During a recent case we discovered a USB drive in a suspect’s pocket. Upon the discovery the suspect mockingly stated, “Have fun, I’ve made sure you won’t find anything on that.”
Analyze the USB Drive (compressed dd image below) and find as many files as you can.
1. Make sure to only count each file once.
2. No two files are the same filetype.
We will post the solution to Mini-Challenge 1 on 5/10 for you to check how you did. Mini Challenge 1 Solution is available below.
1. We are only interested in files created by a user. Do not count any system files if you find any.
2. No credit will be given for solutions which contain any filetypes that weren’t on the disk. If a file could be considered to be more than one filetype the correct filetype is the one generally associated with such a file.
The command: “foremost challenge1″ will find all but the cpp file. (To find that file you could uncomment the cpp line in foremost.conf)
1. The above command will find an “ole” file and a “zip” file. Both of these actually refer to the same “doc” file. The correct answer
2. As the pdf file contained multiple jpg files within it, you may have found a whole bunch of jpgs on the drive. However, the only one
that was not part of another file was “Penguins.jpg”
3. I corrupted part of the drive by overwriting the first 10KB with random data.