lg bl40e:20美亚杯个人赛 2024-04-01 13:16:41 0 0 个人赛veracrypt密码:aWJ^64Sxt*LkvloSEfRWTJadfLitpex1M@Vizlj&yB2zsfkn 案件背景: 2020年9月,数名信用卡持有人向警方报案,称他们的信用卡被不知名人士在一家本地网上商店购买手机。订单大部分来自海外的网络地址,但有一宗订单来自本地。警方经调查后发现该本地网络地址的注册地址。上门后在该处发现陈慧贤,她否认与案件有关。 警方在现场扣押一部笔记本计算机、一部手机及一个USB存储设备。在场的初步应变小队在扣押证物前,曾为现场环境及证物拍照。另外, 调查队伍也从网络供货商及网上商店取得了一些与本案有关的资料。现在你被委派处理这宗案件, 请由以下的资料分析陈慧贤在本案中有否犯罪, 还原事件经过。 网络地址登记人记录 /Meiya Cup 2020/调查报告/互联网服务供货商检查报告_陈慧贤 (Alice).pdf 证物照片 /Meiya Cup 2020/Photo/Alice(电脑照片上两个密码,G889#h,QPzm!#8∅@#) 笔记本计算机的镜像文件 /Meiya Cup 2020/Image/Alice/Alice Laptop/Alice_Laptop.e01 USB设备的镜像文件 /Meiya Cup 2020/Image/Alice/Alice USB/ALICE_USB.e01 手机的镜像文件 /Meiya Cup 2020/Image/Alice/Alice LG Phone /MMC(0x0-0x0747C00000).bin 初步应变小队的调查报告 /Meiya Cup 2020/調查報告/案件调查报告- 被捕人陈慧贤 (Alice).docx 1、Alice的笔记本计算机已成功被取证并制作成镜像(Forensic Image), 下列哪个是镜像的SHA-1哈希值? A:9A3040D8DE7DB364AA383F9904C446B2; B:7DED54774B68058E5B327907DB2AC40AAA2EEB48; C:E84854774B68058E5B327907DBAAC40AAA2E7OED; D:EB4854774B68058E5B327907DB2AC40AAA2E7DED; E:46B29A3040D8DE7DB364AA383F9904C4 用cmd命令计算了好久,发现取证大师就有QAQ 2.Alice的笔记本计算机安装了哪个操作系统(Operating System)? A:Windows XP; B:Windows 7; C:Windows 10 Pro; D:Windows 10; E:Windows 8; 3.在Alice的笔记本, 创建用户帐户的SID是甚么? A:S-1-5-21-1017277147-4095180158-1226650532-1002; B:S-1-5-21-1017277147-4095180158-1226650532-1001; C:S-1-5-21-1017277147-4095180158-1226650531-1001; D:S-1-5-21-1017277147-4095180158-1226650531-1002; E:S-1-5-21-1017277147-4095180158-1226650533-1001 4.在Alice的笔记本,用户的最后登录时间是甚么时候?(本地时间) A:2020-09-29 1436 hrs; B:2020-09-29 1437 hrs; C:2020-09-29 1439 hrs; D:2020-09-29 1440 hrs; E:2020/09/30 10:13 5.在Alice的笔记本,最后登录的用户名称是甚么? A:Alice; B:Admin; C:user; D:Alice Chen; E:Administrator 同上图 6.Alice计算机的名称是甚么? A:Alice-DJFFBL6; B:DESKTOP-DJFFBL6; C:Admin-DJFFBL6; D:Alicechen-DJFFBL6; E:Administrator 7.在Alice的笔记本, 最后登录的用户何时更改了Windows登录密码? (当地时间) A:2020-09-15 0220 hrs; B:2020-09-16 0221 hrs; C:2020-09-16 0223 hrs; D:2020-09-16 0222 hrs; E:2020-09-17 0224 hrs 转取证大师,看用户信息 其实用火眼也能猜出来,因为alice是0222才有记录 8.Alice笔记本计算机的时区是甚么? A:UTC; B:DST; C:CST; D:CDT; E:HKT cst是中国时间 9.在Alice的笔记本, OS分区的文件系统是甚么? A:FAT; B:exFAT; C:NTFS; D:Linux; E:macOS 用取证大师 os文件系统一般是c盘,所以取证大师直接看 10.计算机上预设安装了甚么浏览器? A:Firefox; B:Chrome; C:Safari; D:Internet Explorer; E:Opera 预设不是都是ie,用ie来下载其他浏览器 11.在Alice的笔记本,哪个是最常用的浏览器? A:Firefox B:Chrome C:Safari D:Internet Explorer E:Opera 虽然我觉得是edge,无奈没有这个选项,所以只能是ie 12.在Alice的笔记本, 最常用的浏览器是甚么版本? A:Internet Explorer version 6; B:Internet Explorer version 7; C:Internet Explorer version 11; D:Internet Explorer version 8; E:Internet Explorer version 9 仿真直接看 13.在Alice的笔记本, Alice浏览了哪个在线商店的网站? A:Sunnings, Apple 及 Microsoft; B:Microsoft, Apple 及 Fortress; C:Sunnings, Boardway 及 Fortress; D:Sunnings, Apple 及 Fortress; E:Sunnings, Apple 及 Boardway 14.在Alice的笔记本, 受害人的信用卡号是甚么?(Ho PCKYI-电子邮件:shy1211@mtzh.gow.tw) A:3405 0621 0621 7845; B:5411 2210 0121 7741; C:1478 2583 1234 8899; D:7532 2561 1234 9638; E:1256 9638 5522 7894 导出txt 15.在Alice的笔记本, 受害人的信用卡CSC号码是甚么(何PCKYI-电子邮件:shy1211@mtzh.gow.tw**)** A:123; B:321; C:112; D:121; E:211 同上 16.除了上述在USB 找出ZIP文件,请找出相同ZIP文件的路径? A:Partition 3\Users\Alice\Desktop\Downloads; B:Partition 3\Users\Alice\Desktop\Temp; C:Partition 3\Users\Alice\Recent; D:Partition 3\Users\Alice; E:Partition 3\Users\Alice\Downloads 17.ZIP文件的哈希值(SHA-256)是甚么? A:59B88F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E88F6; B:8BF68F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA73B7EEE77; C:99F68F8755E1F76107D6EE2134ED32C91F0B44C7C0EE3850BBA74B7E59B8; D:89F78F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850CCC74B7E59; E:88F68F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E59B8 18.ZIP文件的修改时间是多少?(当地时间) A:2020/09/27 18:48; B:2020/09/01 18:47; C:2020/09/29 18:46; D:2020/09/24 18:45; E:2020/10/01 18:44 19.USB驱动器在Alice笔记本计算机上的最后插入时间是何时?(当地时间) A:2020-09-28 1800 hrs; B:2020-09-27 1802 hrs; C:2020-09-29 1801 hrs; D:2020-09-16 1803 hrs; E:2020-09-29 1202 hrs 20.解压的ZIP文件内有哪些文件? A:log1nx.txt, R3ZZ.txt; B:WhatsApp Image 2020-09-29 at 18.35.25.jpeg, WhatsApp Image 2020-09-29 at 18.37.47.jpeg; C:log1nx.txt; D:R3ZZ.txt; E:log1nx.txt, R3ZZ.txt, WhatsApp Image 2020-09-29 at 18.35.25.jpeg, WhatsApp Image 2020-09-29 at 18.37.47.jpeg 取证大师双击该zip文件,就能解压目录 21.“ ZIP文件中发票的哈希值(SHA 256)是多少=发票(2) 名称:WhatsApp Image 2020-09-29 at 18.35.25.jpeg” A:3EE491A38AB82AD19EDB2B7402DA31F52006C3B4B018F859A451B839878DF4C3; B:C391A38AB82AD19EDB2B7402DA31F52006C3B4B018F859A451B839878D3EE4F4; C:34E391A38AB82AD19EDB2B7402DA31F52006C3B4B018F859A451B839878D8EE5; D:F4C391A38AB82AD19EDB2B7402DA31F52006C3B4B018F859A451B839878D3EE4; E:CCC381A38AB82AD19EDB2B7402DA31F52006C3B4B018F859A451B839878D3BB4 22.