Our Services : Video Editing Classes, Ethical Hacking Workshop, Computer Classes, PC/Laptop Repair, Routers Sell, UPS Sell, Printers Sell, Scanners Sell, Website Development, APP Development, Computer Components
Call : 9846618997 | Newroad Pokhara


Well, welcome to the part 2 of Digital Forensics & Computer Hacking Forensic Investigator, CHFI.

At first, What will we cover in this part ?

– Calculating/Comparing MD5 Hash of files, disk, folder with MD5 hash calculator

– Creating Cases with AutoSpy tool, built in Kali Linux OS (Autospy is used for creating new cases & analyzing previously created cases)

Note : you must have the Image that we created earlier.

Steps :

– Download ‘MD5 Hash Calculator’ first. With MD5 Hash Calc, we can easily right click the files/folder and calculate it’s hash. Or, even we can compare the hash.

– For, autospy, go to >>applications >> Kali Linux > > Forensics > > Forensics suites > > Select Autospy (Then follow process)

Using MD5 Calculator –

1) After installing MD5 Calculator, right click any image, folder, file (.exe, .mp3, .mpg, .avi) any, then select MD5 Calculator. 

2) You will then see the calculated hash for selected file.

3) Copy the hash / or, note it down in paper.

4) Go to >> c: >> program files(x86) > > Bullzip > > MD5 Calculator > > MD5.exe (open it)

5) You can compare hash calculated from framework you get after successful step 4.

Video Demo :

Using AutoSpy –

1) After firing up autopsy in kali linux, Notice that it asks us to open up a browser at http://localhost:9999/autopsy

2) Copy the URL and paste it to default browser in kali linux. (In video, I used Iceweasel)

3) On success, you will get screen for AutoSpy. Select NEW CASE from available options.

READ  Chitwan : Ethical Hacking Workshop | Nov.3,4,5 – 2016 [Completed] – NHC Events, HCNEPAL

4) In next step, provide CASE name and Investigators name. Click NEW CASE again in bottom

5) You will get CASE directory and config file location. Notice that & Click add host. Host will be for the Disk Image we created earlier in part 1.

6) Now give host name and click add host.

7) We must add IMAGE that we created to that host which we created in step 6.

8) Give the location of IMAGE to Autospy. In my case (/media/BJ/1.ad1) 

9) Select the Disk Type and Import Method and click next.

10) You can now calculate hash for added image/created case or you can provide the new hash to image added to case. OK.

(Note : For Video Demo/Lab for this Part, Click here : https://www.youtube.com/watch?v=_jO5WV_h1q4

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *