diff --git a/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 1.md b/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 1.md
new file mode 100644
index 0000000..e1dfd3e
--- /dev/null
+++ b/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 1.md
@@ -0,0 +1,56 @@
+---
+banner:
+---
+# **Übungsaufgabe** 4 - 1
+
+ Team: 13
+Bearbeiter: 3009728 | 3026182 | 3019335 | 3008816
+Datum der Erstellung: 09.05.2025
+
+---
+
+# Nicht-technische Zusammenfassung
+
+> Diese Aufgabe beinhaltet die Erarbeitung dreier Tools, `dd`, `dc3dd` und `dcfldd` sowie des Dateisystems `SquashFS`.
+
+## 1.2 Unterschiede der Tools
+dd ist super zum bitgenauen Kopieren, doch dc3dd bietet einige weitere Features (es basiert auf dd): Fortschrittsanzeige, automatisches hashen bei read UND write, automatisches Logging, ...
+
+dcfldd scheint im Vergleich zu beiden vorherigen dafür geeignet, mehrere Ausgabedateien zu haben und zu splitten - es scheint außerdem das professionellere Tool, entwickelt vom US Department of Defense
+
+## 1.3 `conv=noerror`
+
+Ignoriert Lesefehler - das ist meines Erachtens nach sehr unklug für die Forensik, jegliche Fehler MÜSSEN bemerkt, protokolliert und verarbeitet werden, um alle Fakten zu kennen.
+
+## 1.4 `conv=sync`
+
+Füllt leere Blöcke mit Nullen - auch dies sollte unter allen Umständen vermieden werden, weil das zugrundeliegende Beweismaterial verfälscht wird!
+
+## 1.5 Fehlerumgang von dc3dd
+
+> **Standardmäßig bricht `dc3dd` bei einem Lesefehler ab.**
+> → **Man muss explizit Optionen setzen**, um trotz Fehlern weiterzulesen (wie bei `dd` mit `conv=noerror,sync`).
+
+
+---
+
+# Technischer Bericht
+
+Für diese Aufgabe überflüssig.
+
+
+
+----
+
+## 3. Ergebnisse
+
+Die auf `dd` basierende Fülle an Tools ist überraschend, insbesondere solch professionelle Ausarbeitungen wie dcfldd vom US Department of Defense.
+
+---
+### 4. Verwendete Quellen
+[1] https://www.geeksforgeeks.org/dd-command-linux/
+[2] https://medium.com/@abhinavnandgaonkar98/execute-the-three-commands-dd-ddfldd-dc3dd-46f3e2a5195
+[3] https://www.kali.org/tools/dc3dd/
+[4] https://linuxcommandlibrary.com/man/dcfldd#:~:text=DESCRIPTION,multiple%20output%20files%2C%20and%20verification.
+[5] https://wiki.ubuntuusers.de/SquashFS/
+
diff --git a/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md b/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md
new file mode 100644
index 0000000..ae18878
--- /dev/null
+++ b/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md
@@ -0,0 +1,1651 @@
+---
+banner:
+---
+# **Übungsaufgabe** 4 - 2
+
+ Team: 13
+Bearbeiter: 3009728 | 3026182 | 3019335 | 3008816
+Datum der Erstellung: 09.05.2025
+
+---
+
+# Nicht-technische Zusammenfassung
+
+> Eine für Laien verständliche Zusammenfassung der Untersuchung und der wichtigsten Erkenntnisse.
+
+Wir untersuchten in dieser Aufgabe das digitale Abbild eines USB-Sticks, den wir auf Inhalte und mutmaßlich eine Handy-PIN hin untersuchen sollten.
+Hierbei fanden wir mehrere Bilder, die jedoch keinen Bezug zum PIN aufzeigten - selbigen konnten wir nicht recovern.
+
+---
+
+# Technischer Bericht
+
+## 1. Übersicht der analysierten Daten
+
+| Datenquelle | Typ | Datentyp | Größe | Hash (SHA256) |
+| -------------------- | ---------- | -------- | ----- | ----------------------------------------------------------------- |
+| ~/Downloads/vUSB.img | Disk-image | Image | 3.1GB | 2c9c0f5117cdc3e8f3b9156bb5eef7d95 63f46b4e0e4e51123711d828c89e8a2 |
+| Bild1.jpg | Bild | .jpg | | d2cc34b1613360da8fe39bd9f95e0749f0d48acc9396d37139b5624ab7655363 |
+| Bild2.jpeg | Bild | .jpeg | | 01b8a6d33ba74fec3a5e04fdd3d52f9738bd97d9d3c97c043955e1bd6bc39a92 |
+| Blue.png | Bild | .png | | efc4cbf142fdfe55d5695fe02240cd1f0782e086ce5490f1b65e398c3279b375 |
+
+## 2. Chronologisches Analyseprotokoll
+
+> **Jede Terminal-Eingabe mit zugehörigem Befehl, Zeitstempel, GPG-Signatur, Hash-Wert, Ausgabe, Kontext und (falls vorhanden) rechtlicher Erklärung .**
+
+## [++] Timeline of Commands and Comments
+
+### [+] Timestamp: `2025-05-09T06-48-10-588708+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Aufgabe 2.1: Verwenden Sie die Datei vUSB.zip und entpacken Sie diese (z.B. mit 7zip)
+
+---
+
+### [+] Command: `7z x /home/kali/Downloads/vUSB.zip -o/home/kali/Documents/analysis-station/Uebung_04`
+- Timestamp: `2025-05-09T06-50-15-117272+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `e11182132e7dbcf323278e3f318b991e0ebf352fb3d67d9b28cdb34a48872f1e`
+
+#### Output:
+```
+[STDOUT]
+
+7-Zip 24.09 (x64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29
+ 64-bit locale=en_US.UTF-8 Threads:32 OPEN_MAX:1024, ASM
+
+Scanning the drive for archives:
+1 file, 5484894 bytes (5357 KiB)
+
+Extracting archive: /home/kali/Downloads/vUSB.zip
+--
+Path = /home/kali/Downloads/vUSB.zip
+Type = zip
+Physical Size = 5484894
+
+Everything is Ok
+
+Size: 3221225472
+Compressed: 5484894
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T06:50:24.148849+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `mkdir -p /home/kali/Documents/analysis-station/Uebung_04/mnt`
+- Timestamp: `2025-05-09T06-50-30-811874+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T06:50:30.823656+00:00
+
+`mkdir` creates a directory. In forensic workflows, it is often used to prepare target folders for mounts or exported data.
+
+
+The `-p` option ensures that parent directories are created as needed. It also avoids errors if the target directory already exists.