“ ZIP文件中发票的哈希值(SHA 256)是多少=发票(2) 名称:WhatsApp Image 2020-09-29 at 18.37.47.jpeg” A:21F5CC2552A7337844B90F0AB5CDA85BF2F5A71A635E0D3B05731C95937D2DAF; B:2DAFCC2552A7337844B90F0AB5CDA85BF2F5A71A635E0D3B05731C95937D21F5; C:20AFCC2552A7337844B90F0AB5CDA85BF2F5A71A635E0D3B05731C95937D21F5; D:DA2FCC2552A7337844B90F0AB5CDA85BF2F5A71A635E0D3B05731C95937D2LF5; E:A2AFOO2552A7337844B90F0AB5CDA85BF2F5A71A635E0D3B05731C95937D21F5 23.Alice笔记本计算机上安装了哪种电子邮件软件? A:Thunderbird; B:Lotus Notes; C:Nil; D:Outlook; E:Mailbird 仿真去看 取证大师直接看也行 24.Alice笔记本计算机上的电子邮件软件的版本是甚么? A:Thunderbird 78.0; B:Lotus Notes 11; C:Nil;D:Outlook 2016; D:Outlook 2016 E:Outlook 2013 同上 25.Alice笔记本计算机登录电子邮件软件的电子邮件帐户是甚么? A:alicechen741@gmail.com; B:alicechen@gmail.com; C:alice741@gmail.com; D:alice_chen741@gmail.com; E:alicechen741@yahoo.com 26.Alice在上述电子邮件对话中获得了哪些数据/文件? A:log1ns.txt, R3ZZ.txt; B:log1ns.txt; C:R3ZZ.txt; D:log1ox.txt, R3ZZ.txt; E:log1nx.txt, 33Z2.txt 前几题写过了 26.Alice在上述电子邮件对话中获得了哪些数据/文件? A:log1ns.txt, R3ZZ.txt; B:log1ns.txt; C:R3ZZ.txt; D:log1ox.txt, R3ZZ.txt; E:log1nx.txt, 33Z2.txt 27.该电子邮件的发信者的电子邮件地址是甚么? A:alicechen741@gmail.com; B:alice_chen741@gmail.com; C:bobcheung223@gmail.com; D:bobcheung123@gmail.cam; E:bobcheung123@gmail.com; 28.上述已收的电子邮件, 发件人的IP地址是甚么? A:209.85.220.41; B:209.85.221.39; C:209.85.220.40; D:209.82.220.42; E:209.58.220.43 用取证大师看 29.在笔记本, Alice的电子邮件地址是甚么? A:alicechen741@gmail.com; B:bob123@gmail.com; C:cole909@gmail.com; D:alicechen@gmail.com; E:alice741@gmail.com 30.除了Alice,还有其他电子邮件地址与该骗局有关吗? A:bob123@gmail.com; B:cole909@gmail.com; C:bobcheung123@gmail.com; D:alicechen@gmail.com; E:alicechen741@gmail.com 31.哪些人有AP和主脑之间的电子邮件记录?有文件传输吗? A:Alice and Cole, re log1ns.txt and R3ZZ.txt; B:Alice and Tommy, re log1ns.txt and R3ZZ.txt; C:Alice and Bob, re log1ns.txt and R3ZZ.txt; D:Alice and Chris, re log1ns.txt and R3ZZ.txt; E:Alice, Bob and Cole, re log1ns.txt and R3ZZ.txt 都直接看 32.在ZIP 文件中, 有多少受害人的信用卡数据被盗? A:3; B:4; C:5; D:7; E:6 看 r3zz文件,直接数crd 33.已被黑客盗用其信用卡资料购买的受害者是谁? A:TONG TO ON; B:YUEN MING TIM; C:TSE KONG LON; D:TSE WONG YIN; E:LEE YOI TEI 用那个图片 34.被盗用的内容是甚么? A:Name, ccc code, credit card number; B:Name, ccc code, HKID; C:Name, credit card number, aged; D:Name, credit card number, CSC; E:Nil 36.Alice手机的操作系统版本是甚么? A:Android 4.0 (security patch=2015-12-01); B:Android 5.0 (security patch=2015-12-01); C:Android 7.0 (security patch=2015-12-01); D:Android 8.0 (security patch=2015-12-01); E:Android 6.0 (security patch=2015-12-01) 37.Alice手机的总储存空间是多少? A:64; B:128; C:256; D:16; E:32 猜一手 38.在Alice 手机, IMG-20200929-WA0002的创建时间是甚么?(本地时间) A:2020-08-29 1824; B:2020-09-29 1824; C:1970-09-29 1825; D:2020-09-29 1024; E:2020-09-02 2224 39.在Alice 手机,IMG-20200929-WA0004的创建时间是甚么?