Tutorial Overview.  The objective of this tutorial is twofold.  The first is to introduce you to some of the tools and techniques used for forensic analysis.  The second is to demonstrate some of the mechanisms used by malicious attackers as well as forensic experts to disrupt computer networks and manipulate information access.

This tutorial session will cover data storage and access, bypassing filtered [blocked] ports, reviewing Internet activity, and the use of steganography. Open-source forensic tools will be introduced and demonstrated for each exercise.  The tutorial has been setup for all of the exercises and the required executables are accessible through linked short-cuts on the desktop of the administrator (no password needed to logon). The desktop is shown below:

If you would like to do the exercise in your own computer the installation instructions are given in the Appendix. If you need further assistance, contact the GSA.

Equipment/Software.  Most of the tools used for this lab exercise is freely available for non-commercial testing purposes and opensource software, either freeware or shareware.

Hidden Files

Port Redirection

IE Activity analysis


  • JPHS (Jpeg Hide and Seek) v0.5 (Freeware download from
  • Text editor
  • Image file in jpeg format