Waiting for answer This question has not been answered yet. You can hire a professional tutor to get the answer.

QUESTION

Good Day, I could use some assistance with a question that requires a double answer. Are familiar with the software FRHed? I need to know the step on how to complete the assignment, not the answer !!!

Good Day,

I could use some assistance with a question that requires a double answer.

Are familiar with the software FRHed?

I need to know the step on how to complete the assignment, not the answer !!!! if you tell me the answer then I have not learnt nothing.

The assignment question(s) is:

Part 3. Use Frhed to Perform a Byte-Level File Analysis

Note: As part of your lab deliverables, you will create a report of your findings as if you were a forensic specialist gathering information for an investigation. You will be responsible for determining what to document throughout this part of the lab to complete this report.

In the next steps, you will use Frhed to perform an analysis of an unknown file type to confirm it is not malicious.

  1. From the vWorkstation desktop, launch the Frhed application.

From the Frhed toolbar, open the target.abc file (This PC > Local Disk (C:) > ISSA_TOOLS > ForensicsTools > target.abc).

Frhed opens the byte-level data of the file itself. The forensic investigator or network specialist can use this view to search for clues.

  1. Make a screen capture showing the clue that identifies the correct file type and paste it into the Lab Report file.

Note: A Hex editor such as Frhed can enable a forensic investigator to view data about a suspicious file or hidden file that may not be visible using a regular text editor. It can also be used to drill into specific file types to make sure the file is not malicious.

  1. Close the Frhed window.
  1. From the vWorkstation taskbar, launch the File Explorer, navigate to the target.abc file, and rename the file using the correct file type extension.
  1. From the File Explorer, open the renamed target.abc file in its native application.

Make a screen capture showing the contents of the renamed target.abc file and paste it into your Lab Report file.

Note: This completes Section 2 of this lab. In the next steps, you will use the File Transfer folder to move any files from the vWorkstation to your local system that are to be submitted as part of your lab deliverables. Refer to the instructions in the Common Lab Tasks document for more information on how to use this function.

  1. On the vWorkstation desktop, save the HTML files from your WinAudit report in a .zip archive titled yourname_S2_WinAudit, replacing yourname with your own name.

On the vWorkstation desktop, drag the deliverable file(s) into the File Transfer folder to complete the download to your local computer.

yourname_S2_WinAudit.zip

--------------

Part 3: Challenge Exercise

  1. Open a remote connection to the TargetWindows01 machine and use Frhed to open the cert_efs.pfx certificate file (C:\ISSA_TOOLS\ForensicsTools\cert_efs.pfx). Identify the encryption format and the user account the encrypted certificate was issued by. Make a screen capture showing your findings.

Help/Assistance needed

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question