I just completed the Section 7 lab and created an Interesting File Set for Question 5. I created the rule but did not find the veracrypt/truecrypt files under the Interesting Items results. I do see the veracrypt exe file under file types - by extension - executables tab. I am assuming that the rule was created incorrectly?
Hi JD
I came across same issues, but I was of the the view that I have done some wrong configuration.
Any how thanks for raising attention towards it
Tahir
I had no issues with this, but can offer the following.
-
I initially checked the “ignore known files” thinking it would speed up the ingest (I am running a very slow machine). Then on reflection realized that if this is an application executable, NSRL would likely contain them and therefore they would have been ignored in the ingest.
-
Like so many other things computer related, the detail is very significant. Because you are searching by name and extension, make sure the spelling is correct. Case doesn’t seem to matter here - I put in lower case names as instructed, and the search hit was mixed case (VeraCrypt.exe)
i just complete the question 5
i have same issue , anyone can help …
thanks…
Hi,
How did you get the answers of this question could you please tell?
questionQuestion: Under the “Exif Metadata results, how many photos were taken with the following devices?
- iPhone 7 Plus?
- Samsung Galaxy S8?
- BLU R1 HD?
from tree : Results > EXIF Metadata
it will show you in right window many image the row of Device Model it contain the answer