Computer Forensics Labs FileMerlin Lab (part 1)

FacebookTwitterGoogle+LinkedInEmail
Description
This lab introduces you to FileMerlin, a basic software tool for converting files from one format to another. We demonstrate the how the program works by selecting a file and then viewing myriad file types for conversion.  You’ll also learn how using an image file as a sample, designate a dedicated target directory for your work, define type & convert to a specific file type and perform other file management best practices. [toggle_content title="Transcript"] Hi, Leo Dregier here. I want to talk about FileMerlin. FileMerlin is a pretty cool application. It’s a relatively basic install. Um, specifically note right away that it chooses uh, a different directory structure, so if you’re pretty um, obsessive compulsive about where you install files out on your, on your workstations you may want to change that. Um, I don’t necessarily care because it’s just a demo, so I’ll just install it anywhere. Um, also during the install you get prompted for software developer uh, install programs so you can have that integrate with different software applications. Although I’ve checked that, um, we’re basically just going to click Install here and the FileMerlin homepage will come up as Post ReadMe installation, okay. So, uh, helpful one time through, um, I’ll do this here now just to do this with you but when you install this tool, you’re not going to need to do this. You can just close right out of that. So, um, there’s a program group called FileMerlin that has been created on your computer and it contains icons to run the program, to do the documentation uh, et cetetera, so you can run File uh, FileMerlin under the start menu, great. You’re basically going to get this screen here. Uh, in general when using FileMerlin you can convert document files to carry out the following steps: to select or specify source files that you wish to convert, uh, to a source area and then specify the destination location. The format in which you want it in, and then actually do the conversion, and it’s got some online help files. Okay, great. So, here’s your FileMerlin, and what we can do is grab a file. Okay, uh, we can go to our C: drive and pick a particular um, uh, file of a specific file type, so I’m going to grab um, a picture here and actually should have a, a temporary directory, you know, for pictures. Um, but in this case let’s just go back over here and let’s go to, and let’s search for uh, PNG files. And this is just a location of where these things are located on our computer, okay? So here you go. We can go to Properties here or we can find this location here, okay? And then take that over here and then inside of Windows you can kind of navigate to that same directory again. Actually what I’m going to do is um, take this. Take some of these uh, icons here. Let’s find a better picture. Let’s grab, I want to grab the—a good image for you guys so you guys can see it. So, any, something like this, okay, DeviceDown. Okay, that’s fine. Um, okay, that, that’s actually a good convenient location. So that’s going to be Program Files, Observer, WebExt, Images. Okay, great. Now I have something to work with. So let’s go to C: drive, Program Files, uh, Observer, uh, Web, scroll all the way down to the bottom of the folders, uh, Images. Okay, great. And let’s go grab—if you hit D here for—I need to bring it to the DevDown file. So here it is. There you go. All right, uh, format. Cannot identify it so you can actually tell it what specific it is, so let’s search source file formats. Um, you can try to view it and then go to your destination files and basically choose where you want to, want to put this. Okay, um, so I generally just click in that specifically uh, just to get the, the—put it in the same directory here just uh, since we’re working out of a particular directory we might as well convert it and store it in the same exact location that it’s already run out of. So in this case we’re going to, just going to just create another uh, image over here. And then the format in which we want to convert it to um, let’s convert this maybe to a PDF file. Uh, but there’s certainly several others that we could do, all right? Um, all right, so we’ve got our source files located. We’ve got the format located. Uh, and actually this is a PNG file uh, so let’s go ahead and uh, select that. I’m looking for a file extension specifically. It doesn’t look like an easy way to do that so let’s try—no, we’re going to want a picture of sorts, and then let me back up. Um, PNG, and it’s going to want a specific type here uh, and something that can easily be identifiable, so let’s try—I want to do to an HTML. I want to match the specific file type uh, cause that’s going to be a lot easier but this might not make sense because what I’m specifically telling this program to do at this point is take it from a, a GIF. But I’m telling it that—its, its format so it’s just like I thought um, it’s a lot easier with pictures. Uh, but I wanted to actually just guess the file type instead of me having to tell it. Better yet, let’s, let’s change