+
+---
+
+### [+] Command: `xxd /home/kali/Documents/analysis-station/Uebung_04/vUSB.img | head -n 20`
+- Timestamp: `2025-05-09T06-51-12-136535+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
+
+#### Output:
+```
+[STDOUT]
+00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
+00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
+00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
+00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
+00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
+00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
+00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
+00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
+00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
+00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
+000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
+000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
+000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
+000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
+000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T06:51:12.146934+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T06-51-41-886735+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Scheint nicht beschaedigt und alles in Ordnung. Aufgabe beendet.
+
+---
+
+### [+] Timestamp: `2025-05-09T06-52-31-932154+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Aufgabe 2.2 wird gestartet.
+
+---
+
+### [+] Command: `sudo losetup --find --show /home/kali/Documents/analysis-station/Uebung_04/vUSB.img`
+- Timestamp: `2025-05-09T06-59-28-055316+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `7a14c39a9aeb23bd6c1fc88585770ac22b4dc1c9866b9ec193e8139edcdaaba5`
+
+#### Output:
+```
+[STDOUT]
+/dev/loop1
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T06:59:31.596821+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-04-57-689819+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Aufgabe 2.2: Nun sollen Sicherungen mit drei Tools angelegt werden, dd, dc3dd, dcfldd
+
+---
+
+### [+] Command: `lsblk /dev/loop1`
+- Timestamp: `2025-05-09T07-05-14-970891+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `8747b45e208ba4c685e955d88b42a408e5db35dc8615d8df33f7de2a9f05f017`
+
+#### Output:
+```
+[STDOUT]
+NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
+loop1 7:1 0 3G 0 loop
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:05:14.981961+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `xxd /dev/loop1 | head -n 20`
+- Timestamp: `2025-05-09T07-05-37-507814+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `5966732467316f16861af4b32af89947d5678807c341a60bf6e55acf00a7b5f5`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+xxd: /dev/loop1: Permission denied
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:05:37.517842+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo xxd /dev/loop1 | head -n 20`
+- Timestamp: `2025-05-09T07-05-44-461670+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
+
+#### Output:
+```
+[STDOUT]
+00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
+00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
+00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
+00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
+00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
+00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
+00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
+00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
+00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
+00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
+000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
+000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
+000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
+000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
+000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:05:44.488574+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dd.img status=progress`
+- Timestamp: `2025-05-09T07-07-01-946380+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `8d6621d3df568cde9986badb67542b72d458ffafd95dc1bd1e584fc02bd1efe8`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+
+165536256 bytes (166 MB, 158 MiB) copied, 1 s, 166 MB/s
+341011968 bytes (341 MB, 325 MiB) copied, 2 s, 171 MB/s
+516391424 bytes (516 MB, 492 MiB) copied, 3 s, 172 MB/s
+689598464 bytes (690 MB, 658 MiB) copied, 4 s, 172 MB/s
+868729344 bytes (869 MB, 828 MiB) copied, 5 s, 174 MB/s
+1046550016 bytes (1.0 GB, 998 MiB) copied, 6 s, 174 MB/s
+1214092800 bytes (1.2 GB, 1.1 GiB) copied, 7 s, 173 MB/s
+1395514880 bytes (1.4 GB, 1.3 GiB) copied, 8 s, 174 MB/s
+1565343744 bytes (1.6 GB, 1.5 GiB) copied, 9 s, 174 MB/s
+1744128512 bytes (1.7 GB, 1.6 GiB) copied, 10 s, 174 MB/s
+1919242240 bytes (1.9 GB, 1.8 GiB) copied, 11 s, 174 MB/s
+2095894528 bytes (2.1 GB, 2.0 GiB) copied, 12 s, 175 MB/s
+2275668480 bytes (2.3 GB, 2.1 GiB) copied, 13 s, 175 MB/s
+2448216064 bytes (2.4 GB, 2.3 GiB) copied, 14 s, 175 MB/s
+2624709120 bytes (2.6 GB, 2.4 GiB) copied, 15 s, 175 MB/s
+2798371328 bytes (2.8 GB, 2.6 GiB) copied, 16 s, 175 MB/s
+2970781184 bytes (3.0 GB, 2.8 GiB) copied, 17 s, 175 MB/s
+3151798784 bytes (3.2 GB, 2.9 GiB) copied, 18 s, 175 MB/s
+6291456+0 records in
+6291456+0 records out
+3221225472 bytes (3.2 GB, 3.0 GiB) copied, 18.5111 s, 174 MB/s
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:07:20.489457+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_u4/usb_dd.img | head -n 20`
+- Timestamp: `2025-05-09T07-07-59-269675+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `c915b705c72f6c41ea9a2edce649ea3a7038bbb6ad35c7a7617f603a861ce35e`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+xxd: /home/kali/Documents/analysis-station/Uebung_u4/usb_dd.img: No such file or directory
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:07:59.304707+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dd.img | head -n 20`
+- Timestamp: `2025-05-09T07-08-14-777981+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
+
+#### Output:
+```
+[STDOUT]
+00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
+00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
+00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
+00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
+00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
+00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
+00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
+00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
+00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
+00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
+000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
+000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
+000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
+000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
+000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:08:14.806240+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo dc3dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img hash=sha256 hlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.hash`
+- Timestamp: `2025-05-09T07-11-38-528356+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `1123e734545cfe4e6d8bce1dc80749d9de1a30dba2b7e1ca6ec9c99517ea3628`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+
+dc3dd 7.3.1 started at 2025-05-09 03:11:38 -0400
+compiled options:
+command line dc3dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img hash=sha256 hlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.hash
+device size: 6291456 sectors (probed), 3,221,225,472 bytes
+sector size: 512 bytes (probed)
+
+ 18415616 bytes ( 18 M ) copied ( 1% ), 0 s, 171 M/s
+
+ 41975808 bytes ( 40 M ) copied ( 1% ), 0 s, 197 M/s
+
+ 67993600 bytes ( 65 M ) copied ( 2% ), 0 s, 214 M/s
+
+ 91521024 bytes ( 87 M ) copied ( 3% ), 0 s, 216 M/s
+
+ 115179520 bytes ( 110 M ) copied ( 4% ), 1 s, 218 M/s
+
+ 138215424 bytes ( 132 M ) copied ( 4% ), 1 s, 218 M/s
+
+ 163020800 bytes ( 155 M ) copied ( 5% ), 1 s, 220 M/s
+
+ 187367424 bytes ( 179 M ) copied ( 6% ), 1 s, 222 M/s
+
+ 211746816 bytes ( 202 M ) copied ( 7% ), 1 s, 223 M/s
+
+ 235929600 bytes ( 225 M ) copied ( 7% ), 1 s, 224 M/s
+
+ 260210688 bytes ( 248 M ) copied ( 8% ), 1 s, 224 M/s
+
+ 284000256 bytes ( 271 M ) copied ( 9% ), 1 s, 224 M/s
+
+ 305004544 bytes ( 291 M ) copied ( 9% ), 1 s, 223 M/s
+
+ 329613312 bytes ( 314 M ) copied ( 10% ), 1 s, 223 M/s
+
+ 354451456 bytes ( 338 M ) copied ( 11% ), 2 s, 224 M/s
+
+ 376569856 bytes ( 359 M ) copied ( 12% ), 2 s, 223 M/s
+
+ 402685952 bytes ( 384 M ) copied ( 13% ), 2 s, 225 M/s
+
+ 426508288 bytes ( 407 M ) copied ( 13% ), 2 s, 225 M/s
+
+ 450134016 bytes ( 429 M ) copied ( 14% ), 2 s, 225 M/s
+
+ 473038848 bytes ( 451 M ) copied ( 15% ), 2 s, 224 M/s
+
+ 498794496 bytes ( 476 M ) copied ( 15% ), 2 s, 225 M/s
+
+ 523894784 bytes ( 500 M ) copied ( 16% ), 2 s, 226 M/s
+
+ 542081024 bytes ( 517 M ) copied ( 17% ), 2 s, 224 M/s
+
+ 569016320 bytes ( 543 M ) copied ( 18% ), 2 s, 225 M/s
+
+ 596836352 bytes ( 569 M ) copied ( 19% ), 3 s, 227 M/s
+
+ 624721920 bytes ( 596 M ) copied ( 19% ), 3 s, 228 M/s
+
+ 652443648 bytes ( 622 M ) copied ( 20% ), 3 s, 229 M/s
+
+ 675774464 bytes ( 644 M ) copied ( 21% ), 3 s, 229 M/s
+
+ 698155008 bytes ( 666 M ) copied ( 22% ), 3 s, 228 M/s
+
+ 717357056 bytes ( 684 M ) copied ( 22% ), 3 s, 227 M/s
+
+ 738295808 bytes ( 704 M ) copied ( 23% ), 3 s, 226 M/s
+
+ 759660544 bytes ( 724 M ) copied ( 24% ), 3 s, 225 M/s
+
+ 785088512 bytes ( 749 M ) copied ( 24% ), 3 s, 226 M/s
+
+ 809500672 bytes ( 772 M ) copied ( 25% ), 3 s, 226 M/s
+
+ 834994176 bytes ( 796 M ) copied ( 26% ), 4 s, 226 M/s
+
+ 860815360 bytes ( 821 M ) copied ( 27% ), 4 s, 227 M/s
+
+ 884801536 bytes ( 844 M ) copied ( 27% ), 4 s, 227 M/s
+
+ 907345920 bytes ( 865 M ) copied ( 28% ), 4 s, 227 M/s
+
+ 925728768 bytes ( 883 M ) copied ( 29% ), 4 s, 225 M/s
+
+ 950468608 bytes ( 906 M ) copied ( 30% ), 4 s, 225 M/s
+
+ 978518016 bytes ( 933 M ) copied ( 30% ), 4 s, 226 M/s
+
+ 1006174208 bytes ( 960 M ) copied ( 31% ), 4 s, 227 M/s
+
+ 1034223616 bytes ( 986 M ) copied ( 32% ), 4 s, 228 M/s
+
+ 1062371328 bytes ( 1013 M ) copied ( 33% ), 4 s, 229 M/s
+
+ 1090453504 bytes ( 1 G ) copied ( 34% ), 5 s, 230 M/s
+
+ 1116405760 bytes ( 1 G ) copied ( 35% ), 5 s, 230 M/s
+
+ 1143341056 bytes ( 1.1 G ) copied ( 35% ), 5 s, 231 M/s
+
+ 1168408576 bytes ( 1.1 G ) copied ( 36% ), 5 s, 231 M/s
+
+ 1180303360 bytes ( 1.1 G ) copied ( 37% ), 5 s, 228 M/s
+
+ 1195081728 bytes ( 1.1 G ) copied ( 37% ), 5 s, 227 M/s
+
+ 1220739072 bytes ( 1.1 G ) copied ( 38% ), 5 s, 227 M/s
+
+ 1248067584 bytes ( 1.2 G ) copied ( 39% ), 5 s, 227 M/s
+
+ 1274937344 bytes ( 1.2 G ) copied ( 40% ), 5 s, 228 M/s
+
+ 1301872640 bytes ( 1.2 G ) copied ( 40% ), 5 s, 228 M/s
+
+ 1326907392 bytes ( 1.2 G ) copied ( 41% ), 6 s, 229 M/s
+
+ 1349844992 bytes ( 1.3 G ) copied ( 42% ), 6 s, 228 M/s
+
+ 1374388224 bytes ( 1.3 G ) copied ( 43% ), 6 s, 228 M/s
+
+ 1396637696 bytes ( 1.3 G ) copied ( 43% ), 6 s, 228 M/s
+
+ 1420328960 bytes ( 1.3 G ) copied ( 44% ), 6 s, 228 M/s
+
+ 1443758080 bytes ( 1.3 G ) copied ( 45% ), 6 s, 228 M/s
+
+ 1468891136 bytes ( 1.4 G ) copied ( 46% ), 6 s, 228 M/s
+
+ 1493794816 bytes ( 1.4 G ) copied ( 46% ), 6 s, 228 M/s
+
+ 1514012672 bytes ( 1.4 G ) copied ( 47% ), 6 s, 228 M/s
+
+ 1542815744 bytes ( 1.4 G ) copied ( 48% ), 6 s, 228 M/s
+
+ 1570963456 bytes ( 1.5 G ) copied ( 49% ), 7 s, 229 M/s
+
+ 1597440000 bytes ( 1.5 G ) copied ( 50% ), 7 s, 229 M/s
+
+ 1623031808 bytes ( 1.5 G ) copied ( 50% ), 7 s, 230 M/s
+
+ 1650294784 bytes ( 1.5 G ) copied ( 51% ), 7 s, 230 M/s
+
+ 1678901248 bytes ( 1.6 G ) copied ( 52% ), 7 s, 231 M/s
+
+ 1701642240 bytes ( 1.6 G ) copied ( 53% ), 7 s, 230 M/s
+
+ 1728675840 bytes ( 1.6 G ) copied ( 54% ), 7 s, 231 M/s
+
+ 1755676672 bytes ( 1.6 G ) copied ( 55% ), 7 s, 231 M/s
+
+ 1774682112 bytes ( 1.7 G ) copied ( 55% ), 7 s, 230 M/s
+
+ 1796997120 bytes ( 1.7 G ) copied ( 56% ), 7 s, 230 M/s
+
+ 1824063488 bytes ( 1.7 G ) copied ( 57% ), 8 s, 230 M/s
+
+ 1850998784 bytes ( 1.7 G ) copied ( 57% ), 8 s, 231 M/s
+
+ 1873870848 bytes ( 1.7 G ) copied ( 58% ), 8 s, 231 M/s
+
+ 1898971136 bytes ( 1.8 G ) copied ( 59% ), 8 s, 231 M/s
+
+ 1922400256 bytes ( 1.8 G ) copied ( 60% ), 8 s, 231 M/s
+
+ 1949007872 bytes ( 1.8 G ) copied ( 61% ), 8 s, 231 M/s
+
+ 1973420032 bytes ( 1.8 G ) copied ( 61% ), 8 s, 231 M/s
+
+ 1996881920 bytes ( 1.9 G ) copied ( 62% ), 8 s, 231 M/s
+
+ 2020081664 bytes ( 1.9 G ) copied ( 63% ), 8 s, 231 M/s
+
+ 2046689280 bytes ( 1.9 G ) copied ( 64% ), 8 s, 231 M/s
+
+ 2075197440 bytes ( 1.9 G ) copied ( 64% ), 9 s, 231 M/s
+
+ 2099740672 bytes ( 2 G ) copied ( 65% ), 9 s, 231 M/s
+
+ 2123202560 bytes ( 2 G ) copied ( 66% ), 9 s, 231 M/s
+
+ 2151612416 bytes ( 2 G ) copied ( 67% ), 9 s, 232 M/s
+
+ 2177564672 bytes ( 2 G ) copied ( 68% ), 9 s, 232 M/s
+
+ 2201550848 bytes ( 2.1 G ) copied ( 68% ), 9 s, 232 M/s
+
+ 2225733632 bytes ( 2.1 G ) copied ( 69% ), 9 s, 232 M/s
+
+ 2253160448 bytes ( 2.1 G ) copied ( 70% ), 9 s, 232 M/s
+
+ 2277441536 bytes ( 2.1 G ) copied ( 71% ), 9 s, 232 M/s
+
+ 2301394944 bytes ( 2.1 G ) copied ( 71% ), 9 s, 232 M/s
+
+ 2325676032 bytes ( 2.2 G ) copied ( 72% ), 10 s, 232 M/s
+
+ 2353692672 bytes ( 2.2 G ) copied ( 73% ), 10 s, 232 M/s
+
+ 2380103680 bytes ( 2.2 G ) copied ( 74% ), 10 s, 233 M/s
+
+ 2404122624 bytes ( 2.2 G ) copied ( 75% ), 10 s, 233 M/s
+
+ 2431352832 bytes ( 2.3 G ) copied ( 75% ), 10 s, 233 M/s
+
+ 2458714112 bytes ( 2.3 G ) copied ( 76% ), 10 s, 233 M/s
+
+ 2482601984 bytes ( 2.3 G ) copied ( 77% ), 10 s, 233 M/s
+
+ 2505801728 bytes ( 2.3 G ) copied ( 78% ), 10 s, 233 M/s
+
+ 2530017280 bytes ( 2.4 G ) copied ( 79% ), 10 s, 233 M/s
+
+ 2555740160 bytes ( 2.4 G ) copied ( 79% ), 10 s, 233 M/s
+
+ 2579562496 bytes ( 2.4 G ) copied ( 80% ), 11 s, 233 M/s
+
+ 2601058304 bytes ( 2.4 G ) copied ( 81% ), 11 s, 233 M/s
+
+ 2615279616 bytes ( 2.4 G ) copied ( 81% ), 11 s, 232 M/s
+
+ 2626224128 bytes ( 2.4 G ) copied ( 82% ), 11 s, 231 M/s
+
+ 2638184448 bytes ( 2.5 G ) copied ( 82% ), 11 s, 229 M/s
+
+ 2653487104 bytes ( 2.5 G ) copied ( 82% ), 11 s, 229 M/s
+
+ 2672590848 bytes ( 2.5 G ) copied ( 83% ), 11 s, 228 M/s
+
+ 2693464064 bytes ( 2.5 G ) copied ( 84% ), 11 s, 228 M/s
+
+ 2718859264 bytes ( 2.5 G ) copied ( 84% ), 11 s, 228 M/s
+
+ 2744418304 bytes ( 2.6 G ) copied ( 85% ), 11 s, 228 M/s
+
+ 2761523200 bytes ( 2.6 G ) copied ( 86% ), 12 s, 228 M/s
+
+ 2780364800 bytes ( 2.6 G ) copied ( 86% ), 12 s, 227 M/s
+
+ 2804744192 bytes ( 2.6 G ) copied ( 87% ), 12 s, 227 M/s
+
+ 2827288576 bytes ( 2.6 G ) copied ( 88% ), 12 s, 227 M/s
+
+ 2849767424 bytes ( 2.7 G ) copied ( 88% ), 12 s, 227 M/s
+
+ 2871230464 bytes ( 2.7 G ) copied ( 89% ), 12 s, 227 M/s
+
+ 2893414400 bytes ( 2.7 G ) copied ( 90% ), 12 s, 227 M/s
+
+ 2914254848 bytes ( 2.7 G ) copied ( 90% ), 12 s, 227 M/s
+
+ 2938601472 bytes ( 2.7 G ) copied ( 91% ), 12 s, 227 M/s
+
+ 2964586496 bytes ( 2.8 G ) copied ( 92% ), 12 s, 227 M/s
+
+ 2988081152 bytes ( 2.8 G ) copied ( 93% ), 13 s, 227 M/s
+
+ 3012001792 bytes ( 2.8 G ) copied ( 94% ), 13 s, 227 M/s
+
+ 3038380032 bytes ( 2.8 G ) copied ( 94% ), 13 s, 227 M/s
+
+ 3063382016 bytes ( 2.9 G ) copied ( 95% ), 13 s, 227 M/s
+
+ 3088187392 bytes ( 2.9 G ) copied ( 96% ), 13 s, 227 M/s
+
+ 3113910272 bytes ( 2.9 G ) copied ( 97% ), 13 s, 227 M/s
+
+ 3137437696 bytes ( 2.9 G ) copied ( 97% ), 13 s, 227 M/s
+
+ 3160145920 bytes ( 2.9 G ) copied ( 98% ), 13 s, 227 M/s
+
+ 3184328704 bytes ( 3 G ) copied ( 99% ), 13 s, 227 M/s
+
+ 3208577024 bytes ( 3 G ) copied ( 100% ), 13 s, 227 M/s
+
+ 3221225472 bytes ( 3 G ) copied ( 100% ), 14 s, 226 M/s
+
+ 3221225472 bytes ( 3 G ) copied ( 100% ), 14 s, 226 M/s
+
+input results for device `/dev/loop1':
+ 6291456 sectors in
+ 0 bad sectors replaced by zeros
+ 2c9c0f5117cdc3e8f3b9156bb5eef7d9563f46b4e0e4e51123711d828c89e8a2 (sha256)
+
+output results for file `/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img':
+ 6291456 sectors out
+
+dc3dd completed at 2025-05-09 03:11:52 -0400
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:11:52.137822+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img | head -n 20`
+- Timestamp: `2025-05-09T07-13-09-028006+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
+
+#### Output:
+```
+[STDOUT]
+00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
+00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
+00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
+00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
+00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
+00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
+00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
+00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
+00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
+00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
+000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
+000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
+000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
+000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
+000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:13:09.054618+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo dcfldd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd.img hash=sha256 hashlog=usb_dcfldd.hash status=off errlog=usb_dcfldd.log`
+- Timestamp: `2025-05-09T07-15-58-157193+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `2f673332b624a1e8b049e9b0bdfe9c4782f98aa598588a983b1cca12a0433c64`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+98304+0 records in
+98304+0 records out
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:16:16.724835+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd.img | head -n 20`
+- Timestamp: `2025-05-09T07-17-24-431943+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
+
+#### Output:
+```
+[STDOUT]
+00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
+00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
+00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
+00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
+00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
+00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
+00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
+00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
+00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
+00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
+000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
+000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
+000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
+000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
+000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:17:24.460514+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-18-03-201283+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Aufgabe 2.2 beendet.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-18-26-494801+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Aufgabe 2.4 gestartet, 2.3 wird haendisch niedergeschrieben
+
+---
+
+### [+] Command: `Error opening image file (raw_open: file "/dev/loop1" - Permission denied)`
+- Timestamp: `2025-05-09T07-19-45-852848+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `b0546c981e99537e5a6a3fe7bc230ca5fb3dcec663695329cce6d0c6eeac7709`
+
+#### Output:
+```
+[!] Command failed:
+Error opening image file (raw_open: file "/dev/loop1" - Permission denied)
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:19:45.891807+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo fsstat /dev/loop1`
+- Timestamp: `2025-05-09T07-19-52-695798+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `377bc3ffe4760f092973bb1a77d97c33b11307bb392768fdcc6dd1a63fe91332`
+
+#### Output:
+```
+[STDOUT]
+FILE SYSTEM INFORMATION
+--------------------------------------------
+File System Type: FAT32
+
+OEM Name: mkfs.fat
+Volume ID: 0x3700c1ae
+Volume Label (Boot Sector): NO NAME
+Volume Label (Root Directory):
+File System Type Label: FAT32
+Next Free Sector (FS Info): 16920
+Free Sector Count (FS Info): 6274528
+
+Sectors before file system: 0
+
+File System Layout (in sectors)
+Total Range: 0 - 6291455
+* Reserved: 0 - 31
+** Boot Sector: 0
+** FS Info Sector: 1
+** Backup Boot Sector: 6
+* FAT 0: 32 - 6167
+* FAT 1: 6168 - 12303
+* Data Area: 12304 - 6291455
+** Cluster Area: 12304 - 6291455
+*** Root Directory: 12304 - 12311
+
+METADATA INFORMATION
+--------------------------------------------
+Range: 2 - 100466438
+Root Directory: 2
+
+CONTENT INFORMATION
+--------------------------------------------
+Sector Size: 512
+Cluster Size: 4096
+Total Cluster Range: 2 - 784895
+
+FAT CONTENTS (in sectors)
+--------------------------------------------
+12304-12311 (8) -> EOF
+12312-12695 (384) -> EOF
+12696-16895 (4200) -> EOF
+16896-16927 (32) -> EOF
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:19:52.802013+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-20-25-017861+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Es handelt sich also um FAT32
+
+---
+
+### [+] Timestamp: `2025-05-09T07-21-02-367502+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Nun zu Aufgabe 2.5, bei der wir mit speziellen Parametern arbeiten sollen
+
+---
+
+### [+] Command: `sudo dcfldd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd_with_extras.img hash=sha1 hashwindow=1M hashlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd_with_extras.hash status=on | head -n 20`
+- Timestamp: `2025-05-09T07-25-25-239093+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `1374dd6d0390e65da9cf0fa2f36c796c948bb1784f9dd33b35ab5650db6f27f4`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+
+256 blocks (8Mb) written.
+512 blocks (16Mb) written.
+768 blocks (24Mb) written.
+1024 blocks (32Mb) written.
+1280 blocks (40Mb) written.
+1536 blocks (48Mb) written.
+1792 blocks (56Mb) written.
+2048 blocks (64Mb) written.
+2304 blocks (72Mb) written.
+2560 blocks (80Mb) written.
+2816 blocks (88Mb) written.
+3072 blocks (96Mb) written.
+3328 blocks (104Mb) written.
+3584 blocks (112Mb) written.
+3840 blocks (120Mb) written.
+4096 blocks (128Mb) written.
+4352 blocks (136Mb) written.
+4608 blocks (144Mb) written.
+4864 blocks (152Mb) written.
+5120 blocks (160Mb) written.
+5376 blocks (168Mb) written.
+5632 blocks (176Mb) written.
+5888 blocks (184Mb) written.
+6144 blocks (192Mb) written.
+6400 blocks (200Mb) written.
+6656 blocks (208Mb) written.
+6912 blocks (216Mb) written.
+7168 blocks (224Mb) written.
+7424 blocks (232Mb) written.
+7680 blocks (240Mb) written.
+7936 blocks (248Mb) written.
+8192 blocks (256Mb) written.
+8448 blocks (264Mb) written.
+8704 blocks (272Mb) written.
+8960 blocks (280Mb) written.
+9216 blocks (288Mb) written.
+9472 blocks (296Mb) written.
+9728 blocks (304Mb) written.
+9984 blocks (312Mb) written.
+10240 blocks (320Mb) written.
+10496 blocks (328Mb) written.
+10752 blocks (336Mb) written.
+11008 blocks (344Mb) written.
+11264 blocks (352Mb) written.
+11520 blocks (360Mb) written.
+11776 blocks (368Mb) written.
+12032 blocks (376Mb) written.
+12288 blocks (384Mb) written.
+12544 blocks (392Mb) written.
+12800 blocks (400Mb) written.
+13056 blocks (408Mb) written.
+13312 blocks (416Mb) written.
+13568 blocks (424Mb) written.
+13824 blocks (432Mb) written.
+14080 blocks (440Mb) written.
+14336 blocks (448Mb) written.
+14592 blocks (456Mb) written.
+14848 blocks (464Mb) written.
+15104 blocks (472Mb) written.
+15360 blocks (480Mb) written.
+15616 blocks (488Mb) written.
+15872 blocks (496Mb) written.
+16128 blocks (504Mb) written.
+16384 blocks (512Mb) written.
+16640 blocks (520Mb) written.
+16896 blocks (528Mb) written.
+17152 blocks (536Mb) written.
+17408 blocks (544Mb) written.
+17664 blocks (552Mb) written.
+17920 blocks (560Mb) written.
+18176 blocks (568Mb) written.
+18432 blocks (576Mb) written.
+18688 blocks (584Mb) written.
+18944 blocks (592Mb) written.
+19200 blocks (600Mb) written.
+19456 blocks (608Mb) written.
+19712 blocks (616Mb) written.
+19968 blocks (624Mb) written.
+20224 blocks (632Mb) written.
+20480 blocks (640Mb) written.
+20736 blocks (648Mb) written.
+20992 blocks (656Mb) written.
+21248 blocks (664Mb) written.
+21504 blocks (672Mb) written.
+21760 blocks (680Mb) written.
+22016 blocks (688Mb) written.
+22272 blocks (696Mb) written.
+22528 blocks (704Mb) written.
+22784 blocks (712Mb) written.
+23040 blocks (720Mb) written.
+23296 blocks (728Mb) written.
+23552 blocks (736Mb) written.
+23808 blocks (744Mb) written.
+24064 blocks (752Mb) written.
+24320 blocks (760Mb) written.
+24576 blocks (768Mb) written.
+24832 blocks (776Mb) written.
+25088 blocks (784Mb) written.
+25344 blocks (792Mb) written.
+25600 blocks (800Mb) written.
+25856 blocks (808Mb) written.
+26112 blocks (816Mb) written.
+26368 blocks (824Mb) written.
+26624 blocks (832Mb) written.
+26880 blocks (840Mb) written.
+27136 blocks (848Mb) written.
+27392 blocks (856Mb) written.
+27648 blocks (864Mb) written.
+27904 blocks (872Mb) written.
+28160 blocks (880Mb) written.
+28416 blocks (888Mb) written.
+28672 blocks (896Mb) written.
+28928 blocks (904Mb) written.
+29184 blocks (912Mb) written.
+29440 blocks (920Mb) written.
+29696 blocks (928Mb) written.
+29952 blocks (936Mb) written.
+30208 blocks (944Mb) written.
+30464 blocks (952Mb) written.
+30720 blocks (960Mb) written.
+30976 blocks (968Mb) written.
+31232 blocks (976Mb) written.
+31488 blocks (984Mb) written.
+31744 blocks (992Mb) written.
+32000 blocks (1000Mb) written.
+32256 blocks (1008Mb) written.
+32512 blocks (1016Mb) written.
+32768 blocks (1024Mb) written.
+33024 blocks (1032Mb) written.
+33280 blocks (1040Mb) written.
+33536 blocks (1048Mb) written.
+33792 blocks (1056Mb) written.
+34048 blocks (1064Mb) written.
+34304 blocks (1072Mb) written.
+34560 blocks (1080Mb) written.
+34816 blocks (1088Mb) written.
+35072 blocks (1096Mb) written.
+35328 blocks (1104Mb) written.
+35584 blocks (1112Mb) written.
+35840 blocks (1120Mb) written.
+36096 blocks (1128Mb) written.
+36352 blocks (1136Mb) written.
+36608 blocks (1144Mb) written.
+36864 blocks (1152Mb) written.
+37120 blocks (1160Mb) written.
+37376 blocks (1168Mb) written.
+37632 blocks (1176Mb) written.
+37888 blocks (1184Mb) written.
+38144 blocks (1192Mb) written.
+38400 blocks (1200Mb) written.
+38656 blocks (1208Mb) written.
+38912 blocks (1216Mb) written.
+39168 blocks (1224Mb) written.
+39424 blocks (1232Mb) written.
+39680 blocks (1240Mb) written.
+39936 blocks (1248Mb) written.
+40192 blocks (1256Mb) written.
+40448 blocks (1264Mb) written.
+40704 blocks (1272Mb) written.
+40960 blocks (1280Mb) written.
+41216 blocks (1288Mb) written.
+41472 blocks (1296Mb) written.
+41728 blocks (1304Mb) written.
+41984 blocks (1312Mb) written.
+42240 blocks (1320Mb) written.
+42496 blocks (1328Mb) written.
+42752 blocks (1336Mb) written.
+43008 blocks (1344Mb) written.
+43264 blocks (1352Mb) written.
+43520 blocks (1360Mb) written.
+43776 blocks (1368Mb) written.
+44032 blocks (1376Mb) written.
+44288 blocks (1384Mb) written.
+44544 blocks (1392Mb) written.
+44800 blocks (1400Mb) written.
+45056 blocks (1408Mb) written.
+45312 blocks (1416Mb) written.
+45568 blocks (1424Mb) written.
+45824 blocks (1432Mb) written.
+46080 blocks (1440Mb) written.
+46336 blocks (1448Mb) written.
+46592 blocks (1456Mb) written.
+46848 blocks (1464Mb) written.
+47104 blocks (1472Mb) written.
+47360 blocks (1480Mb) written.
+47616 blocks (1488Mb) written.
+47872 blocks (1496Mb) written.
+48128 blocks (1504Mb) written.
+48384 blocks (1512Mb) written.
+48640 blocks (1520Mb) written.
+48896 blocks (1528Mb) written.
+49152 blocks (1536Mb) written.
+49408 blocks (1544Mb) written.
+49664 blocks (1552Mb) written.
+49920 blocks (1560Mb) written.
+50176 blocks (1568Mb) written.
+50432 blocks (1576Mb) written.
+50688 blocks (1584Mb) written.
+50944 blocks (1592Mb) written.
+51200 blocks (1600Mb) written.
+51456 blocks (1608Mb) written.
+51712 blocks (1616Mb) written.
+51968 blocks (1624Mb) written.
+52224 blocks (1632Mb) written.
+52480 blocks (1640Mb) written.
+52736 blocks (1648Mb) written.
+52992 blocks (1656Mb) written.
+53248 blocks (1664Mb) written.
+53504 blocks (1672Mb) written.
+53760 blocks (1680Mb) written.
+54016 blocks (1688Mb) written.
+54272 blocks (1696Mb) written.
+54528 blocks (1704Mb) written.
+54784 blocks (1712Mb) written.
+55040 blocks (1720Mb) written.
+55296 blocks (1728Mb) written.
+55552 blocks (1736Mb) written.
+55808 blocks (1744Mb) written.
+56064 blocks (1752Mb) written.
+56320 blocks (1760Mb) written.
