Purchase Solution

Unix and Sleuth

Not what you're looking for?

Ask Custom Question

This project needs to be done on a UNIX machine using the Sleuth forensic tools. If you are using your own machine, you need to install the Sleuth Kit forensic tools (http://www.sleuthkit.org) on your machine.

This week, you need to use the Sleuth tools to carry out the following tasks on the FAT undelete image from http://dftt.sourceforge.net/test6/index.html (there is a zip link on the site that you can get the image from : http://sourceforge.net/projects/dftt/files/Test%20Images/6_%20FAT%20File%20Recovery%20%231/6-undel-fat.zip/download?use_mirror=jaist&download=

1. using the command fls to see the existing files and recently deleted files/folders in the image file: 6-fat-undel.dd (provide screenshot and explanation)

2. practice the following commands on the same image file: fsstat, icat, ifind, ils, istat, dcat, dls, dstat, dcalc (provide screenshot and explanation)

To download the image:
http://sourceforge.net/projects/dftt/files/Test%20Images/6_%20FAT%20File%20Recovery%20%231/6-undel-fat.zip/download?use_mirror=jaist&download=

Purchase this Solution
Solution Summary

Some of the Unix commands of Sleuth Kit are executed. Command line executions commands as well as their outputs are presented here.

Solution Preview

In old system dls, dcalc etc; in new system: blkls, blkcalc etc.

11 tools:
Data Unit Layer: dls, dcat, dstat, dcalc
Meta Data Layer: ils, icat, istat, ifind
File Name Layer: fls, ffind
File System Layer: fsstat
//
FIRST_LETTER LAYER
d Data Unit - file and directory content stored.
i Meta Data - descriptive data about files and directories stored.
f File Name - actual name of the file or directory saved.
fs File System - all other file system specific data stored.
//
Functions of tools:
ENDING FUNCTION
ls Lists information in layer
cat Displays content in layer
stat Displays details about a given object in layer
find Maps other layers to its layer
calc Calculates "something" in the layer
/////////////////////
Commands execution outputs:
////////
1. fls: List file and directory names in a disk image.
///////
Display undeleted files: (option -u):

#localhost 6-undel-fat]$ fls -u 6-fat-undel.dd
r/r 3: FAT_REC_1 (Volume Label Entry)
v/v 191619: $MBR
v/v 191620: $FAT1
v/v 191621: $FAT2
d/d 191622: $OrphanFiles
//////
Display deleted files: (option -d):

#localhost 6-undel-fat]$ fls -d 6-fat-undel.dd
r/r * 4: _rag1.dat
r/r * 5: _rag2.dat
r/r * 6: _ing.dat
r/r * 7: _ult1.dat
d/d * 8: _ir1
d/d * 11: System Volume Information
///////
Display all entries: option -a:

#localhost 6-undel-fat]$ fls -a 6-fat-undel.dd
r/r 3: FAT_REC_1 (Volume Label Entry)
r/r * 4: _rag1.dat
r/r * 5: _rag2.dat
r/r * 6: _ing.dat
r/r * 7: _ult1.dat
d/d * 8: _ir1
d/d * 11: System Volume Information
v/v 191619: $MBR
v/v 191620: $FAT1
v/v 191621: $FAT2
d/d 191622: $OrphanFiles
//////////////////////////////
fsstat: Display general details of a file system.
//////

#localhost 6-undel-fat]$ fsstat 6-fat-undel.dd
FILE SYSTEM INFORMATION
--------------------------------------------
File System Type: FAT16

OEM Name: MSDOS5.0
Volume ID: 0xc0fecd11
Volume Label (Boot Sector): NO NAME
Volume Label (Root Directory): FAT_REC_1
File System Type Label: FAT16

Sectors before file system: 63

File System Layout (in sectors)
Total Range: 0 - 12032
Total Range in Image: 0 - 12031
* Reserved: 0 - 7
** Boot Sector: 0
* FAT 0: 8 - 31
* FAT 1: 32 - 55
* Data Area: 56 - 12032
** Root Directory: 56 - 87
** Cluster Area: 88 - 12031
** Non-clustered: 12032 - 12032

METADATA INFORMATION
--------------------------------------------
Range: 2 - 191622
Root Directory: 2

CONTENT INFORMATION
--------------------------------------------
Sector Size: 512
Cluster Size: 1024
Total Cluster Range: 2 - 5973

FAT CONTENTS (in sectors)
--------------------------------------------
///////////////////////
ils: List inode information.
////
Display every inode: option -e:

#localhost 6-undel-fat]$ ils -e ...

