Forensics Lab Part 2

00:01

Hey, welcome back to the course. So in the last video, we talked about acquiring an image

00:06

in this video, we're gonna go through and actually look at our image, and we're gonna poke around a little bit and see what we can find.

00:14

So just like before, we're gonna double click on the Pro Discover basic 64 icon. So that shortcut I come with a little person, he's wearing a hat and has a magnifying glass just going and double click on that.

00:24

Gonna open it up for us. Might take a moment or so.

00:28

So you might see the launch dialogue box. No, I've selected on the option at the very bottom left of that papa box to say, I don't want to see this again, but if you haven't done so, you'll probably see the launch dialogue box popping up. Once you see that, just click the cancel button at the bottom, right?

00:43

Our next step here is we're to select at the very top left Were to select file in the new projects. Let's go and do that now.

00:51

So click file

00:53

and the new project,

00:54

it'll open up a papa box for us. So Let's go back to our lab document.

01:00

All right, so you see here in step for that, the new project Papa Box did open for us.

01:06

So here in step five, under the project number and then also under the project file name. We're gonna type the exact

01:12

we're gonna type in there. I m c h p zero once. Let's go ahead and do that now,

01:19

so we're gonna type in there. I n c h p 01 So capital I capital c there

01:26

and then the same thing for this bottom one is well under the project. File name. It's still gonna be i N

01:32

c H p 01

01:34

Once you type that in, just go ahead and select the okay button there.

01:38

We'll move on to the next step in our lab.

01:42

So the next step here and step seven on the left side of our screen were to select a plus. Sign this to the left of the ad option.

01:49

So let's go ahead and do that now. So here at the top left, we're just gonna select that plus sign. That's right next to the word ad.

01:56

All right, so we've gone ahead and done that. So Step number eight, we're in a select worth says image files. Let's go and do that. Now you're gonna notice that against us? A pop up box here. So let's go back to our lab document.

02:09

So in that papa box, we're gonna see this file right there. Listed the I N c H p dash p r a c dot e v e. So step nine, we're gonna go ahead and click on that file and then step 10 we're just going to select the open button. So let's go ahead and do that now. So just click on the file

02:25

and then select open.

02:29

All right, let's go back to our lab document.

02:31

So now in step 11 on the left side. So in that same left pain there, we're gonna click under the content view section, so you'll notice there's a content view in a cluster of you and you'll see both of them have, like, images and disc. So right now we're focused on the content view section,

02:46

All right, so under that section, we're gonna click the plus sign that's next to the images options you'll see right there to the left of images. We have a little plus sign, so just go ahead and click on that.

02:58

All right, let's go back to our lab document.

03:00

So we clicked on under content view. We cook the plus side

03:04

to the left of images. Next we see a file path there. So in step 12 we're gonna go ahead and actually just click on that file path so it's gonna be that. See, work data, et cetera, et cetera.

03:15

So it's going Just click on that.

03:17

All right, let's go back to our lab document.

03:21

So next we're gonna instep 13. We're gonna select a plus sign that's next to the file path. So next to the sea, work data files, etcetera were to select that plus sign right there.

03:30

And then we're gonna click on the all files options. So go ahead and click on that.

03:36

All right, we see we have a little mess, Papa message there. So just go back to our lab document here. So we went ahead and we click the plus sign that's was next to the left of the file path. And then we saw an option for all files. We just clicked on that we didn't click any plus signs there.

03:50

And then Now we see that papa box warning and basically that, you know, listening all files might take some time to complete. Ah, we don't care about that. We're just going to say yes to that pup a box

04:00

because we want to go ahead and proceed.

04:01

And in reality, we don't actually have too many files in this particular image.

04:09

All right, so now, once it's done what? She only takes a few seconds or so. You're going to see results in the top window there. So we see those results in the top window pane

04:17

are so the next step here, Step 18 we're gonna click the tracking dot log file. That way we can view the contents in the bottom window. So let's go ahead and do that now.

04:27

So you see, here we have this tracking file here and you'll see the file extension says logs. So that's our tracking dot log file.

04:33

All right, let's go back to our lab document.

04:38

So the next thing we're gonna do here in step 19 we're gonna select the search option at the bottom left of our screen. So basically this search option right here at the bottom left of the windowpane

04:49

once we click on that. So go ahead and click on that is going to give us a papa box with different criteria that we can set.

04:56

So let's go back to our lab document.

04:59

So we see that, Yes, a pop up box did open. We're just gonna make sure when we look at it that the contents search Tavis selected. So let's just double check that. And by default should drop you in there, Which it did.

05:11

All right, let's go back to our lab document. No. So step 21 here, we want to go ahead and make sure that the Czech bus next to select all matches is actually checked. So let's go ahead and check for that.

05:24

All right? So go ahead. Just checked that box here. The select All Mac matches. Check that box to the left of that.

05:29

All right, let's go back to our lab document.

05:32

So here in step 22 under the search pattern box, we're gonna type in P lab when? 8 10

05:40

So under the search for patterns box, we're gonna type in P lab win a 10. So this box right here.

05:46

So this type n p. Lab win 8 10

05:53

All right, let's go back to our lab document.

05:56

So now, under the area where says select the disc images you want to search in box? We want to select the image path that see work data files, Chapter one in CHP Dash P r A c dot e v e. So let's go ahead and take a look for that.

06:11

So you'll see here that that's our only option anyways, right? So we can just go and click on that.

06:15

So let's go back to our lab document.

06:18

So once we've located that, which we did right away, then we're just gonna select the okay button there. Now, I want you to keep in mind that it might take a few seconds for it to actually run for the search to run, but then we'll be able to see the search results in that top window.

06:31

So let's go ahead and do that now.

06:36

All right, so we're just gonna say okay here.

06:45

All right. So it didn't take too long there. So we, uh we see our researchers also the top window there, which would basically just have that one file and step 26 year, that tracking file. So we're gonna go ahead and click on that. And then we're gonna look in the bottom window pane here to see if we notice what we search for. Right? So that p lab win a 10.

07:01

So let's go ahead and do that now. So just go and click on tracking

07:05

and then down at the very bottom and you see almost instantaneously will be able to see that, Yes, that's where it found our search term at, um but if for some reason, it could also be down here is well,

07:17

so that one was a little easier is right at the top. But sometimes you have to dig through quite a bit of data to find exactly what you're looking for.