started writing report2.

[pub/jan/digfor.git] / report2 / content.tex

\newpage\section{Can you find hints or evidence on the personality of the applicant of Charles Prince? (2 points)}


\newpage\section{In particular, search for name, address or contact information (e.g., online nicknames). (2 points)}


\newpage\section{Can you find hard evidence that Charles Prince has stolen the car? (2 points)}


\newpage\section{Search for pictures of the stolen car. (2 points)}


\newpage\section{Can you find any information on where the car is parked for delivery? (2 points)}


\newpage\section{Find all traces of online activity that is connected with the theft. (2 points)}










\newpage\section{Details}
\subsection{Files}
\subsubsection{NTFS\_Image.dd}
NTFS image at the beginning.
\begin{quote}
\textbf{size}: 271401984 byte\\
\textbf{''file''-output}: DOS/MBR boot sector, Microsoft Windows XP Bootloader NTFS (german)\\
\textbf{sha512}\\\ttfamily{
4caa0188dce8219246af0a5e2c52841140fec8d33513e91d880971b19b87c8c0\\
16f946227a941e31fdfeb5f35f901c6156e500f8d5fce9bb2035d36cfec34cfa}
\end{quote}


\subsection{Used tools on GuestVM}
Tools that were used for analysis (-{}-version):
\begin{itemize}
\item Autopsy 3.0.10
\end{itemize}

\subsection{Used tools on VM-Host}
Tools that were used for analysis (-{}-version):
\begin{itemize}
\item sha512sum (GNU coreutils) 8.22
\item ls (GNU coreutils) 8.22
\item file 5.18
\end{itemize}


\subsection{Machines}
\begin{itemize}
\item \textbf{Virtual machine}\\
Windows XP Version5.1 (Build2600.xpsp\_sp3\_qfe.130704-0421 : Service Pack3)
\item \textbf{Oracle VirtualBox} 4.3.10
\item \textbf{Host machine}\\
 Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux
\end{itemize}