Clarification on Section 7 Question 8

wdmenzie · April 10, 2020, 1:41pm

Regarding,

The spelling of the executable file “truecrype.exe” in the question is correct. Added a small bit of extra clarification to the question, but the spelling in the question is correct.

If this was indeed how you wanted it spelled in the interesting files rule creation then the spelling in the lab needs to be adjusted to reflect “truecrype.exe” and not “truecrypt.exe”

carrier · April 21, 2020, 4:10pm

The intention of the interesting file rule is to preset known file names and flag them if they are found. The user would normally enter truecrypt.exe because that is what they’d expect to find if TrueCrypt was on the system.

It points out the limitations of relying on file names…

Topic		Replies	Views
Section 7 Lab question 5 Online Training	5	1363	April 16, 2020
Orignal Filename Autopsy Help	4	2472	April 13, 2021
Section 10 quiz 3 Online Training	1	733	June 4, 2020
Section 7-labquiz 8,9 problem Online Training	3	769	June 2, 2020
Section 10 LAb Question 4 Online Training	2	769	April 13, 2020

Clarification on Section 7 Question 8

Related topics