Mini Challenge 1

Scenario:
During a recent case we discovered a USB drive in a suspect’s pocket. Upon the discovery the suspect mockingly stated, “Have fun, I’ve made sure you won’t find anything on that.”

Your Goal:
Analyze the USB Drive (compressed dd image below) and find as many files as you can.

Hints:
1. Make sure to only count each file once.
2. No two files are the same filetype.

Solution:
We will post the solution to Mini-Challenge 1 on 5/10 for you to check how you did.  Mini Challenge 1 Solution is available below.

Notes:
1. We are only interested in files created by a user. Do not count any system files if you find any.
2. No credit will be given for solutions which contain any filetypes that weren’t on the disk. If a file could be considered to be more than one filetype the correct filetype is the one generally associated with such a file.

challenge1.zip

Solution
The disk contained 7 files.
Blue.png
Caplan_Moshe_Command_Line_Tools_Tutorial_v3.0.pdf
hello.cpp
Penguins.jpg
Poly Isis.htm
Resources.doc
Wildlife.wmv

The command: “foremost challenge1″ will find all but the cpp file. (To find that file you could uncomment the cpp line in foremost.conf)
Notes:
1. The above command will find an “ole” file and a “zip” file. Both of these actually refer to the same “doc” file. The correct answer
is doc.
2. As the pdf file contained multiple jpg files within it, you may have found a whole bunch of jpgs on the drive. However, the only one
that was not part of another file was “Penguins.jpg”
3. I corrupted part of the drive by overwriting the first 10KB with random data.