2. in 3. laboratorijska naloga / Laboratory assignment 2 and 3
Namesto 2. laboratorijske naloge imate tokrat na voljo več manjših podnalog, ki jih lahko izberete sami. Vsaka točka, pridobljena z reševanjem podnaloge, predstavlja 10% ocene laboratorijske naloge. Če naberete več kot 100%, se vam prebitek lahko upošteva kot dodatna laboratorijska naloga. Če ste torej prvo laboratorijsko nalogo iz kateregakoli razloga rešili RES slabo, lahko sedaj naberete 20 točk in tako dobite 100% pri 2. in 3. laboratorijski, prva pa se vam ne bo upoštevala.
Če imate še kako idejo, kaj bi lahko naredili namesto laboratorijske naloge, sprejemam predloge.
Nalogo oddajte v obliki .zip datoteke, v kateri za vsako podnalogo ustvarite podimenik. V ta podimenik spravite datoteko report.pdf, v katerem opišite, kaj ste naredili, in datoteke, za katere menite, da spadajo zraven (npr. izvorna koda napisanega programa).
Upoštevajte, da nalog morda ne boste rešili dovolj dobro, da bi vam lahko prisodil vse točke. Varneje bo torej, da naberete 12 - 14 točk, tako da boste tudi po odbijanju ostali na 100%.
Sodelovanje med študenti pri reševanju nalog tokrat ni sprejemljivo. Prepisovalci bodo dobili 0 točk.
zlocin
- do 4 točke
Preglejte slike "mesta zločina".
Napišite načrt dela.
Poiščite vse predmete, ki bi lahko služili kot dokaz in vse predmete, na katerih bi bili lahko podatki, ki predstavljajo dokaz. Opišite, kaj bi naredili z vsakim.
simread
- do 4 točke
Napišite knjižnico za Python, ki omogoča branje in pisanje podatkov na SIM karticah, priklopljenih na serijska vrata. Knjižnica naj deluje vsaj na OS Windows in GNU/Linux
simread-gui
- do 4 točke
Napišite uporabniški vmesnik, ki omogoča branje in pisanje podatkov na SIM karticah in ki uporablja odprtokodno knjižnico za komunikacijo s SIM. Knjižnico lahko dopolnite. Primer take knjižnice je izdelek enega od lanskih študentov. Seveda lahko uporabite katero koli drugo.
mailhack
- do 4 točke
Prijavite se kot friforenzik@gmail.com in pošljite pošto s svojo vpisno številko na polz@fri.uni-lj.si. V poročilo napišite, kako ste v račun vdrli.
fbhack
- do 3 točke
Prijavite se na Facebook kot gasper.felezorz@fri.uni-lj.si . Pustite objavo v mojem imenu na zidu ter mi dodajte vsaj enega prijatelja, ki ni študent FRI in ga osebno ne poznam. V poročilo napišite, kako ste v račun vdrli.
tinder
- do 3 točke
Prijavite se na Tinder račun svojega asistenta. Popravite profilno sliko. Dobite vsaj 1 človeka, ki mu bo nova profilna všeč in z njim začnite pogovor (povejte, kaj počnete). Izpišite vse pretekle pogovore.
diskete
- do 6 točk
Preberi podatke s podatkovnega nosilca, ki ti ga da asistent. Pričakujete lahko, da se boste morali vsaj malo potruditi, da najdete čitalnik.
Vrednosti: 2 točki - 3.5'' 3 točke - 5.25'' 4 točke - Zip 6 točk - 3'', 8'', Sony Superdrive
Z uporabo opreme, ki jo imajo naši kriminalisti, preišči napravo, na katero asistent ni pomislil. Postopek dokumentiraj
laptop iz smetnjaka
- do 5 točk
Pri asistentu dobiš star prenosnik, ki ga je nekdo zavrgel. Preglej ga.
logfudge-linux
- do 8 točk
Napiši program / sistem, ki na OS GNU/Linux zažene poljuben program (P) in nato ustvari sled vseh sprememb v beležnicah (logih) ter drugih datotekah, povezanih z delovanjem konkretno tega programa, vključujoč spremembe, ki jih zaradi zagnanega programa povzročijo ostali programi na sistemu.
Izdelani program oz. sistem naj nato omogoči, da se sled sprememb izvede na novem sistemu, kot da bi se na novem sistemu zagnal program P.
Samo poganjanje strace seveda ne bo dovolj - cilj je izboljšati izdelavo navideznih diskov, kakršne ste uporabljali pri 1. laboratorijski nalogi.
logfudge-windows
- do 8 točk
Napiši program / sistem, ki na OS Windows XP ali novejšem zažene poljuben program (P) in nato ustvari sled vseh sprememb v beležnicah (logih), v registru ter v drugih datotekah, povezanih z delovanjem konkretno tega programa, vključujoč spremembe, ki jih zaradi zagnanega programa povzročijo ostali programi na sistemu.
Izdelani program oz. sistem naj nato omogoči, da se sled sprememb izvede na novem sistemu, kot da bi se na novem sistemu zagnal program P.
Cilj je enak kot pri podnalogi logfudge-linux.
mbr egotrip
- do 6 točk
Napiši svoj MBR ali EFI program, ki izpiše tvoje ime in prikaže poljubno animacijo. Tabela razdelkov mora ostati veljavna.
virus
- do 8 točk.
