In: Computer Science
Q4. Assume you have been given a scrambled text file with some hidden text data similar to the one in your assessment. What will be the best method that you will use to unscramble the file and why would you choose this method? Justify your answer. [5 marks] You have collected a digital evidence from a crime scene and calculated its hash value using WinHex editor with MD5 algorithm. You have stored the evidence in a forensics lab. After a week, when you started analysing the evidence, you again calculated the hash value of the evidence using Autopsy and with SHA-1 algorithm. You found that the hash value of the evidence is now changed. Describe why the hash value now is different than the one you calculated when you acquired the evidence? [5 marks]
Subject :Guide to Computer Forensics and Investigations 6th edition
a) You can encrypt or decrypt a text file through Hekapad editor.Hekapad is a fully fetured text editor which can encrypt or decrypt a text file. It offers 3 levels of encrytion or decryption like simple , standard and Advanced encyption and decrytion. You can configure advanced encrytion by adding a key .In case you want to decrypt it then providing the same key will decrypt it.
you need to go to edit and then cryptography from there you can choose any mode of encrytion or decrytion.
You can use WinHex editor to decrypt text file as well. It can also be used to recover lost data.
b) Hash functions are primarily used to provide integrity: if the hash of a plaintext changes, the plaintext itself has changed. Common older hash functions include Secure Hash Algorithm 1 (SHA-1), which creates a 160-bit hash and Message Digest 5 (MD5), which creates a 128-bit hash. Weaknesses have been found in both MD5 and SHA-1.This is the reason why the hash value changed after a week.