relative
path.
The readme files that accompany the software contain a great
deal of important information. Right now, read the
/usr/local/autopsy/README file. It will give you an overview
of Sleuthkit.
Install the Autopsy Forensic Browser
Choose the latest version of Autopsy and unpack the
distribution to /usr/local
12. Compile the source code (run “make”).
Copy the manfiles for Autopsy to the appropriate locations in
/usr/share/man to make the man pages available to your relative
path.
The readme files that accompany the software contain a great
deal of important information. Right now, read the
/usr/local/autopsy/README file. It will give you an overview
of Autopsy.
When prompted for the Sleuthkit directory, enter the directory
where you installed Sleuthkit.
When prompted for the NIST National Software Reference
Library (NSRL) hit n because we will not be using that for this
lab.
When prompted for the location of the Evidence locker, enter
/usr/local/evidence. (This directory needs to be created
otherwise the autopsy program generates an error when is starts
up.)
*** NOTE: This directory has been specified for ease of use in
this lab exercise. In the field it would be suggested to create a
partition on the hard drive or another hard drive and mount that
into the filesystem in its own location (away from system files –
e.g. usr, home, etc.). In this way the partition or hard drive
could be cleaned of any old evidence (zero’d) before new
evidence is written to it, thereby preventing contamination of
any evidence. ***
B. Installing Foremost
Download the latest version of foremost from
http://foremost.sourceforge.net/
13. Make and install the software.
Copy the man page to the proper directory.
Pan, 4055-841 Page 8 of 8 UNIX ForensicsLab.doc
