Time
5 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
I welcome back to the course. So in the last video, we wrapped up our Margit one discussion. So we talked about the federal rules of evidence. We talked about different laws and standards that are pertinent to forensic investigators as well as the Fourth Amendment.
00:14
So in this video, we're gonna start off our lab. So we're gonna have three parts to this lab module one. Basically, we're gonna be analyzing photos. So Part one is gonna just be installing the tools that we need for the lap.
00:25
Part two will be actually modifying one of the photos that we retrieve, and then part three is gonna be us actually looking at the photos. Now, keep in mind that sense were the one setting up the lab. We're obviously going to know the answers when we go into part three. However, this is a good lab to kind of walk through once you get it set up
00:44
toe, actually show a couple photos to like, your friends or family
00:47
and have them try to figure out what the differences are and kind of impress him a little bit. So I want to give you a quick lab that you can run pretty much from anywhere on Microsoft Windows or any operating system that you're using to kind of, you know, impress again, your friends and family.
01:03
So for the slab, I'm going to be using a Windows 10 virtual machine. I recommend you do use a virtual machine. However, if you try to do this inside of the cyber lab environment, you might have some trouble because there are limitations on opening photos. So you may want to open this in your own virtual lab. Or, if you are, weren't running like Microsoft Windows,
01:23
you can. You can double these tools and running in there as well.
01:26
Again. Virtual machine is too recommended route. If you're running like Mac or Linux, then just find a hash calculator and then find also a hex editor tool that will be relevant to your operating system. And that's all you actually need for this lab. Aside from just doing a quick Google search on you know, images and finding an image that you want to use
01:46
eso again the tools for the lab
01:47
we're running it inside of Microsoft windows, so we're going to use hash Coke and HX de editor.
01:52
But If using a different operating system, just go ahead and find a relevant tool that will work with your particular operating system. We're not gonna cover the other operating systems in this particular lab.
02:04
So here in part one again, we're just gonna install the tools. So I've got my virtual machine launched here, and then we're just gonna open a web browser. So whatever you choose to use, just go ahead and open a Web browser and then search for hash Kell HQ. So that's the first tool we want to get.
02:19
So I'm gonna go and do that now I have, Ah, Google pulled up here, so I'm just gonna type in hash kelp.
02:24
So just like that in press center,
02:28
you'll see here. I already went to the website so it pulls up for me. But it's gonna be this lava soft dot com forward slash hash coke. If we go back to our lab document,
02:38
you'll see her that I have a link for you there. So you could also just click that link and launched the website.
02:45
The next thing we want to do once we open up the website is go to the downloads page, it's gonna be at the top. And then we're gonna look for the section that says free software downloads here in step six. So let's go ahead and do that now.
02:55
So just launched a website
02:58
might take him over to sew to pull up.
03:00
Once it does, click downloads is kind of near the top in the center.
03:05
And then here we're gonna look for the free software download. So that second set of options down the page.
03:13
All right, once we find that we're going to select this download button, that's to the right of the hash Coke. So right now they're showing us the version. The latest version is 2.2 If that updates, then you know we have course we could click the most updated version.
03:27
So let's go ahead. Do that now. So we click on download. It's gonna download the ZIP file for us. We'll have to go ahead and take a moment or so. Let's go back to our lab document.
03:37
So here in step seven, we clicked the download link as I mentioned, it's gonna download the Zip file for Hash Coke in Step eight, and then once it down the sink completely. We really clicked a little arrow, depending on your browser. I'm using Google Chrome. I'm gonna click the little arrow and then select the show and folder option.
03:53
All right, so you'll see that mine has downloaded. I'm gonna click this little arrow here and then just showed a folder.
04:00
Let's go back to our lab document.
04:02
So next step here, Step 10. We're gonna right click on that file and then extract a file. So let's go ahead and do that now,
04:10
So just right. Click wherever you ah downloaded to it should be, in most cases, your downloads folder. Unless you have a different configuration in your machine
04:17
and then just right click on that file and then just say, extract files
04:26
I take a moment of so it should pull up and ask me where I want to go with it. You see here by default, it takes me to my downloads folder. I'm just gonna say okay to that, cause that's where I want it to go.
04:39
All right. So once it finally extracts which might take a moment or so here and step 11 we should see the folder there and then we're gonna step 12. Just double click on the folder to open it up. So again, that's the extracted folder.