(本地时间) A:2020-09-29 1825; B:2020-10-29 1824; C:1970-09-29 1825; D:2020-08-29 1024; E:2020-09-25 1824 40.IMG-20200929-WA0002和IMG-20200929-WA0004的元数据和相机型号是甚么? A:Manufacturer: LG Electronics, Model: LG-DD55; B:Manufacturer: Apple, Model: A1687; C:Manufacturer: LG Electronics, Model: LG-D855; D:Manufacturer: Samsung, Model: SM-N7105; E:Manufacturer: MI, Model: MI8 41.在Alice 手机, 预设浏览器浏览历史记录的文件在哪里? A:\Partition43[hda41]\data\com.android.browser\databases\browser2.db(Mobile Forensics System V2); B:\Partition40[hda41]\data\com.android.chrome\app_chrome\Default\History(Mobile Forensics System V2); C:\Partition41[hda41]\data\com.android.chrome\app_chrome\Default\History(Mobile Forensics System V2); D:\Partition42[hda41]\data\com.android.chrome\app_chrome\Default\History(Mobile Forensics System V2); E:\Partition44[hda41]\data\com.android.chrome\app_chrome\Default\History(Mobile Forensics System V2) 手机浏览器肯定是预设浏览器,所以看手机浏览器的历史记录,然后转跳到源文件 但他是分区46??怎么没有?? 只能选最相似的A 42.储存Chrome浏览历史记录的文件是甚么? A:\Partition40[hda41]\data\com.android.browser\databases\browser2.db(Mobile Forensics System V2); B:\Partition41[hda41]\data\com.android.browser\databases\browser2.db(Mobile Forensics System V2); C:\Partition42[hda41]\data\com.android.browser\databases\browser2.db(Mobile Forensics System V2); D:\Partition43[hda41]\data\com.android.chrome\app_chrome\Default\History(Mobile Forensics System V2); E:\Partition44[hda41]\data\com.android.browser\databases\browser2.db(Mobile Forensics System V2) 同上题,在chrome的历史记录,直接转到源文件 43.Alice手机的Whatsapp ID和账户名称是甚么? A:85262547937@s.whatsapp.net; B:62547937@s.whatsapp.net; C:alice@s.whatsapp.net; D:83162547937@s.whatsapp.net; E:B5262547937@s.whatsapp.net 44.与Bob和Cole的最后WhatsApp的时间是甚么?(本地时间) A:2020/9/26 18:47; B:2020/9/24 10:25; C:2020/9/25 10:25; D:2020/9/24 10:20; E:2020/9/27 10:25 看来都不是。去群组里找 45.主脑的名字是甚么? A:Chris 及 Tommy; B:Bob 及 Cole; C:Bob 及 Tommy; D:Alice 及 Tommy; E:Alice 及 Chris Alice和Bob还有Cole 46.Alice,Bob和Cole之间的WhatsApp群组的ID和名称是甚么? A:62547937-1600392878@g.us “Big Big Club”; B:8526254-7937-1600392878@g.us; C:86162547937-1600392878@g.hk “Big Big Club”; D:62547937-1600392878@g.hk “Big Big Club”; E:85262547937-1600392878@g.us “Big Big Club” 47.哪一个表,显示了聊天群组“ Big Big Club”的创建时间?(本地时间) A:Table:chat; B:Table:chat_list; C:Table:chat_group; D:Table:chat-group; E:Table:chatting_list 导出数据库,看到chat list里有 48.聊天群组“ Big Big Club”是甚么时候创建的?(本地时间) A:2020/09/17 10:34; B:2020/09/18 10:34; C:2020/09/18 08:35; D:2020/09/18 07:34; E:2020/09/18 09:34 49.Alice是否曾经登陆whatsapp网站?