Digital Forensics – Hashing Lab Exercise: Research and describe the difference between a salt value and a pepper value as it relates to Provide a high-level example of how these would be implemented.

Digital Forensics Hashing Lab Exercise

 

Objective: To learn about the history, elements, and implementation of hashing.

 

Instructions: For research questions, be sure to cite all sources immediately after each use of direct quotes or paraphrasing. Full URL, footnote reference, or other proper bibliography is required. Direct quote use limited to two sentence maximum, three occurrences maximum. Except for direct quotes, DO NOT COPY FROM THE INTERNET.

For lab exercise questions, be sure to show your work and document the process with screenshots. All submissions must be in a single Word document in .docx format.

FTK Imager is a product of Exterro. Use  of the software is governed by the terms and conditions of Exterro.

 

Any document submitted which does not comply with the above requirements / academic integrity policies will result in a minimum penalty of a grade of zero (0) for this assignment, up to and including automatic failure of the course.

1. Research and explain what an initialization vector

 

2. Research and describe the difference between a salt value and a pepper value as it relates to Provide a high-level example of how these would be implemented.

 

3. Create a local .txt file on your computer with the content of the word “test” in Hash the file with a hashing utility. Example: Karen’s Hasher
   1. What hash value do you obtain when using MD5?
   2. What hash value do you obtain when using SHA-1?

 

4. Copy the file from Step 3 and rename it on your
   1. Perform the same steps as outlined in 3A and Do you get the same result? What does this indicate?

 

5. Modify the text value in the new file to Test.

 

6. Hash the file from Steps 4 and 5 with a hashing
   1. What hash value do you obtain when using MD5?
   2. What hash value do you obtain when using SHA-1?

 

7. Compare the values from steps 3, 4, and What did you identify?

 

8. Now, let’s see how hashing works in FTK Imager. Run FTK Imager on your

 

9. Download the E01 image file from Blackboard if you do not already have a copy.

 

10. Select File -> Add Evidence Navigate to the location of Mantooth.E01 and add the file to your Evidence Tree within FTK Imager.

 

11. First, let’s look at how to obtain the hash for a single file. Within the FTK Imager Evidence Tree, navigate to the Documents folder under the “Wes Mantooth” user Find the folder called “SnagIt Catalog” and hash the .bmp file located in the directory. You can do this by highlighting the file name, right-clicking, and selecting Export File Hash List. Save the file to your computer as test_hash_file.csv and open it to view the hash values.

 

12. Now, let’s look at how to view the hash files contained within a directory. Find a directory which contains multiple files, such as the “Windows\System32” directory. Repeat the same process in step 11, but save the export file as csv. Open the file to view the results.

 

13. Use what you learned from the class lecture on hashing and steps 11 and 12 to find the file directory path of the file with a hash value of Record the directory path value.

 

14. What does the term nonrepudiation mean?

 

15. Does hashing provide nonrepudiation? If so, how? If not, why not?

 

16. Research and explain one way that hashing is utilized for email integrity/digital