04:50
Once we open it here in step 13 we will see a setup dot e x e files. Let's go ahead and do that now.
04:59
All right, so we see the hash Coke folder here. What is going on? And then right there was that set up the X file I mentioned? I'm just gonna go ahead and double click on that.
05:10
Let's go back to our lab document.
05:12
Now, we are probably gonna get a user account control pop up if you're using Microsoft Windows. If you get that prompt, just select yes to that. And then it's gonna launch the wizard for us.
05:20
Let's go and do that now. So you'll see here. It launches it. It's given us this, uh, mostly because it doesn't recognize who the publisher is because there's no security. Excuse me. Security certificate. So we're just going to say yes to that.
05:33
We assume that they're not hacking us,
05:35
and you'll see here launches the wizard for us.
05:40
So in the Wizard, you're basically just gonna next, next, all the way through you're also gonna accept the license agreement, and then finally, you'll get to a button that says, Install on, You'll go ahead, install the tool.
05:54
So you're gonna say, just could say next there than accept license agreement.
05:58
And that is what every defaults are. Just leave him alone. Say next. Next, all the way through, Um, we wanted to create a desktop icon, and so it doesn't by default. We're just gonna leave that alone to say next, and then you'll see here with you. We have the installation option
06:15
you'll see here. If you look on the left side of my screen. I've already had it installed, but we can go ahead and start again now. I already have a *** Tia's well, the next tool that we're gonna install so you'll see when we go to install that one, I'll get a little pop up message, but you'll be able to just go through it installed on your machine.
06:30
So let's go back to our lab document here with the hash Coke wizard. Let's see where we are.
06:34
So we just did a step 18. We left all the default settings. We accepted that license agreement and then we clicked. Install
06:42
Our next step here in step 19 is just uncheck ing the view The read me file as well as the launching the hash help check boxes. So we're gonna unchecked both these boxes and then just say finish mostly because we don't want to launch the tool quite yet.
06:57
All right, let's go back to our lab document.
07:00
So now we're gonna go to our Web browser and run a search for H x D hex editor.
07:06
So let's go ahead and do that now. So it's just go ahead and close out that downloads page. Just go back to a Google search page or whatever browser you want to use. Excuse me, One ivory, our search engine you want to use and then just search for HX D
07:19
ex editor
07:21
and the press center and a keyboard. There. You'll see here. It should be like the first or second option. You'll see. It's gonna be this mh desk nexus dot d e four slash english et cetera, et cetera.
07:31
So what do we find? That just go ahead and click on the page to open? It
07:35
might take a moment or so to pull up.
07:38
Let's go back to our lab document.
07:40
You could have also just went to this. You, Earl, if you wanted to. You. That's the same one we're at right now. But if you want to search for it like I did, you can certainly do. So
07:47
our next step here, Step 22. So once we pull up the website, we want to scroll down the page until we come to the latest version released for Windows or whatever your operating system is. If if this tool works for that or if using a different tool, you'll have to follow the steps for that's tool and not these ones.
08:05
All right, So, um uh, at the timing of this video, and I think it's still the 2.1 version, but we'll see here in a second. Um, once we select that latest version, we're just gonna select the download page link. That's gonna take us to where we can actually download the tool.
08:20
So let's go ahead. Do that. Now, we're just gonna scroll down the page
08:22
until we see delays. The latest version you'll see here it is the 2.1. So click on this download page Little Blue link here.
08:31
It's gonna take us to the download page. Let's go back to our lab documents. So now we want to click on Step 24. We want to select the download per https, the link for English there. Unless you want to use a different language, that's fine. But we're going to do the one for English.
08:46
You'll see. It's this one right here. We just select this blue link on the right side here that says Download per https.
08:54
Now, you're also gonna notice that they give us the hash of this Donald file so we could check that if we wanted to. Just make sure that hash is correct. So this just click on the download for https link.
09:05
You'll see it's gonna start downloading that zip file for us. So let's go back to our lab document. She'll see here in step 25 we sip file is downloading for us,
09:15
and then instead, 26 were toe on the desktop, double click the hash Coke toe, open up the application. So basically, we're gonna hash the ZIP file that were downloading the H x d one on. Basically, just compare that to what the website is showing it. So just so we could take a quick look and see what that looks like.
