Scribd Logo
Upload

Welcome to Scribd!

  • CSE 469 In-Class Lab3 Names: Steven Tran, Jason Truong, Kshitiz Singh, ID: 1210776512

    Uploaded by

    Steven Tran
    108 views3 pages
    This document provides instructions for an in-class lab involving recovering modified file extensions and headers. Students will use the tool ProDiscover to analyze a disk image and recover a hidden photo disguised as an .exe file using an online hex editor. They will then examine the photo's EXIF data to determine details like the camera used and date taken. Finally, students will investigate an intellectual property theft case by analyzing clues in a provided disk image to recover a stolen image of a new boat design.

    Original Description:

    Original Title

    InClassExercise3.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for an in-class lab involving recovering modified file extensions and headers. Students will use the tool ProDiscover to analyze a disk image and recover a hidden photo disguised as an .exe file using an online hex editor. They will then examine the photo's EXIF data to determine details like the camera used and date taken. Finally, students will investigate an intellectual property theft case by analyzing clues in a provided disk image to recover a stolen image of a new boat design.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    108 views3 pages

    CSE 469 In-Class Lab3 Names: Steven Tran, Jason Truong, Kshitiz Singh, ID: 1210776512

    Uploaded by

    Steven Tran
    This document provides instructions for an in-class lab involving recovering modified file extensions and headers. Students will use the tool ProDiscover to analyze a disk image and recover a hidden photo disguised as an .exe file using an online hex editor. They will then examine the photo's EXIF data to determine details like the camera used and date taken. Finally, students will investigate an intellectual property theft case by analyzing clues in a provided disk image to recover a stolen image of a new boat design.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CSE 469 In-Class Lab3

    Names: Steven Tran, Jason Truong, Kshitiz Singh , ID: 1210776512


    Overview
    1. Recover the modified file extension and header
    2. Creating and Analyzing the image using tool “ProDiscover”
    3. Discovering and recovering the Photo using online hex editor https://hexed.it/
    4. Reading the EXIF information
    Prerequisites: Windows 10 compatible, 32 or 64 bits
    1. Download and install:
    1) ProDiscover: https://prodiscover-basic.software.informer.com/download/
    (Install and Run as Administrator)
    2. USB memory stick (128 MB+), or you can download the pre-made image test1.eve from lab3.zip
    3. Download and unzip the test files at https://www.dropbox.com/s/ucenui00jh65cy4/lab3.zip?dl=0
    4. Submit the result of this form as pdf to Gradscope https://www.gradescope.com/courses/79694/
    deadline is at beginning next class.

    Finding the intellectual property and recover it


    Step1.
    Exercise the example (lab3.mp4 at Piazza or Canvas Resources)
    - Make the see2.exe with see.jpg
    - Create the image of the target USB using ProDiscover and recover the see2.jpg using
    https://hexed.it (you can use the test1.eve image file instead of physical USB)

    Check the EXIF information of the recovered image(see2.jpg)

    - What is the normal header value (10 bytes)?


    FF D8 FF E0 00

    - What is the size (KB) of see2.jpg?


    2738 kB

    - What is the name of the camera maker and model in EXIF information?
    Maker: iPhone
    Model: Apple iPhone 11 Pro

    - When was the photo taken?


    9/23/2019 at 8:46AM
    Step2.
    Please investigate an IP (Intellectual Property) theft by a contract employee of Exotic Mountain Tour
    Service (EMTS). Recover the stolen IP.

    Clue #1: We have seized the employee’s hard disk and created an disk image (name: test2.eve) using
    ProDiscover for you to download. It is believed that a picture of a newly designed boat was stolen.

    Clue #2: All valid JPEG files have an end of image mark of ff d9. And the header should start with “ff
    d8 ff e0 00 10 4a 46 49 46”

    Clue #3: It is believed the employee disguised the JPEG file as a Windows executable (.exe) and
    altered the image’s header. You can analyzing it with https://hexed.it/ .

    - What was the modified header 10 bytes?

    7A 7A 7A 7A 00

    - What is the file name and size (KB) of the IP ?

    Gametour2.exe
    Size: 202 KB

    - What is the name of the camera maker and model in EXIF information?
    Camera maker: Minolta Co.
    Model: Minolta Co. Ltd. Dimage 2330 Zoom

    - When was the photo taken?


    2001 08:05 14:50:07

    - Attach the IP images here:

    You might also like