如果有的话,她是在何时登入? 所用的是甚么浏览器? (提示:在移动取证图像上找到结果)(UTC +0) A:No; B:Yes. Windows Edge. 2020-09-29, 18:43:44; C:Yes. Windows Edge. 2020-09-29, 10:43:44; D:Yes. Firefox. 2020-09-29, 10:25:44; E:Yes. Firefox. 2020-09-29, 16:43:44 50.Alice如何收到这笔钱?钱包地址是甚么? A:通过比特币钱包:1L6fKWpEYvUi8FeG6BnXqfh1joAgmJA1h1; B:通过比特币钱包:2L6fKWpEYvUi8FeG6BnXqfh1joAgmJA1h2; C:通过比特币钱包:3A6fKWpEYvUi8FeG6BnXqfh1joAgmJAlh1; D:通过比特币钱包:666fKWpEYvUi8FeG6BnXqfh1joAgmJA1h1; E:通过比特币钱包:FF6fKWpEYvUi8FeG6BnXqfh1jOAgmJA1h1 51.“Deleted by the sender”的media_wa_type是甚么? A:14; B:12; C:13; D:15; E:11 导出数据库,看数据表 52.Alice手机的Wifi MAC地址是甚么? A:Intf0MacAddress=000AF58989FF; B:Intf0MacAddress=0012AF58989FF; C:Intf0MacAddress=000BF58989FF; D:Intf0MacAddress=110AF5B989FF; E:Intf0MacAddress=222AF589B9FF 53.Alice USB驱动器内的ZIP档案的密码是甚么? (某些字符被刻意用*遮盖) A:QP**!#80**; B:Qpzm!@****; C:QP******@!; D:**98#*; E:**89#h 54.Alice USB驱动器内的哪一个程序是用作储存秘密数据? A:mytracker.apk; B:com_cleanmaster_mguard_7.4.6_02_09_2020.apk; C:crypto_aliens_bch_1.0.2_05_11_2020.apk; D:de_schildbach_wallet_8.03_06_09_2020.apk; E:Messagesecure.apk 55.打开秘密讯息的密码是甚么? (某些字符被刻意用遮盖) A:**89#h; B:Qpzm!#; C:QP@#; D:**98#; E:*8#9 56.USB驱动器内,其中一个档案的秘密讯息是甚么? (某些字符被刻意用遮盖) A:Password is ****; B:Alice is the mastermind; C:*****phone pw is ****; D:Alice and Bob are masterminds; E:Phone is ******** 57.贴在笔记本计算器机上的密码有甚么用途? A:Alice笔记本电脑的Bitlocker密码; B:Alice的USB驱动器的密码; C:Alice的电子银行密码; D:从文件恢复安全消息; E:Alice的手机密码 58.Alice USB驱动器内的档案有甚么种类? A:PNG, ZIP, APK, DOC; B:PNG, ZIP, APK; C:PNG, ZIP, APK, 7Z; D:PNG, DOC, APK, 7Z; E:PNG, ZIP, DOC, 7Z 59.Alice USB驱动器的哈希值(SHA-256)是甚么? A:4DFF94ED83F41C356B0588C2C21ECF563E9D8CA66ED6D97A3D57C2629185528D; B:4DFF528D94ED83F41C356B0588C2C21ECF563E9D8CA66ED6D97A3D57C2629185; C:94ED83F41C356B0588C2C21ECF563E9D8CA66ED6D97A3D57C26291854DFF528D; D:528D94ED83F41C356B0588C2C21ECF563E9D8CA66ED6D97A3D57C26291854DFF; E:51BD94ED83F41C356B0588C2C21ECF563E9D8CA66ED6D97A3D57C26291854OFF 60.在USB驱动器中找到的ZIP文件(Downloads.7z),它的哈希值(SHA-256)是甚么? A:59B88F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E88F6; B:8BF68F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E59BB; C:88F68F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E59B8; D:88E68F8755E1F76107D6EE2134ED32C91F0B44C7C0EE3850BBA74B7E59B8; E:89F68F8755E1F76107D6EE2134ED32BABBC91F0B44C7C0EE3850BBA74B7E59 61.在Alice的USB内, ZIP文件的最后修改时是? A:2020/09/29 18:46; B:2020/09/27 18:46; C:2020/09/28 18:46; D:2020/09/24 18:47; E:2020/09/28 16:48 收藏(0)