+56576 blocks (1768Mb) written.
+56832 blocks (1776Mb) written.
+57088 blocks (1784Mb) written.
+57344 blocks (1792Mb) written.
+57600 blocks (1800Mb) written.
+57856 blocks (1808Mb) written.
+58112 blocks (1816Mb) written.
+58368 blocks (1824Mb) written.
+58624 blocks (1832Mb) written.
+58880 blocks (1840Mb) written.
+59136 blocks (1848Mb) written.
+59392 blocks (1856Mb) written.
+59648 blocks (1864Mb) written.
+59904 blocks (1872Mb) written.
+60160 blocks (1880Mb) written.
+60416 blocks (1888Mb) written.
+60672 blocks (1896Mb) written.
+60928 blocks (1904Mb) written.
+61184 blocks (1912Mb) written.
+61440 blocks (1920Mb) written.
+61696 blocks (1928Mb) written.
+61952 blocks (1936Mb) written.
+62208 blocks (1944Mb) written.
+62464 blocks (1952Mb) written.
+62720 blocks (1960Mb) written.
+62976 blocks (1968Mb) written.
+63232 blocks (1976Mb) written.
+63488 blocks (1984Mb) written.
+63744 blocks (1992Mb) written.
+64000 blocks (2000Mb) written.
+64256 blocks (2008Mb) written.
+64512 blocks (2016Mb) written.
+64768 blocks (2024Mb) written.
+65024 blocks (2032Mb) written.
+65280 blocks (2040Mb) written.
+65536 blocks (2048Mb) written.
+65792 blocks (2056Mb) written.
+66048 blocks (2064Mb) written.
+66304 blocks (2072Mb) written.
+66560 blocks (2080Mb) written.
+66816 blocks (2088Mb) written.
+67072 blocks (2096Mb) written.
+67328 blocks (2104Mb) written.
+67584 blocks (2112Mb) written.
+67840 blocks (2120Mb) written.
+68096 blocks (2128Mb) written.
+68352 blocks (2136Mb) written.
+68608 blocks (2144Mb) written.
+68864 blocks (2152Mb) written.
+69120 blocks (2160Mb) written.
+69376 blocks (2168Mb) written.
+69632 blocks (2176Mb) written.
+69888 blocks (2184Mb) written.
+70144 blocks (2192Mb) written.
+70400 blocks (2200Mb) written.
+70656 blocks (2208Mb) written.
+70912 blocks (2216Mb) written.
+71168 blocks (2224Mb) written.
+71424 blocks (2232Mb) written.
+71680 blocks (2240Mb) written.
+71936 blocks (2248Mb) written.
+72192 blocks (2256Mb) written.
+72448 blocks (2264Mb) written.
+72704 blocks (2272Mb) written.
+72960 blocks (2280Mb) written.
+73216 blocks (2288Mb) written.
+73472 blocks (2296Mb) written.
+73728 blocks (2304Mb) written.
+73984 blocks (2312Mb) written.
+74240 blocks (2320Mb) written.
+74496 blocks (2328Mb) written.
+74752 blocks (2336Mb) written.
+75008 blocks (2344Mb) written.
+75264 blocks (2352Mb) written.
+75520 blocks (2360Mb) written.
+75776 blocks (2368Mb) written.
+76032 blocks (2376Mb) written.
+76288 blocks (2384Mb) written.
+76544 blocks (2392Mb) written.
+76800 blocks (2400Mb) written.
+77056 blocks (2408Mb) written.
+77312 blocks (2416Mb) written.
+77568 blocks (2424Mb) written.
+77824 blocks (2432Mb) written.
+78080 blocks (2440Mb) written.
+78336 blocks (2448Mb) written.
+78592 blocks (2456Mb) written.
+78848 blocks (2464Mb) written.
+79104 blocks (2472Mb) written.
+79360 blocks (2480Mb) written.
+79616 blocks (2488Mb) written.
+79872 blocks (2496Mb) written.
+80128 blocks (2504Mb) written.
+80384 blocks (2512Mb) written.
+80640 blocks (2520Mb) written.
+80896 blocks (2528Mb) written.
+81152 blocks (2536Mb) written.
+81408 blocks (2544Mb) written.
+81664 blocks (2552Mb) written.
+81920 blocks (2560Mb) written.
+82176 blocks (2568Mb) written.
+82432 blocks (2576Mb) written.
+82688 blocks (2584Mb) written.
+82944 blocks (2592Mb) written.
+83200 blocks (2600Mb) written.
+83456 blocks (2608Mb) written.
+83712 blocks (2616Mb) written.
+83968 blocks (2624Mb) written.
+84224 blocks (2632Mb) written.
+84480 blocks (2640Mb) written.
+84736 blocks (2648Mb) written.
+84992 blocks (2656Mb) written.
+85248 blocks (2664Mb) written.
+85504 blocks (2672Mb) written.
+85760 blocks (2680Mb) written.
+86016 blocks (2688Mb) written.
+86272 blocks (2696Mb) written.
+86528 blocks (2704Mb) written.
+86784 blocks (2712Mb) written.
+87040 blocks (2720Mb) written.
+87296 blocks (2728Mb) written.
+87552 blocks (2736Mb) written.
+87808 blocks (2744Mb) written.
+88064 blocks (2752Mb) written.
+88320 blocks (2760Mb) written.
+88576 blocks (2768Mb) written.
+88832 blocks (2776Mb) written.
+89088 blocks (2784Mb) written.
+89344 blocks (2792Mb) written.
+89600 blocks (2800Mb) written.
+89856 blocks (2808Mb) written.
+90112 blocks (2816Mb) written.
+90368 blocks (2824Mb) written.
+90624 blocks (2832Mb) written.
+90880 blocks (2840Mb) written.
+91136 blocks (2848Mb) written.
+91392 blocks (2856Mb) written.
+91648 blocks (2864Mb) written.
+91904 blocks (2872Mb) written.
+92160 blocks (2880Mb) written.
+92416 blocks (2888Mb) written.
+92672 blocks (2896Mb) written.
+92928 blocks (2904Mb) written.
+93184 blocks (2912Mb) written.
+93440 blocks (2920Mb) written.
+93696 blocks (2928Mb) written.
+93952 blocks (2936Mb) written.
+94208 blocks (2944Mb) written.
+94464 blocks (2952Mb) written.
+94720 blocks (2960Mb) written.
+94976 blocks (2968Mb) written.
+95232 blocks (2976Mb) written.
+95488 blocks (2984Mb) written.
+95744 blocks (2992Mb) written.
+96000 blocks (3000Mb) written.
+96256 blocks (3008Mb) written.
+96512 blocks (3016Mb) written.
+96768 blocks (3024Mb) written.
