Professional Documents
Culture Documents
Forensic Ws11 12 Exercise1
Forensic Ws11 12 Exercise1
WS 2011/2012
Department of Computer Science
2011-10-12
Master of Computer Science
Harald Baier, Frank Breitinger and Björn Roos
Exercise 1 (Foundations)
For i ∈ N0 let Bi denote the i-th byte in a byte string. You must not use technical
support in this
exercise, i.e. you are expected to find the answers using paper and pencil.
However, you may use
an ASCII table.
(a) You copy the bytes B100 B101 · · · B1000 . How many bytes do you process? What
is the answer
in the general case Bn Bn+1 · · · Bm with n, m ∈ N0 , n ≤ m?
(b) Let B0 = 11010011 be an unsigned integer. What is its decimal value? Write B0
in hexade-
cimal, too.
(c) Write the decimal number 2011 in binary and hexadecimal.
(d) What is the binary representation of 0xAB12D?
(e) What is the hexadecimal encoding of the word Forensics, if ASCII is used?
What is the decimal value of the unsigned integer in big-endian and little-
endian, respectively?
The tool dd is commonly used in forensics to get a 1-to-1 copy of a data structure
(e.g. an HDD, a
USB stick, an SD card, a partition). Go through the manual of dd and find the
correct dd-syntax
to solve the following tasks:
(a) Copy the first partition of the device /dev/sda to the file image-sda1.dd in
the current
directory.