09:33
All right, so you'll see that DEA, That zip file is downloaded, so we're gonna leave that alone for right now. So on your desktop, you should have that hash Coke shortcut. Go ahead, double click on that.
09:43
It's gonna open it up for us.
09:45
We're gonna select we have here.
09:50
So the next thing we're gonna do is we're gonna click the three little dots here in step 28 at the top, right of the hash Coke tool screen. And that way, we could search for the file, which is gonna be at that zip file we just downloaded for the H X D. Hex editor. Let's go and do that now. So just go ahead and click these three little dots near the top, right?
10:11
You'll see here. It gives us some different options. We're gonna navigate to the downloads folder. At least that's where I have mine at. I'll navigate to the downloads folder on, and then I can go ahead and actually find my file. So just have a game. Whoever you downloaded the HX defile. We're just gonna click on that zip file and just say open,
10:30
and then just click the calculate button at the bottom. You'll see it generates a hash for us. If we just glance here at the hash, the first part of it, you'll see here that that matches with our hash right here. So it looks like this is a legitimate file.
10:43
All right, let's go back to our lab document here.
10:48
So we see here that yes, the hashes do match. We just compared him. And yes, they appear to match. All right, then we can move on to our next step in the lab. So now we're just gonna close the hash Coke application, so just go ahead and just x out of that.
11:01
Now, let's go back to our lab document
11:03
Are So now we just want to open the downloads folder where we have the HX tea set up file. And so what we're gonna do is right. Click and extract the files. I'm gonna extract them to the desktop screen. You can, uh, excuse me, extract them anywhere you want to, but I'm gonna extract into the desktop,
11:22
so let's go ahead and do that now. So I just want to navigate to the downloads folder. So I'm just gonna double click on one of my folders. I have opened here, click on Downloads and then I find my HX tea set up dot zip. I'm gonna right click
11:35
I'm and extract the files
11:37
and then I'm gonna navigate to a different location here. So I actually want to throw these on the desktop. So I'm just gonna click there on my desktop and just say, OK,
11:46
now, your process might be slightly different if you don't have windows are installed. If you're just using kind of that right clicking extractive windows, however, you could still extract it anywhere you want to.
11:56
All right, so you'll see that we have now I have the h x d set up executed on my desktop there. So let's go ahead and back to our lab document.
12:05
So we've gone ahead and extracted the files. The next thing we want to do, we want to go ahead and double click on that. Execute herbal tow, launch the installer.
12:11
If we get the user account control pop up, which we should what is going to say yes to that.
12:16
We're gonna choose English for the language and then just say okay. And then basically, at that point, it's just the next next, all the way through to accept the license agreement as well. Then it's next, Next, next, all the way through. Um and then the only other thing the only change we do is we select desktop shortcut to add a desktop shortcut for it.
12:33
And then we just clicked the installation button. So ah, lot of steps there. But basically,
12:37
just remember in your head that next, next, next, all the way through until you get to the end and then install it.
12:43
All right, we're gonna double click on that file. Now it's a double click on the H X D. Set up not e x e might take a moment of total launch for us again. What you're going to see here is the user account control pop up from Windows.
12:54
We're just going to say yes to that and it's gonna launch the actual installer for us.
12:58
You'll see here gives a prompt, and that's where we say okay to the English. We want to keep that,
13:05
and then here we just have our next options, right? So we just next, all the way through, we accept the license agreement. Next. Next,
13:13
Next,
13:13
next. And then here's where we want to select to create a desktop shortcut. We're gonna say next one more time and then install. Now, I should get intermission, since I've already got it installed. But yours will actually go ahead and install the tool at that time.
13:28
All right. So apparently I don't. It's gonna let me install it twice, which is kind of rare, but I will take it if it works. All right.
13:35
Okay, let's go back to our lab document here. So our very last step in this part of the lab, it's just uncheck ing the two boxes there. Soto, launch it on. And then also to launch the reading the text file. So we're just gonna go ahead and unchecked those boxes and then just say, finish here.
13:52
So that wraps up part one of our lab again in part, to we're gonna go ahead and get our photo set up to move onto the in part three of the lab

Up Next

Computer Hacking and Forensics

Love the idea of digital forensics investigation? That is what computer forensics is all about. You will learn how to; determine potential online criminal activity at its inception, legally gather evidence, search and investigate wireless attacks.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor