Digital Forensics Assignment

Answer the following questions, using TSK. Make sure to justify your answers and include the
commands you used and the output you got from those commands.
Given Q.E01:
1. What is the type of the file system?
2. What is the volume label?
3. What is the sector size?
4. What is the cluster size?
5. List the first four undeleted files that are stored in the image file. Make sure to indicate the
following information: file name, file size, starting sector, ending sector, and whether the file is
fragmented or not.
6. What is the command that extracts all the unallocated blocks and saves it in a file called
unallocated.dd?
7. What is the command that extracts all the allocated blocks and saves it in a file called
allocated.dd?
8. Using fls command list all the files that were deleted in the image file.
9. Using fls command list all the directories that are undeleted in the image file.
10. Recover the first four deleted files. The first two using fcat, and the other two using icat.
Make sure to display the contents of each recovered file and whether it is recovered properly
or not.
What to hand in
Submit your project electronically through D2L. Please hand in the following:
P a g e | 2
• Your answers (report) in Word or PDF format.
• In addition to the contents of the reports, the grade will also be based on the readability and
formatting/presentation.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *