d70d92162689a88ebc8179e2b907123acc2e81ec.docx
Lab handout can be discussed with a team. Answers should be submitted individually. No copy-
pasting. Due: By the end of your lab today. Total Marks 24. Weightage 3% of the total assessment.
Computer Fundamentals 1.
What is the binary equivalent of the hexadecimal number ABCD? [2 Mark]
2.
Suppose a suspect’s computer stores data in little-endian. You are investigating this computer and found the hexadecimal values “A1”, “B2”, “C3”, and “D4” at memory addresses “a”, “a+1”, “a+2”, and “a+3” respectively. If these four values are part of a 32-bit integer (decimal number), what is the decimal equivalent of the integer? Explain the steps you used to obtain your answer. You can use any online tool (such as https://www.rapidtables.com/convert/number/hex-to-decimal.html
) to convert a hexadecimal number to a decimal integer. [3 Marks]
3.
The following questions are based on the lab computer in front of you
(i)
What information can you ascertain by right-clicking on a file and viewing the properties? [2 Marks]
(ii)
What are the active processes and services you see on your computer? How did you get them (Hint: Windows Task Manager)? [2 Marks]
(iii)
Open Windows Command Prompt (CMD) and run the command wmic OS get localdatetime
.
What information can you gather from the output? Now, run the command Tzutil /g
. After running this command, what did you learn about Sydney time with respect to GMT? [3 Marks]
Note: The WMIC command will always return the complete current date and time in the format YYYYMMDDHHMMSS.milliseconds+GMT_Offset_in_minutes (See this https://mivilisnet.wordpress.com/2019/03/28/current-date-and-time-using-wmic/
)
4.
You are given six different files which can be downloaded from this Dropbox location https://www.dropbox.com/sh/4fx06z1z32iwjda/AADJsOf-1NGDR8p9b4jWd4xna?dl=0
. You are told that each of these files is either a word file, an excel file, or an image file. What is the content of each file? Explain how did you open each file, and how the name of a file helped you? [6 Marks]
5.
Assume that you are a police officer who is attending a crime scene. At the crime scene, you found a computer running. You have to take the computer to a forensic lab for further processing.
Case A [Pull the Plug]: You shut down the computer by pulling the plug. Before pulling the plug, you saw a message “
Bob has killed me
“on an open file A.txt (which is displayed on the screen). You told this to your colleagues in the forensic lab. When
they restarted the computer, they also found the file A.txt. But, they found the content of the file as “
Bob has
“. In a further analysis, they found that the computer has not been corrupted due to the “pull the plug” activity. What could have gone wrong here? [2 Marks]
Case B [Proper Shut Down]: Assume that, as an alternative, you gracefully (properly) shut down the computer by going through the shutdown menu provided by Windows OS. In that process, you made one mouse click. Do you think there will be any change in the computer after the click? If so, what can have happened? You can see this video to answer this question https://canvas.uts.edu.au/courses/30851/modules/items/1621862
[2 Marks]
Page 1 of 2
