Verifying a File Type with its Extension Lab

Infosec Learning
Virtual Lab

Python is a great programming language because of its versatility, ease of use, and wide adoption. In this lab we will use its versatility and ease of use to look at IT security in the context of verification. The scenario is as follows. We were told an employee is suspected of having unauthorized access to restricted systems. The subject’s work pr...

Time
1 hour 30 minutes
Difficulty
Beginner
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Python is a great programming language because of its versatility, ease of use, and wide adoption. In this lab we will use its versatility and ease of use to look at IT security in the context of verification. The scenario is as follows.

We were told an employee is suspected of having unauthorized access to restricted systems. The subject’s work properties have been seized and an image was taken of a USB flash-drive.

There are different techniques that can be used to analyze this drive, such as examining slack space, deleted files, alternate data streams, steganography, and the renaming of file extensions. In this lab we will focus on the verification of a file’s type against its file extension. It’s a simple tactic, but effective if used correctly. Our task here is to find that dubiously renamed file that could lead to corporate espionage, or simply just a breach of contract. We will begin this lab looking at some tools that are native to our Ubuntu system to see if they are effective in detecting the file type to file extension mismatch. Then we see how a Python script can be built to do the same task. Lastly, we will compare its results to see how it holds up against the built-in system tools.