CSE 469 In-Class Lab2

Names: Steven Tran, Kshitiz Singh, Jason Truong ID: 1210776512

Overview
1. Analyzing data from the acquired image file
2. Tracing the file attributes like file extension.
3. Discovering hiding data using bit shifting and steganography technology.
Prerequisite: Windows 10 compatible, 32 or 64 bits
1. Download and install:
1) Volatility (https://www.volatilityfoundation.org/)
2) Hex workshop (http://www.hexworkshop.com/ )
3) OpenStego (https://www.openstego.com/)
* OpenStego needs javaw.exe, so download and install Java from https://java.com/en/
2. Download and unzip the test files at https://www.dropbox.com/s/yr5g8lnyrbxbpqc/lab2.zip?dl=0
3. Submit the result of this form as pdf to Gradscope https://www.gradescope.com/courses/79694/
deadline is at beginning next class.

Analyzing data from the acquired image file using related tools
1. Finding a specific process in a memory dump file using tool "Volatility"
- What is the PID # of "notepad.exe" in test2.img?
1568

2. Track file extension changes using Hexa workshop

- What is the extent and contents of the test2.exe?
.pptx file
Contents: Evidence for CSE469

3. Bit Shifted file

- What is the message of the test2.txt using bit shifting?
Health is the number one!

4. Steganograhpy exercise using tool "Openstego"

- Make test2.png with test2.txt.
- Attach test2.jpg and test2.png here
Jpg/png

- What is the message of the test2.txt?

Let's call it a day