it. Let’s keep it simple and since I don’t have to go look for files let’s actually take it from uh, the C: drive and create a new text document. Uh, you’re going to want to create a directory to work out of so I’m just going to create a file uh, folder, oops, uh, called Leo, and that’s Leo plaintext. Let’s work with that one instead so let’s go back. So Leo, Leo plaintext, okay. And that, there you go. From text, okay, text to PDF. That’s going to make a lot more sense. Okay, so, uh, and then you can of course name that accordingly. So that should make a lot more sense. So what I have here is I have a text file and basically converting that over to a PDF. I have—the format won’t cooperate so uh, text, ASCII text. Okay, I get those matched um, and it may not like it because uh, none of them is a plaintext file, so it should pull it as a text file. Let’s go back to text, okay, and convert it. FileMerlin is running in trial mode. In this mode it deliberately introduces some spelling and numeric inaccuracies into the converted files. This is intentional. Uh, this limitation will be removed and the message will not appear once you purchase the software. Okay, great. So that’s basically telling us and then it says that it converted it from one file type to another. Okay, great. Let’s go see if that worked. Uh, oh, it goofed. Let’s try the actual uh—get it the same directory structure to keep it simple. All right, so there you go. So that should work a lot better. Grab the file format specifically. There you go. As you can see this program’s a little trickier, but once you get it to everything matches you actually get your source in both locations and your format in both locations. It generally works pretty good. Um, and let’s try it now. Okay, there we go, right. And now we have this and basically in uh, PDF. Now I don’t have any PDF viewer software but nonetheless what this would do is would open it in a PDF software as opposed to a text format. So routinely what I, what I do use this for is when I want to change um, like a Word document to a PDF or if I want to take a picture from a bitmap over to like a PNG or GIF or something like that. FileMerlin is a really nice quick utility to go ahead and you know, basically import and export one file type to another. Um, I also want to point out here that you are working at Layer 6, uh, the presentation layer of the OSI model, because I’m directly encoding one format to another. Now let’s step back here and let’s talk about um, some of the, the forensics implications here. Let’s say I’ve got you know, a back file or file type x and I want to convert that to another file type just to make it harder for the investigators to try to, to find that. You know, let’s say I got a picture and I make it a PDF and they’re investigating pictures and my format is in a PDF or something like that. Well then, I can encode that file into another file type and make it harder for the investigator to um, to view. So that’s a specific application with this. Other things that this um, file can do is it has a log of itself, so it say basically hey, I took this source. I created this data destination. You can delete the log. You can basically view it as a web page here or view the web page. Uh, if you want to go to the, the people that work the program you can send an email. It does have some advanced options here. I don’t really use those because normally I’m just trying to, uh, import and export or encode or decode one file type to another. Um, and then customization, you got uh, different web colors. You got some HTML options here. You’ve got MS Word. I generally leave all of this alone and just convert it from one file type to another. Uh, you can do specific heights, headers, footers. You can do different types of text, like for example, ASCII to UTF and things like that. So, it’s definitely worth playing around and getting an idea of what, what specifically the value here is, is changing a file format or Layer 6 presentation layer. Encoding it for one layer to another. Um, as you saw in the video it can be a little finicky but that’s all part of the learning curve. Um, again to keep it simple, match the source locations to the destination locations and you might have to play around with the uh, specific formats, because as you can see, it’s, it’s pretty picky as to how it encodes one to another. I would say stick between text, you know, Word documents, and a handful of picture um, formats um, or office documents and that’s probably going to reach to the limitations, especially in the trial version. So I hope you enjoyed it. That’s FileMerlin. You should know about it because it’s changing the encoding and whether I was trying to offensively hide something from an investigator or defensively trying to unhide something by changing a PDF back to a text file or one picture format to another. It’s definitely good to know that you uh, have a way to kind of re-encode information, and that’s the value and the takeaway here. So my name is Leo Dregier. Thanks for watching and I’ll catch you guys in the next video. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel