--- /dev/null
+
+\newpage\section{Can you find hints or evidence on the personality of the applicant of Charles Prince? (2 points)}
+
+
+\newpage\section{In particular, search for name, address or contact information (e.g., online nicknames). (2 points)}
+
+
+\newpage\section{Can you find hard evidence that Charles Prince has stolen the car? (2 points)}
+
+
+\newpage\section{Search for pictures of the stolen car. (2 points)}
+
+
+\newpage\section{Can you find any information on where the car is parked for delivery? (2 points)}
+
+
+\newpage\section{Find all traces of online activity that is connected with the theft. (2 points)}
+
+
+
+
+
+
+
+
+
+
+\newpage\section{Details}
+\subsection{Files}
+\subsubsection{NTFS\_Image.dd}
+NTFS image at the beginning.
+\begin{quote}
+\textbf{size}: 271401984 byte\\
+\textbf{''file''-output}: DOS/MBR boot sector, Microsoft Windows XP Bootloader NTFS (german)\\
+\textbf{sha512}\\\ttfamily{
+4caa0188dce8219246af0a5e2c52841140fec8d33513e91d880971b19b87c8c0\\
+16f946227a941e31fdfeb5f35f901c6156e500f8d5fce9bb2035d36cfec34cfa}
+\end{quote}
+
+
+\subsection{Used tools on GuestVM}
+Tools that were used for analysis (-{}-version):
+\begin{itemize}
+\item Autopsy 3.0.10
+\end{itemize}
+
+\subsection{Used tools on VM-Host}
+Tools that were used for analysis (-{}-version):
+\begin{itemize}
+\item sha512sum (GNU coreutils) 8.22
+\item ls (GNU coreutils) 8.22
+\item file 5.18
+\end{itemize}
+
+
+\subsection{Machines}
+\begin{itemize}
+\item \textbf{Virtual machine}\\
+Windows XP Version5.1 (Build2600.xpsp\_sp3\_qfe.130704-0421 : Service Pack3)
+\item \textbf{Oracle VirtualBox} 4.3.10
+\item \textbf{Host machine}\\
+ Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux
+\end{itemize}
+
--- /dev/null
+\RequirePackage{snapshot} % stats of included files: $filename.dep
+
+\documentclass[12pt,a4paper,ngerman]{article}
+\usepackage[ngerman]{babel}
+
+%%%%% Formatting and encoding %%%%%
+% encoding
+\usepackage[T1]{fontenc}
+\usepackage[utf8]{inputenc}
+
+% page
+\usepackage[columnsep=1.75cm,lmargin=1.75cm,rmargin=1.75cm,tmargin=2.5cm,bmargin=2.5cm]{geometry}
+\setlength{\parindent}{0pt}
+
+\usepackage{fancyhdr}
+\pagestyle{fancy}
+\lhead{}
+\chead{}
+\rhead{}
+\cfoot{}
+\fancyhead[LE,RO]{\leftmark}
+\fancyfoot[LE,RO]{\thepage}
+
+% Use sans serif font.
+\renewcommand*{\familydefault}{\sfdefault}
+
+% change heading fontsizes.
+\usepackage{sectsty}
+\subsectionfont{\normalsize}
+\subsubsectionfont{\small}
+
+% \chapter hacks
+% Create \Hide command (used for chapters)
+\usepackage[explicit]{titlesec}
+\newcommand*\Hide{\titleformat{\chapter}[display]{}{}{0pt}{\Huge}\titleformat{\part}{}{}{0pt}{}}
+
+% inhibit creation of new double page on new chapter.
+\usepackage{etoolbox}
+\makeatletter
+\patchcmd{\chapter}{\if@openright\cleardoublepage\else\clearpage\fi}{}{}{}
+\makeatother
+
+% change heading margins.
+\titlespacing*{\chapter}{0pt}{0pt}{-40pt}
+\titlespacing*{\section}{0pt}{9pt}{3pt}
+\titlespacing*{\subsection}{0pt}{6pt}{0pt}
+\titlespacing*{\subsubsection}{0pt}{0pt}{0pt}
+
+% make \paragraph do newlines
+\makeatletter
+\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}
+ {-.75ex \@plus -1ex \@minus -0.2ex}
+ {0.01pt}
+ {\normalfont\normalsize\bfseries}
+}
+\makeatother
+
+%%% TOC changes %%%
+% inhibit "Contents" Head in TOC
+\makeatletter
+\renewcommand\tableofcontents{\@starttoc{toc}}
+\makeatother
+
+%make toc consider Chapter and section only.
+\setcounter{tocdepth}{3}
+
+% disable chapter, section, ... numbering
+\setcounter{secnumdepth}{-1}
+
+%%% /TOC changes %%%
+
+% make footnote numbering reset on every page.
+\usepackage[hang,flushmargin,perpage]{footmisc}
+%%%%% / Formatting %%%%%
+
+% includable git commit info
+\usepackage[missing=run\ build.sh\ or\ gitinfohook.sh]{gitinfo}
+
+% Fürs "last generated" Datum
+\usepackage[iso]{isodate}
+
+% Image import stuff
+\usepackage[absolute]{textpos}
+\usepackage{graphicx}
+\DeclareGraphicsExtensions{.pdf,.png,.jpg}
+
+% clickable references/links/...
+\usepackage{hyperref}
+
+% euro-sign
+\usepackage{eurosym}
+\DeclareUnicodeCharacter{20AC}{\euro}
+
+% frames
+\usepackage[framemethod=default]{mdframed}
+\newmdenv[linecolor=red,backgroundcolor=yellow]{yellowframe}
+
+% quotes
+\usepackage[babel,german=quotes]{csquotes}
+
+
+% START DOCUMENT
+\begin{document}\thispagestyle{empty}
+\hspace{50pt}
+\section*{Digital Forensics 188.922}
+\textbf{2014S}
+
+\section*{Assignment 2}
+\textbf{NTFS}
+
+\section*{Jan Vales}
+\textbf{0726236\\\url{mailto:jan@jvales.net}}\\\\
+\textbf{Still want an official \LaTeX{} template!}\\
+
+\vspace{50pt}
+
+\section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize}
+\subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\
+git clone \url{ssh://git@git.somenet.org:666/priv/jan/digfor}\\
+This is revision: \textbf{\gitAbbrevHash}. Document (.tex) compiled on: \textbf{\today}
+\end{footnotesize}\vspace{\fill}\newpage
+
+\input{content.tex}
+
+\end{document}
SomeNet / public repos / pub / jan / digfor.git / commitdiff