This project needs to be done on a UNIX machine using the Sleuth forensic tools. If you are using your own machine, you need to install the Sleuth Kit forensic tools (http://www.sleuthkit.org) on your machine. If you are using the UoL server machine, the Sleuth Kit tools are installed already. Last week, we have briefly experienced Linux systems. I hope you are comfortable with UNIX systems already. If you still feel that you need to get more experience on Linux systems, you may check the UNIX tutorial web site at:http://www.ee.surrey.ac.uk/Teaching/Unix/.

This week, you need to use the Sleuth tools to carry out the following tasks on the FAT undelete image from http://dftt.sourceforge.net/test6/index.html (the image file 6-fat-undel.dd is in the directory/home/fsimage/on Laureate Linux server, you can enter that directory by typing "cd /home/fsimage/").

1. using the command fls to see the existing files and recently deleted files/folders in the image file: 6-fat-undel.dd
2. practice the following commands on the same image file: fsstat, icat, ifind, ils, istat, dcat, dls, dstat, dcalc

At the end of the week, you need to submit a detailed report on what you have done and what your findings are in the assignment folder.

 

The following is a backup project, this project should only be used in case that the Linux server at UoL is not available for certain reasons.

Download the tcpdump from http://www.tcpdump.org/, collect some traffic information in your network (note that this will not work with modem collections). If necessary, delete the confidential information. Post the collected information (the *.dmp file) in the DQ folder. Then have some discussion on the collected data and get some conclusion about the network architecture. You may use the ARP request information for this analysis. Note that it is not required (though recommended) for each member to post collected network information. But all are required to download the software and experiment with it.