Analyze Photos Lab Part 2

00:01

Hey, welcome back to the course. So in the last video we went ahead and installed are two tools that we're going to use for the lab. So we installed the HST hex editor as well as the hash calculator

00:11

in this video. We're gonna go ahead and actually pick some photos and then get those set up for the lab

00:18

and then in part three, we're gonna go ahead and actually just analyze the photos. So this part is gonna be a little shorter just because I already have a couple photos that I'm gonna use. But I'll show you what we're gonna do in the lab.

00:30

So step number one here. Just make sure you log into whatever windows machine you're using or fuse a macro clinics with some type of hex editor and a hashtag you later than just follow along. From that standpoint,

00:43

we just want to open a Web browser, and then from there, you're just going to search for any photo. Let's you want to use right. So you could even just use a photo on your desk top of family or friends or your pet or something like that. You could also just Google Google search for any photos. Um, I'm actually gonna skips that three. I'm gonna

01:00

just move on because I already have a couple photos. So I'm just gonna pull up the photos that I have,

01:03

uh, in the folder here.

01:06

So I picked this cat photo here, and then I've already actually made a modification to this one here, but I'll go ahead and make another modification to the 1st 1 to shoot kind of walk everybody through the lab.

01:19

So let's go back to our lab document here. So our next step here and step for once we find whatever photo that you want to use you again. You don't have toe pick the one that I'm using.

01:26

Step number four. We're gonna double click on our hex editor. Right? So that h x D editor

01:32

let's go ahead and do that. So for me, I've installed it essentially twice, so I have two shortcuts, but they all go to the same spot, so if we double click, it's gonna open it up to basically a great box for us.

01:44

All right, So once it opens for us here in step five, we're gonna select here on step six were to select file and then open.

01:52

And then what that's going to do is give us a basically a box that we can navigate to wherever the photo it lives. So whatever photo we chose wherever that one of the stash that so quick file and then open

02:04

because he's gonna open that papa box for us, for me, a defaults me into where, actually have the photo saved. In most cases, if you just downloaded the photos should take you to the downloads folder where that photo lives.

02:15

So for me, I'm just gonna click on the photo that I have not altered yet. I'll click on the original one is what this one is on. Then I'll just say open there.

02:22

So just follow along with that step. You'll see it's gonna open Thea hex of the actual file.

02:29

Let's go back to our lab document here.

02:32

All right, so step number eight. Guess we do

02:35

the file in the editor.

02:37

Okay, So, for example, if we use the J peg file, which this one is, where we're gonna see is that the hex here on step nine, The hex starts off with F f D eight f f, which indicates in J peg files To click over there, you'll see f f d eight f f here at the very top.

02:53

So that indicates to us that that's a J peg files. So very important if you decide to take the computer acting forensic investigator exam for easy counsel that you know, your image files and basically, no, the hex that each one starts with that's gonna help you a lot on the examination.

03:08

All right, let's go back to our lab documents here.

03:10

So now we're going to scroll to the very bottom of the hex editor page, and we're just gonna click in the text area.

03:17

Once we do that, we're just gonna type some type of a short word in there. So nothing extravagant it all because of you type a long thing in there. It's gonna actually change the size of the file. So very important step for us where we want to analyze these files in part three of the lab. We want them to actually be the same size, right? So who types? Some, you know, 30

03:38

30 character, long phrase

03:39

that's gonna modify the file size, and we're not gonna be able to actually complete part three. But if you just type something like, you know, the word password or like, your first name or something like that, feel free to type whatever you want, but just try to make it some type of short word or phrase

03:53

are. So let's go ahead and do that now.

03:55

So here we're just gonna screw for the very bottom.

04:00

So on the right side, we want to see that kind of the ending of all these random characters here.

04:03

All right, so you see, we have it right there, the very end.

04:08

So just go ahead and click after this very last character here is going to click your mouse, sir, and then just start typing in there. So I'm just gonna start typing the word password.

04:18

All right, let's start that in now. You may get a prompt asking you, um

04:24

I forget exactly what I'd ask you, but there is an option to make that go away. Basically, each time you type of character in it gives you a prompt. I believe it says something along the lines of Hey, you know, just so you know, your modifying data, you know, Or this might change the hex values. Or it might change the file size. There's some type of air. Message prompted, gives you

04:42

again. I forget what it is because I I have it blocked on my particular virtual machine.

04:46

But there should also be a check box there that says, Hey, I don't want to see this message again in some capacity, and then just check that box, and you should be good to go for typing everything else in there.

04:58

All right, let's go back to our lab document s. Oh, yes. We typed a short word. You So I just like the word password in there. Um, and I actually didn't follow my instructions. I didn't touch the word test. I did the word password because I wanted to change it up a little bit.

05:10

So here's the 12. We're just gonna basically file and save as this file, and then just name it. I'm gonna name nine. As you'll see. Honest Name it like cat three Dodge a peg to keep consistency.

05:21

So once you've talked in whatever you want to just go to file and save as

05:27

and then again in my situation. I'm just gonna change that 12 or three. Just so I know which one I'm choosing. You contain that file, Whatever you want to, doesn't want to name it. The same thing is the original one.

05:36

Just go ahead and click on Save. Now, that's going to say that particular modification

05:41

parts. If we go back for a lab document here, you'll see that we did. Yes, we did say the file on DNA. Now we're gonna move on to Part three, where we actually go ahead and analyze the file so again, here, in part to the lab. We basically just opened the file inside of our ex editor. Took a look at it on. And then we, you know,

05:59

Ah, look at it and noticed that, at least in my example, was a J peg file.

06:02

So I noticed that it was f f t eight FFP to start off the hicks on. And then we also scroll to the bottom right of the hex editor and added some information whether that was her first name or like, the word password or, you know, a few characters. One of the case might be, but our main goal there was. We didn't want to modify the actual file size.