Assignment 5

In class exercise for Tues, 3/15
Due: Tues, 3/15 before 3:45

Cloud Computing & Web Services

• Tim Leschke is associated with CISA, the Center for Information Security and Assurance.
  He will be giving a talk on Digital Forensics on Thursday, 3/17.
  He has asked you to read his paper in preparation, which is entitled,
  "Cyber Dumpster-Diving: $Recycle.Bin Forensics for Windows 7 and Windows Vista"
  by Timothy R. Leschke
• Questions from the paper:
  1. What is the cyber equivalent of "dumpster diving" ?
  
  
  

  2. What improvements have been made to the Recycle bin menus from the Windows Vista to Windows 7 ?
  
  
  

  3. When examining the file-tree structure, which operating system(s) use(s) a folder named
  RECYCLER ?
  
  
  $Recycle.Bin ?
  

  4. What is an SID and what is its format ?
  
  
  

  5. What does an SID identify ?
  
  
  

  6. Is it possible to find a user name that is asociated with an SID ?
  
  
  

  7. If a single machine has 3 drives and 2 users, how many Recycle bins will there be ?
  
  
  

  8. If a file has been deleted and now has the name $RPTEYOA.txt there will be another file that contains
  metadata about the deleted file. What would be the name of this file ?
  
  
  

  9. What 3 peices of information does the metadata file contain ?
  
  
  

  10. What tool is typically used to look at the metdata in this file ?
  
  
  

  11. Windows 7, Vista and XP each allow the user to set the maximum size of the recycle bin. This doesn't really
  determine the actual size of the bin at all. What does it really set ?
  
  
  
  12.Write two questions that you would like to ask Tim while he's here.
  
  
  
  
  
  
  
  

• For those of you who may be interested in writing your paper on Digital Forensics,
  Tim has suggested reading this optional paper:
  "Cyber Dumpster-Diving: $Recycle.Bin Forensics for Windows 7 and Windows Vista Shadow Volumes"
  which was a precursor to the assigned paper.