Recovering Graphics Files Lab Part 3

00:01

Hey, everybody, welcome back to the course. So in the last video, we used the pro discover tool to look at our file that we had downloaded and extracted and then to look for the search term F i f all in Capitals way had seen, were able to open that file look at the hex and were able to see that search term that we were looking for

00:20

And this for you were to go ahead and finish out. Our lab of analysts defy a little more.

00:25

So Step one here, we're gonna click. Make sure we're clicked on the P lab. Win 8 10 on and then we're gonna open up the file Explorer from the taskbar. So let's go ahead and do that now. So to scroll down, if you need to and click on this little folder icon here, that'll be the File Explorer.

00:40

So the next thing we want to do is navigate to see than the work folder than Data Files folder and then Chapter eight.

00:48

Let's go and do that Now Also double click on C

00:51

double click on work,

00:52

double click on data files

00:54

and then double click on the Chapter eight folder.

00:57

The next thing we want to do it. We actually want to create a brand new folder in here.

01:00

Let's go back to our lab document.

01:03

So we're gonna click the new folder icon at the top left of that little window, and then we're gonna rename it. We're gonna name the new folder,

01:10

Chap 08 and Project. So let's go ahead and do that.

01:14

So this little folder icon here, that's a new folder. If you cover your mouth over top of it,

01:19

go and click on that.

01:22

And then we're gonna rename this folder. So again, we're gonna rename it

01:25

Chap 08 n Projects. So let's go ahead and do that now,

01:32

chap

01:34

through eight and projects.

01:37

All right, So once you've done that in the re name, but you can just click off in anywhere this blank area, and it'll save that name for you.

01:44

All right, let's go back to our lab document here.

01:47

So now what we're gonna do is we're gonna locate here in step five, the C 08 frag file. Then we're gonna right click on it and select open. So that way we can go ahead and extract it.

01:57

All right, so we see it's right here. The C 08 frag. So again, Right. Click on that

02:04

and select open.

02:06

It's gonna open the window or our stuff extracting archive for us. Let's go back to our lab document here.

02:12

So we see in step six that that has opened that self extracting archive of winrar that is open for us. Now we're gonna go ahead and click the browse button.

02:22

We're gonna click on the PC local disc work folder. So basically, we're gonna navigate to that new folder that we just created that chap 08 and Projects folder.

02:31

So we're gonna go ahead and do steps. 83 12 right now.

02:36

So let's go ahead and do that. We're gonna click on browse.

02:38

We're gonna select this PC right there in the middle.

02:43

We're gonna scroll down just a little bit, and we're gonna select the

02:47

my computer cooperates. There we go. We're gonna select the local disc.

02:52

We're gonna scroll down just a little more. We're gonna double click on work.

02:55

We're gonna click on data files,

02:59

we're gonna click on Chapter eight, and then we're gonna click on the Chapter zero excuse me, chap. 08 and project. So if you remember, that's that new folder we created. I'm going to say okay to that.

03:08

All right, let's go back to our lab document.

03:13

So we've selected okay to that. So now, instead, 14. We're gonna go ahead just extract to that folder.

03:20

Okay? Let's go ahead and do that.

03:22

So just click on the extract button here. Might take a moment, so but it's gonna extract it in there for us.

03:28

All right?

03:29

So now we could go ahead and close a file Explorer window and were to go back into pro discover. So here in step 16 we're just gonna double click on the Pro Discover icon and launch the application again. Once it launches, it gives us that pop up box for the launch dialogue. We're just gonna click on the cancel, But

03:46

so let's go and do that now. So just x out of this window here,

03:49

we're gonna double click on the pro Discover icon. So double click on that might take a member soda launch for us, and then you'll see here we have the launch dialogue pop up box. Just go ahead and click. Cancel that.

03:59

All right, let's go back to our lab document.

04:02

So now we're gonna click back on the new project icons who remember, It's at a piece of paper looking icon. So here in steppe 18 let's go ahead and do that.

04:12

So right here. New project. Let's go and click on that is gonna ask us for the project name and file number.

04:17

So let's go back to our lab documents, see what that should be. So here in step 19 we see that for both of those for both the project number in the file name boxes we want to type in C 08 frag dot d d. So let's go ahead and do that, So c 08 frag dot d d

04:34

so type C 08

04:38

frag dot d d.

04:40

Okay,

04:42

And again, we want to put that for both of the boxes here, and then we're going to select. Okay.

04:47

All right. So see through eight frag dot d d and then choose the okay button. Here.

04:55

Let's go back to our lab document.

04:57

All right, So in step 21 on the left side of our screen, we're gonna expand the ad option but we're gonna expand that by selecting the plus sign just to the left of it.

05:06

And then we're gonna also click on image file and we'll see a pop up box it open. So let's go and do that now. So where to click on add. So we're gonna click the plus sign to the left of it, and then we'll click the click.

05:18

All right, so we see ad right here near the top. Just click that plus sign to the left of it. And they didn't see the image file option right here is going to click on that. You'll see it opens that papa box for us.

05:30

Okay, so in step 23 the papa box, it has opened. So now we're gonna click chapter eight of the top to save ourselves from having to go through navigate to the C drive the work folder, data, files, et cetera. We're just gonna click chapter eight at the top,

05:45

and then we're gonna open up our new folder that we created, So that way we can then select that new file we have in there.

05:53

So let's go ahead and do that. So we're just gonna click here at the top horses, Chapter eight, That basically just backs us out. One level.

05:59

We're gonna double click on the Chap 08 and Projects folder.

06:02

And then into here we're just gonna select the C 08 frag dot d d and select open.

06:11

All right, so Step 27 we select opened

06:15

Let's go down to step 28. So now we're gonna go ahead and click the search button at the top, and then we're gonna make sure that we're under the content search tab when the Papa box opens for us. So let's go ahead and do that now.

06:27

So we're gonna click on the search button, which is this one right here is like a piece of paper with a magnifying glass on it. If you have your mouths over top, you'll see it says search on it. Go ahead and click on that.

06:36

We want to make sure we're under the contents search. So we are by default, Will you generally should be.

06:43

And then in the search for patterns box, we're gonna type the J fifth So all capital their capital, J capital F capital I capital F.

06:53

So let's go ahead and do that now. So this top box here just type in J fifth again all capital letters.

07:00

Let's go back to our lab document here.

07:01

So now under instead. 31 under the select the disc images You want to search in box? We're gonna select this. See work data, etcetera, etcetera. See 08 frag dot d d path

07:13

and you'll see it's the only one we have in that boxer.

07:16

Okay, so now we just want to click on. Okay,

07:21

so we'll click. OK, button at the bottom. There. It's gonna pull up the search results for us here.

07:27

Go back to our lab document here.

07:29

So now we're gonna click on the show back to file, and we're just gonna review the file contents. We just want to look to see if we notice that J fifth is labeled in there anywhere.

07:38

So do we see? Basically question everyone here is Do you see J fifth in the file content. So again, we're gonna click on the show back to file and just look at the file contents.

07:47

All right, so we have to see if you have ah, couple of them in here. We're just gonna choose his top one here

07:51

so you'll see all sorts of jumbling stuff here in this bottom box. But we basically just want to come over and scroll down and just see if we see J. Fif anywhere. So, uh,

08:01

were scrolled out here

08:03

and see if we see it located anywhere in there

08:05

and you'll see I have it here. There we go.

08:09

So you'll see j fifth right there.

08:13

All right. And depending on which one you click on, it might be in a different location.

08:16

So let's go back to our lab documents. So question number one, do we see J fifth in the file contents?

08:22

The answer there is? Yes, atleast I do on my end. So if you do as well, just post out in the chat if you're watching this live.

08:31

So next we're gonna click the checkbox to the left of the file, and then we're gonna add a comment. So we're gonna click on the add comment, Papa box. So let's go and do that. So, just to the left of the file here the top window,

08:41

click the checkbox here,

08:43

you'll see it pops up the ad comment box for us.

08:48

So we're just gonna go back to our lab document here. So what? Step 36 the comments section, We want a type recovered. Hidden dot JPEG files have been type all that into recovered hidden dot jpeg file.

09:01

So in this papa box here recovered

09:03

hidden

09:05

dot jpeg file. All right.

09:07

We're also gonna check this box. It says apply to all items, and then we're gonna say, Okay,

09:13

let's go back to our lab documents. So we've checked that box says, applaud all items, and then we selected okay,

09:20

Now we're gonna do is we're gonna mark the check boxes to the left of all the remaining files that don't show that they're Ajay Paige right off the bat.

09:28

So, basically, if they don't show J peg under the file extension column, we're going to select them. So let's go and do that now, so you'll see her the file extension column. So, for example, we're not going to select this top one right, cause it's showing J peg under shellback four. It's shown J. Paige's file extension, so we're not gonna slip that one. But, for example, we will select show back to here

09:48

because It's not showing J. Paige under the column.

09:50

So go ahead. Selected for all those

09:54

that do not show J peg under the file extension call. All right, so once we've done that,

10:00

go back to our lab document here.

10:01

So step 39 here. We're gonna click on report on the left side, and it's gonna generate a report for us, so let's go ahead and do that. So the stroll over to the left side here,

10:11

select on report. So here the top,

10:16

take a moment of somebody'll see on the right side. Here, it generates a report for us.

10:20

Okay, let's go back to our lab document.

10:22

So we see in question number two. Do you see anything on the report? Under the section that's labeled as total evidence items of interest.

10:31

So let's take a look here. Do we see anything under that? So we see here, here's that area. Total evidence, items of interest.

10:37

And so the question is, do we see anything under that area?

10:41

All right. So do we see anything under that area? Yes, we do. Right. We see three items of interest and a list out. You know what those items are.

10:52

All right.

10:52

So here in step 41 we're just gonna select file and then exit on, and then it's gonna promise again. Do you want to save this case? We're gonna say no to that.

11:03

All right, so let's go back to the top here where it's, like, file

11:07

and then exit,

11:09

and that's gonna basically ask us, Do you want to save this case? We're just going to say no to that.

11:15

All right, so in this video, we wrapped up our our lab, where we analyze the files a little more death. We kept looking for J peg file types. Mr. If we noticed those at all. We also learned how to generate a report.