Reconnaissance

Preparation

The preparation for today's lesson were some simple meta data extraction:

  1. Im Jahr 2003 hat die Regierung Blair (UK) mit gefälschten Informationen mehr oder weniger den Irakkrieg ausgelöst. Die Datei uk0103.pdf oder blair.doc enthält Infos, dass Mitarbeiter in Downing Street (dem Sitz des Premierministers) die Infos aus einer 12 Jahre alten Diplomarbeit "zusammengebastelt" haben. Finde die Bearbeiter! (Anmerkung: es sind vier Personen)
  2. Wo befindet sich der Aufnahmestandort des Fotos GPS.jpg? Tipp: Google Street View (gelbes Männchen auf die blauen Punkte/Linien ziehen).
  3. Die Datei Screening_Management.pdf ist Beispiel eines schlecht geschwärzten Dokuments. Ermittle, worum es bei der geschwärzten Stelle auf Seite 9 geht!

Files can be found here

1. Blair

The blair.doc file saves a lot of meta data, including the authors of the document. These could be extracted with either MS Word itself or any meta data extractor.

I used: http://www.extractmetadata.com/

Language: U.S. English
Mimetype: application/CDFV2-corrupt
Creator: default
Unknown date: 2003-02-03T11:18:00Z
Title: Iraq- ITS INFRASTRUCTURE OF CONCEALMENT, DECEPTION AND INTIMIDATION
Character count: 22090
Last saved by: MKhan
Page count: 1
Word count: 3875
Creation date: 2003-02-03T09:31:00Z
Editing cycles: 4
Mimetype: application/vnd.ms-files
Created by software:       Microsoft Word 8.0
Template: Normal.dot
Line count: 184
Paragraph count: 44
Revision history: Revision #0: Author `cic22' worked on `C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd'
Revision history: Revision #1: Author `cic22' worked on `C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd'
Revision history: Revision #2: Author `cic22' worked on `C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd'
Revision history: Revision #3: Author `JPratt' worked on `C:\TEMP\Iraq - security.doc'
Revision history: Revision #4: Author `JPratt' worked on `A:\Iraq - security.doc'
Revision history: Revision #5: Author `ablackshaw' worked on `C:\ABlackshaw\Iraq - security.doc'
Revision history: Revision #6: Author `ablackshaw' worked on `C:\ABlackshaw\A;Iraq - security.doc'
Revision history: Revision #7: Author `ablackshaw' worked on `A:\Iraq - security.doc'
Revision history: Revision #8: Author `MKhan' worked on `C:\TEMP\Iraq - security.doc'
Revision history: Revision #9: Author `MKhan' worked on `C:\WINNT\Profiles\mkhan\Desktop\Iraq.doc'
Audio preview: (binary, 183 bytes)

2. GPS

Again, the jpeg format contains various meta data fields.
The interesting one is the GPS location, which is very often saved when taking a photo with any modern camera / smartphone.

I used: http://metapicz.com

Latitude:  41.888948 North
Longitude: 87.624494 West

Google Street View

3. Screening

This took almost longer than the previous two, because I did not expect the text to just be formatted with a black background.

40/40/20 – An explosives trace detection screening protocol in which a percentage of checked baggage is screened
using CLOSED BAG SEARCH (40%), LIMITED OPEN BAG SEARCH (40%), and FULL OPEN BAG
SEARCH (20%) procedures.

My initial thought was that we have to extract a color difference with an image manipulation tool.

Homework

The task was to find personal information about Sebastian Kurz.

results matching ""

    No results matching ""