Napiši svojega črva ali virus za poljuben OS ali široko uporabljan program. Če izkoristite že znano luknjo, dobite največ 6 točk. Če za širjenje uporablja socialni inženiring, dobite največ 4 točke.
turške slike
- do 8 točk
Iz slike pomnilniške kartice izvlecite vsaj eno celo sliko in vsaj 20 thumbnailov. Le za thumbnaile dobite največ pol točk.
steganografski datotečni sistem
- do 10 točk
Napišite svoj datotečni gonilnik (z uporabo FUSE), ki bo omogočal skrivanje podatkov v obstoječih datotekah. Za naivno rešitev z enkripcijo in shranjevanjem podatkov v najmanj pomembnih bitih .bmp, .png in/ali .wav datotek boste dobili največ 5 točk.
Urošev telefon
- do 9 točk
Star Samsungov telefon se ne zbudi. Pridobi podatke z njega.
izgubljen server
- do 10 točk
Na FRI imamo strežnik s (SCSI) diskovnim poljem s pokvarjenim krmilnikom. Pridobi podatke z diskov.
coldboot
- do 5 točke
Izvedi napad s hladnim zagonom na dejanskem računalniku. Postopek dokumentiraj; opiši, katere podatke je bilo mogoče izluščiti.
popravki
- do 10 točk
Odpravite hrošča ali dodajte funkcionalnost poljubnemu prostemu programu, uporabnemu v forenzičnih preiskavah. Glede izbire programa se posvetujte z asistentom. Točke dobite glede na kakovost in obseg popravka. Nekaj ustreznih programov:
Za 5 točk ali več pošljite popravek projektu (npr. pull request na GitHub ali sporočilo na dopisni seznam). Če bo popravek sprejet, lahko dobite 10 točk.
For the second lab assigment, choose some tasks listed below. Each point you receive counts as 10% of the lab assignment grade, so you need ten points for the maximum grade. If you get more than ten points, additional points can replace the grade for the first lab assignment. For example, if you got 40% on the first assignment and collect 17 points for the second assignment, the actual grade for the first assignment will be 70% (and 100% for the second).
You can suggest your own tasks - contact one of the assistants with suggestions.
Submit your assignment as a .zip file with a directory for each task. Each directory should include a file report.pdf describing your work, and any other relevant files (e.g. the source code of your program).
Since you might not get all points for each task, it is advisable to aim for 12-14 points if you wish to get 100% for the second lab assignment.
You should do the tasks on your own.
zlocin
- do 4 točke
Look at the "crime scene" photos.
Describe how you would conduct a forensic investigation.
Locate all objects that could serve as evidence, and all objects that could contain data that can serve as evidence. Describe how you would analyze each one.
simread
- do 4 točke
Write a Python library for reading and writing data on a SIM card, connected via a serial port. The library should work (at least) on Windows and Linux.
simread-gui
- do 4 točke
Create a user interface for reading and writing data on a SIM card, using an open source library for communicating with SIM. You can also improve the library. One example of such a library was created by a DF student. You can also use any other library.
mailhack
- do 4 točke
Log in to GMail as friforenzik@gmail.com and send an email with your student number to polz@fri.uni-lj.si. Describe how you logged into the account in your report.
fbhack
- do 3 točke
Log in to Facebook as gasper.felezorz@fri.uni-lj.si. Post something as that user and add at least one friend who is not a FRI student. Describe how you logged into the account in your report.
tinder
- do 3 točke
Log in to the assistant's Tinder account. Change the profile picture and find at least one person who likes the new picture. Start a conversation with that person (tell them about the task). List all previous conversations.
diskete
- do 4 točke
Read data from a storage medium you get from the assistant. You will have to invest some effort into finding a device capable of reading that medium
laptop iz smetnjaka
- do 6 točk
The assistant will provide you with an old laptop discarded by someone. Check out its contents.
logfudge-linux
- do 8 točk
Write a Linux program that runs any other program P and creates a trace of all changes made to logs and other files on the system, including changes made by other programs as a result of running P.
The program should then be able to use this trace to replicate the changes on another system, as if the program P were run.
Only running strace will not be enough - the goal is to improve the creation of virtual disks used for the first lab assignment.
logfudge-windows
- do 8 točk
Write a Windows program that runs any other program P and creates a trace of all changes made to logs and other files on the system, including changes made by other programs as a result of running P.
The program should then be able to use this trace to replicate the changes on another system, as if the program P were run.
Only running strace will not be enough - the goal is to improve the creation of virtual disks used for the first lab assignment.
mbr egotrip
- do 6 točk
Write your own MBR or EFI program that prints out your name and displays (any) animation. The partition table should remain valid.
virus
- do 8 točk.
Write your own virus for any OS or widely used program. Using a known security vulnerability will get you at most 6 points. If the virus can only spread using social-engineering techniques, you can get at most 4 points.
turške slike
- do 8 točk
Extract at least one whole image from the SD-card image and at least 20 thumbnails. If you only extract thumbnails you can get at most 4 points.
steganografski datotečni sistem
- do 10 točk
Write your own filesystem driver (using FUSE), which will allow hiding data. The naive solution using encryption and storing data in least significant bits of .bmp, .png and/or .wav files will get you at most 5 points.
Urošev telefon
- do 9 točk
An old Samsung phone does not boot. Retrieve the data from it.
izgubljen server
- do 10 točk
A RAID controller on a FRI server broke. Retrieve the data from the disks that were in that RAID. You will get disk images but will require a large amount (few TB) of space.
coldboot
- up to 5 points
Perform a cold boot attack on an actual computer. Document the procedure, describe which data you were able to extract.
popravki
- do 10 točk
Fix a bug or add a feature to any free (open source) program that can be used for forensic purposes. If unsure whether the program is appropriate, ask the assistant. You will receive points based on the quality and size of the patch. Appropriate programs include:
To get 5 or more points you should submit the patch to the project (e.g. as a pull request on GitHub or a message to the mailing list). If the patch is accepted, you can get 10 points.