@mscotgrove
The other files are
As someone who sits on the advisory board for a college's Information Assurance and Digital Forensics program, I would NOT be happy about finding answers to that program's homework questions online. You might want to edit the contents of your post, as the files you listed and gave in-depth information on have no bearing on the question you've asked the forum or its answer, and it's naive to think that other people taking your class, either now or in the future, won't be checking this forum for help. Just my $.02. D
Googling has left me with nothing. Can anyone give me the tiniest kick in the right direction?
I'll give you a kick 😉
Experiment, be creative, think of the problem from a different angle !
What MS programs are there that can create JPEG images?
As someone who sits on the advisory board for a college's Information Assurance and Digital Forensics program, I would NOT be happy about finding answers to that program's homework questions online.
Note that Jimmy Jungle case is a very widely known case. But you're right in saying that copying the answer from the internet will definitely NOT make you a CF investigator.
The format of the image is a JPEG graphics file with a jpg extension. The file signature (FF D8 FF E0 00 10 4A 46 49 46) identified the beginning of the file, and it is also a definitive indicator of the file type. This file is located in (block 9200-BA15).
The correspondence alludes to a password; there are actually two. Find the passwords; what are they and at what offset did you find them?
PW1= tinman2 PW2= goodtimes located in (block CF20-CF3C)
What is the type of the third file? How do you know? What information did you need to open the file? Describe the file's contents.
This file type is a Microsoft Office Excel application file. I located the file signature 50 4B 03 04 14 00 01 00 and the scheduledvisits.xls. The xls extension identifies the file to be an Excel spreadsheet file.
This looks like the sample files used in a vendor training course. From memory there was more information in the hard drive image than you have been given. Although I could be wrong as t is some time since I did the course.
Using the entropy argument only provides a theory, not proof. Even if you can test every piece of jpeg creation software in existence you cannot prove which program was used to create it. You can only identify the programs that did not create it. One the other hand if he had the entire hard drive he would only need to test the jpeg software on it and then maybe a conclusion could be drawn. Provided of course the machine was not connected to the internet and the picture had not been downloaded.
This is used in many vendor programs, as well as many educational programs as well. Getting help on homework is one thing, i do not think that we as a community should do the homework for the student. As it was mentioned earlier by someone they were helping to point him in the right direction. It's stupid to give the answer. Without understanding how the answer was obtained the results dont matter.
I believe the JJ case dates back from 2003. The following URL points to, what might be, the original one http//
Note the remark regarding proof in the bonus question
Bonus Question
6 What Microsoft program was used to create the Cover Page file. What is your proof (Proof is the key to getting this question right, not just making a guess).
As someone who sits on the advisory board for a college's Information Assurance and Digital Forensics program, I would NOT be happy about finding answers to that program's homework questions online.
Note that Jimmy Jungle case is a very widely known case. But you're right in saying that copying the answer from the internet will definitely NOT make you a CF investigator.
For the record, I did not ask for the answer, just a kick in the right direction.
Additionally, I did find out the answer later on, the answer involved doing pattern analysis on various jpg files created by various programs and running compare on them. MS Paint files were the most similiar. I abstained from answering the question since I had been given the answer, and likely wouldn't have gotten it anyways. (it was bonus anyways).
I believe the JJ case dates back from 2003.
It is, i remember it well and participated in that specific challenge. The Honeynet Challenges are popular and should not be used as a homework assignment or in classrooms with internet access )
For the record, I did not ask for the answer, just a kick in the right direction.
To set the record straight, that was intended as a remark in general, on jwshaw comment.
Additionally, I did find out the answer later on, the answer involved doing pattern analysis on various jpg files created by various programs and running compare on them. MS Paint files were the most similiar.
As I said
Experiment, be creative, think of the problem from a different angle !
What MS programs are there that can create JPEG images?
I abstained from answering the question since I had been given the answer, and likely wouldn't have gotten it anyways. (it was bonus anyways).
Good to hear that.
It is, i remember it well and participated in that specific challenge. The Honeynet Challenges are popular and should not be used as a homework assignment or in classrooms with internet access )
I had this challenge for a fully fledged University assignment worth credit back in 2004 but I guess the answer wasn't so widely published then, either that or I just didn't go looking for it……