hacking case #1, Image hash
Forensic/CFReDS-Hacking Case2019. 2. 4. 01:40
https://www.cfreds.nist.gov/Hacking_Case.html
#1. What is the image hash? Does the acquisition and verification hash match?
FTK Imager 의 "verify Drive/Image" 클릭한 후, E01 이미지를 선택한다.
E01 이미지에는 stored verification hash 가 포함되어 있으나, DD 이미지에는 포함되어 있지 않다.
computed hash = acquisition hash
stored verification hash = verification hash
[Verify Drive/Image]
[E01 image verify] "Match"
[DD image verify]
'Forensic > CFReDS-Hacking Case' 카테고리의 다른 글
hacking case #15, mac address vendor (0) | 2019.02.04 |
---|---|
hacking case #14, network settings (IP, MAC) (0) | 2019.02.04 |
hacking case #13, network card info (0) | 2019.02.04 |
hakcing case #12, Keyword Search in WinHex (0) | 2019.02.04 |
hacking case #2~11, Registry (0) | 2019.02.04 |