Zip File Analysis

Words: 433
Pages: 2

The examiner performed an analysis of the CRJ455FinalProject.zip file as requested by the FBI. First, he loaded up the USB.001 file contained within the .zip file onto the FTK imager tool and exported the content of the USB drive onto the forensic lab’s computer. Once the USB files were exported, the examiner was able to thoroughly identify the files that were going to be valuable for the investigation. Among the valuable information contained inside the USB, there were files hidden inside a .wav file. The suspect hid the files using the DeepSound tool, which allowed the suspect to use a 256 bit RSA security key to encrypt the .wav file once the other too files had been compiled in it. The file, like many others, had been tampered with by altering its file extension but this did not …show more content…
The examiner then retrieved the content, exposing a .doc file and a .zip file that were also encrypted. Then, the examiner created a dictionary and used the PRTK tool and obtained the key that he later used to crack open the .zip file. Inside the .zip folder, there were 5 different files which file extensions had been altered. To discover what the real extension of the files was, the examiner used the “WinHex” tool, and was able to determine that the files were all .png and that they were related to the case. The .png files were the plans stolen from the “archivaldesigns” website. Right after discovering the plans, the examiner move onto examining the suspect’s browsing history by loading the data from Firefox located inside the USB onto the “Belkasoft Evidence Center Ultimate” tool. During the browsing history examination, there was a huge part that indicated that the suspect had been searching for a software to duplicate the plans he had been stealing. The tool he was using was Chief Architecture, a tool used to design plans and other architectural