Solution provided by:
Amrit Lal Ahuja, PhD (IP)
Education
  • BEng, Allahabad University, India
  • MSc , Pune University, India
  • PhD (IP), Pune University, India
Recent Feedback
  • " In question 2, you incorrectly add in the $3.00 dividend that was just paid to determine the value of the stock price using the dividend discount model. In question 4 response, it should have also been recognized that dividend discount models are not useful if any of the parameters used in the model are inaccurate. "
  • "feedback: fail to recognize the operating cash flow will not begin until the end of year 3."
  • "Answer was correct"
  • "Great thanks"
  • "Perfect solution..thank you"
Purchase this Solution
Free BrainMass Quizzes
Basic UNIX commands

Use this quiz to check your knowledge of a few common UNIX commands. The quiz covers some of the most essential UNIX commands and their basic usage. If you can pass this quiz then you are clearly on your way to becoming an effective UNIX command line user.

Basic Computer Terms

We use many basic terms like bit, pixel in our usual conversations about computers. Are we aware of what these mean? This little quiz is an attempt towards discovering that.

Javscript Basics

Quiz on basics of javascript programming language.

Word 2010: Tables

Have you never worked with Tables in Word 2010? Maybe it has been a while since you have used a Table in Word and you need to brush up on your skills. Several keywords and popular options are discussed as you go through this quiz.

Java loops

This quiz checks your knowledge of for and while loops in Java. For and while loops are essential building blocks for all Java programs. Having a solid understanding of these constructs is critical for success in programming Java.

View More Free Quizzes
Related BrainMass Solutions

  • Why do Java advocates support UNIX?

    Since Java works on UNIX and C# doesn't it makes sense the Java advocates want to see more UNIX systems so that there will be less support for C#.

  • Importance of unix to the internet

    "Unix was, and is, popular among researchers and computer science departments (which made up the early Internet), partly because some of the first versions of TCP/IP were distributed free with one version of Unix known as the Berkeley Software Distribution

  • Relation of Linux to UNIX

    Legally, it's a whole other kettle of fish and introduces legalisms like UNIX vs. Unix vs. Unix-like and so on. Unix the name, vs. Unix the system, etc. And there are also naming issues over Linux and GNU.

  • History of UNIX

    394312 History of UNIX Write a paper on the history of the UNIX operating system and discuss how it evolved based on industry needs and requirements.

  • Java and UNIX

    They developed a new operating system called UNIX in 1971. UNIX was simple and elegant, was written in c language and was able to recycle the code. UNIX is developed around a specific piece of code which is commonly known as kernel.

  • Unix platform to run a website

    Explain why servers not using Unix should be upgraded and made to use Unix General advantages of Unix: - It is more flexible and can be installed on many different types of machines, including main-frame computers, supercomputers and micro-computers

  • Accessing a UNIX file from Windows

    368148 Accessing a UNIX file from Windows Can a Windows computer access files on a UNIX machine (e.g. be able to open the file from Windows Explorer)? Please explain why and/or how. Accessing a UNIX File on Windows Let's just say YES!!!

  • Cost Analysis of Operating Systems

    220738 Cost Analysis of Operating Systems Compute and determine the cost analysis for Windows OS and UNIX by Comparison and Contrast.

  • Using Unix alias to emulate DoS commands

    56292 Using Unix alias to emulate DoS commands Assume you are an experienced DOS programmer and you want to write UNIX shell scripts using DOS commands. Use the alias command so you can type the follow DOS commands and perform UNIX functions: a.

View More Related Solutions