Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Can I get help with this lab please? Lab 05 – Exploring a FAT Image Using the he

ID: 3755432 • Letter: C

Question

Can I get help with this lab please?

Lab 05 – Exploring a FAT Image

Using the hex editor of your choice, explore the image provided and try to locate evidence of contraband pictures. in this case, the contraband pictures are in the form of pictures of weasels.

Using the Image Lab05.E01:

Found at: https://drive.google.com/open?id=1P0Oe44gfa-1m3rEsfC64hmmQv3ZEQ-ly

Find the root directory and take a screenshot.

Are there deleted files in the root directory? How do you know they are deleted?

For the deleted files, find the FAT and see if you can determine what clusters are storing the remnants of the files. Take screenshot of the FAT, and circle the cluster numbers of at least one deleted file.

Using a search for JFIF, see if you can locate any of the deleted images in the file system. Take a screenshot.

Search for any textual information in the image that might indicate that the pictures are there on purpose and not by accident. Again, take a screenshot.

Now, using FTK Imager, open the image as a physical drive and explore the FAT and see if you can verify the information that you discovered using the hex editor. Take a screenshot.

Can you see any deleted pictures?

Right click on the file and export them to your file system.

Explanation / Answer

The Hex Editor Window (shown above) is the main method of viewing and editing binary files in 010 Editor (to edit text files see Using the Text Editor). A Hex Editor Window is displayed for each binary file that is loaded in the editor. Each file is displayed in a File Tabthat displays a shortened form of the file name but the full file name can be viewed in the application title bar or in a hint popup displayed by placing the mouse cursor over the File Tab. The Hex Editor Window is divided into a left and a right area. By default, the left area displays the bytes of the file as a series of hexadecimal bytes and the right area displays the bytes as a series of characters (if a byte cannot be shown as a character a '.' will be displayed). To the left of the Hex Editor Window is a list of addresses. Each address indicates the file position of the first byte on the line. At the top of the window a Ruler indicates the byte offsets from the address on that line. The editor can be changed to display data in a number of different formats and to modify how the Hex Editor Window displays data see Working with File Interfaces.

The Cursor

A cursor is displayed in the Hex Editor Window as a vertical, flashing line. The cursor indicates the current position for inserting, deleting, or editing data. Move the cursor with the mouse by clicking anywhere in the main display with the left mouse button. Alternately, the cursor keys can be used to move the cursor (see Editor Keys below). When the cursor is in the left or right areas, the byte the cursor is currently over will be highlighted gray in the other area. Switch between areas by pressing the Tab key. When the Hex Editor Window is not focused, a vertical gray line, called the shadow cursor, will indicate where the cursor was located. When the editor is in Overwrite mode (see Editing Data below) the cursor will be displayed as a thick vertical line and when the editor is in Insert mode the cursor will be displayed as a thin vertical line.

Editing Data

To edit data in the editor, position the cursor over the byte to edit. When the cursor is in the left area (hexadecimal data) enter a valid hexadecimal digit (0 to 9 or A to F) to edit the data. When the cursor is in the right area (character data) enter any character to edit the data.

The result of editing depends on whether the editor is in Insert or Overwrite mode. In Overwrite mode (OVR appears in the Status Bar) the characters typed will replace any existing characters. In Insert mode (INS appears in the Status Bar) a new byte will be inserted in the file (NOTE: when editing hexadecimal data, a byte is inserted only when the cursor is over the first digit in the hexadecimal byte). The current Insert/Overwrite mode is stored separately for text and hex files and the current mode can be changing using the Insert Key (see Editor Keys below) or by clicking INS/OVR in the status bar. Pressing the Delete key will delete the current byte from the file.

When any edits are made to the file, a '*' character will appear in the title bar to indicate that the file has been modified. If bytes have been inserted, a '*' character will appear by the file size in the Status Bar. The 'Edit > Undo' and 'Edit > Redo' menu options can be used to undo or redo any changes made to the file. The file can also be edited using the clipboard (see Using the Clipboard for more information).

Editor Keys

The following keys are available when editing the file:

Related Questions

Can Excel Anova (if so, which Anova) be used to answer the following questions?
Question #3309242
Can I Get There from Here? For this program, you will write a C++ Program to rep
Question #3710367
Can I Get assistance to assure that the pseudo code is correct for the following
Question #3569505
Can I Please get this done in java language? Rev4 - like a typical 4x4 rev4 game
Question #3730239
Can I Reverse Series Order in a Chart Legend without Changing the Series order i
Question #3565261
Can I copy/paste a sheet from book B into a Book A where the imported Sheets fro
Question #643022
Can I determine the actual sender of a spoofed text message? I received a text m
Question #656217
Can I get Some Help With Andriod Application...Eclipse Create a mini application
Question #667766
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Can I get help with this java question? Write a class called QuizProgram that si
Next
Can I get help with this please ??? You and your lab partner take melting points

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.