prepared report 4

[pub/jan/digfor.git] / report4 / content.tex

\newpage\section{Questions (12 points)}
\subsection{How and when did Mr. Smith and Mr. Mayer communicate? (2 point)}

2012-12-06 14:35:38 Johannes Smith 06603169718
2012-12-06 17:45:36 Johannes Smith +436605166042



\subsection{What information was exchanged between Mr. Smith and Mr. Mayer? (3 points)}

\subsection{Can you find any evidence or hints that support the suspicion of insider trade? (3 points)}

\subsection{Was the person that the witness identified really Mr. Mayer? (2 points)}

\subsection{Mr. Mayer seems to have more secrets than initially expected. What is his big secret? (2 points)}

\subsection{How and when did Mr. Smith and Mr. Mayer communicate? (2 point)}



\newpage\section{Details}
\subsection{Sources}
\subsubsection{iPhone.tar.gz (IPHONE)}
iPhone backup image from Allegro Mayer's Phone.
\begin{quote}
\textbf{size}: 6775181 byte\\
\textbf{''file''-output}: gzip compressed data, last modified: Fri Dec 14 11:42:54 2012, from Unix\\
\textbf{sha512}\\\ttfamily{
ff746e574a0d668e1d82c3ff72501a75eabe642e1dee7f20d3d74b9fe72054f9\\
9b9a91ded1b3f98067a63065423c620c73c42c65e13c3b110424854b3e7f6678}
\end{quote}

\subsubsection{Android.tar.gz (ANDROID)}
Android image from 's phone.
\begin{quote}
\textbf{size}: 270397822 byte\\
\textbf{''file''-output}: gzip compressed data, last modified: Fri Dec 14 12:06:37 2012, from Unix\\
\textbf{sha512}\\\ttfamily{
9614e30affc09d1cbfad5a96e43b2e40dae3c5c123db22dcbd53e980d14418d9\\
ab18c6a2b5b9f8a0e1539474612a4a7ceae627255a2169565f0dddf3409ef67d}
\end{quote}


\subsection{Used tools on Host}
Tools that were used for analysis (-{}-version):
\begin{itemize}
\item sha512sum (GNU coreutils) 8.22
\item ls (GNU coreutils) 8.22
\item file 5.18
\end{itemize}


\subsection{Machines}
\begin{itemize}
\item \textbf{Host machine}\\
Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux
\end{itemize}