+97024 blocks (3032Mb) written.
+97280 blocks (3040Mb) written.
+97536 blocks (3048Mb) written.
+97792 blocks (3056Mb) written.
+98048 blocks (3064Mb) written.
+98304 blocks (3072Mb) written.
+98304+0 records in
+98304+0 records out
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:25:54.424666+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-26-30-741366+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Weiter zu Aufgabe 2.6
+
+---
+
+### [+] Timestamp: `2025-05-09T07-34-19-247795+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Wir werden nun zunaechst die Datei-Inhalte mit fls auflisten
+
+---
+
+### [+] Command: `sudo fls -r -m / /dev/loop1`
+- Timestamp: `2025-05-09T07-35-04-342626+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `6450c6a6b404c0b2b9be24ce2d37798162b9de4c921eb38727ccb12deabf1a56`
+
+#### Output:
+```
+[STDOUT]
+0|/Bild1.jpg|4|r/rrwxrwxrwx|0|0|192827|1652068800|1652124148|0|1652124149
+0|/Bild2.jpeg|6|r/rrwxrwxrwx|0|0|2148214|1652068800|1652124160|0|1652124161
+0|/Blue.png|8|r/rrwxrwxrwx|0|0|15540|1652068800|1652125932|0|1652125933
+0|/$MBR|100466435|v/v---------|0|0|512|0|0|0|0
+0|/$FAT1|100466436|v/v---------|0|0|3141632|0|0|0|0
+0|/$FAT2|100466437|v/v---------|0|0|3141632|0|0|0|0
+0|/$OrphanFiles|100466438|V/V---------|0|0|0|0|0|0|0
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:35:08.857575+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `Invalid metadata address (fatxxfs_inode_lookup: 192827 is not an inode)`
+- Timestamp: `2025-05-09T07-38-10-193453+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `7b36f3a2e00ddafa7c0ff65c621f6122baffcaac0e736d3ade5b12267d2b0be5`
+
+#### Output:
+```
+[!] Command failed:
+Invalid metadata address (fatxxfs_inode_lookup: 192827 is not an inode)
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:38:10.263484+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-39-18-001829+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Korrektur, wir werden nun die l-Flag verwenden um von fls die korrekten lnodes zu erhalten
+
+---
+
+### [+] Command: `sudo fls -o 0 -f fat -l /dev/loop1`
+- Timestamp: `2025-05-09T07-39-42-150112+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `217b465c426599228c3b679340e8d577acbc010137f84498d4188360a80f65be`
+
+#### Output:
+```
+[STDOUT]
+r/r 4: Bild1.jpg 2022-05-09 15:22:28 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:22:29 (EDT) 192827 0 0
+r/r 6: Bild2.jpeg 2022-05-09 15:22:40 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:22:41 (EDT) 2148214 0 0
+r/r 8: Blue.png 2022-05-09 15:52:12 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:52:13 (EDT) 15540 0 0
+v/v 100466435: $MBR 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 512 0 0
+v/v 100466436: $FAT1 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 3141632 0 0
+v/v 100466437: $FAT2 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 3141632 0 0
+V/V 100466438: $OrphanFiles 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0 0 0
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:39:42.188633+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-40-34-472272+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Nun koennen wir die gefundenen Dateien mit icat extrahieren
+
+---
+
+### [+] Command: `sudo icat /dev/loop1 4 > /home/kali/Documents/analysis-station/Uebung_04/Bild1.jpg`
+- Timestamp: `2025-05-09T07-40-41-860969+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:40:41.915848+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo icat /dev/loop1 6 > /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpeg`
+- Timestamp: `2025-05-09T07-40-57-935742+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:40:57.991781+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo icat /dev/loop1 8 > /home/kali/Documents/analysis-station/Uebung_04/Blue.png`
+- Timestamp: `2025-05-09T07-41-14-892023+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:41:14.943345+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-41-34-889472+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Nun berechnen wir zur Kontrolle die Hashes
+
+---
+
+### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Bild1.jpg > /home/kali/Documents/analysis-station/Uebung_04/Bild1.hash`
+- Timestamp: `2025-05-09T07-42-06-112318+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:42:06.128482+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sha256sum: /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpg: No such file or directory`
+- Timestamp: `2025-05-09T07-42-27-257676+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `f2df0d991d210ebde33c1eba9038bc0c61a2fc70964881812fe8a3bbe2746ebb`
+
+#### Output:
+```
+[!] Command failed:
+sha256sum: /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpg: No such file or directory
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:42:27.270390+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpeg > /home/kali/Documents/analysis-station/Uebung_04/Bild2.hash`
+- Timestamp: `2025-05-09T07-42-52-845786+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:42:52.863339+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Blue.png > /home/kali/Documents/analysis-station/Uebung_04/Blue.hash`
+- Timestamp: `2025-05-09T07-43-19-290292+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:43:19.303093+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Timestamp: `2025-05-09T07-44-13-453381+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Wir fanden drei Bilder bisher, zwei von einem Adler oder Falken und ein blaues Bild
+
+---
+
+### [+] Timestamp: `2025-05-09T07-47-53-499583+00-00`
+#### [+] Comment from analyst: Max Mustermann
+
+#### [+] Content:
+Wir fanden ausserdem Hinweise auf verwaiste Dateien, wir werden das untersuchen, da wir den PIN noch nicht gefunden haben.
+
+---
+
+### [+] Command: `sudo fls -r -o 0 -f fat /dev/loop1 100466438`
+- Timestamp: `2025-05-09T07-48-03-381375+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:48:08.005654+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo losetup -d /dev/loop0`
+- Timestamp: `2025-05-09T07-56-25-044550+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:56:27.046275+00:00
+
+[x] No specific explanation found.
+
+---
+
+### [+] Command: `sudo losetup -d /dev/loop1`
+- Timestamp: `2025-05-09T07-56-32-230410+00-00`
+- GPG-signature: [+] Valid
+- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
+
+#### Output:
+```
+[STDOUT]
+
+[STDERR]
+```
+
+#### Context:
+**Analyst:** Max Mustermann
+**Timestamp:** 2025-05-09T07:56:32.256258+00:00
+
+[x] No specific explanation found.
+
+## [+] GPG-Overview
+Each `.log`-file was digitally signed with GPG where applicable.
+The signature status is documented per command.
+
+
+
+----
+
+## 3. Ergebnisse
+
+Der USB-Stick enthielt drei Bilddateien, zwei zeigen einen Adler und das dritte zeigt vollständig das kräftige Blau des Logos der Hochschule Mannheim.
+Von der Handy-PIN konnten wir nichts entdecken.
+
+---
+### 4. Verwendete Quellen
+[1]
+[2]
+[3]