From bd6f83a8bd66d8edb8554a754911f28efb31d245 Mon Sep 17 00:00:00 2001
From: Markus Winklhofer <3008816@stud.hs-mannheim.de>
Date: Mon, 2 Jun 2025 22:50:28 +0200
Subject: [PATCH] entfernen alter Dokumente
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Befundsdokumentation wurde überarbeitet
---
...sausarbeitung Übungsblatt 4 - Aufgabe 2.md | 1651 -----------------
1 file changed, 1651 deletions(-)
delete mode 100644 uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md
diff --git a/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md b/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md
deleted file mode 100644
index b932287..0000000
--- a/uebung_04/Dokumentationsausarbeitung Übungsblatt 4 - Aufgabe 2.md
+++ /dev/null
@@ -1,1651 +0,0 @@
----
-banner:
----
-# **Übungsaufgabe** 4 - 2
-
- Team: 13
-Bearbeiter: 3009728 | 3026182 | 3019335 | 3008816
-Datum der Erstellung: 09.05.2025
-
----
-
-# Nicht-technische Zusammenfassung
-
-> Eine für Laien verständliche Zusammenfassung der Untersuchung und der wichtigsten Erkenntnisse.
-
-Wir untersuchten in dieser Aufgabe das digitale Abbild eines USB-Sticks, den wir auf Inhalte und mutmaßlich eine Handy-PIN hin untersuchen sollten.
-Hierbei fanden wir mehrere Bilder, die jedoch keinen Bezug zum PIN aufzeigten - selbigen konnten wir nicht recovern.
-
----
-
-# Technischer Bericht
-
-## 1. Übersicht der analysierten Daten
-
-| Datenquelle | Typ | Datentyp | Größe | Hash (SHA256) |
-| -------------------- | ---------- | -------- | ----- | ----------------------------------------------------------------- |
-| ~/Downloads/vUSB.img | Disk-image | Image | 3.1GB | 2c9c0f5117cdc3e8f3b9156bb5eef7d95 63f46b4e0e4e51123711d828c89e8a2 |
-| Bild1.jpg | Bild | .jpg | | d2cc34b1613360da8fe39bd9f95e0749f0d48acc9396d37139b5624ab7655363 |
-| Bild2.jpeg | Bild | .jpeg | | 01b8a6d33ba74fec3a5e04fdd3d52f9738bd97d9d3c97c043955e1bd6bc39a92 |
-| Blue.png | Bild | .png | | efc4cbf142fdfe55d5695fe02240cd1f0782e086ce5490f1b65e398c3279b375 |
-
-## 2. Chronologisches Analyseprotokoll
-
-> **Jede Terminal-Eingabe mit zugehörigem Befehl, Zeitstempel, GPG-Signatur, Hash-Wert, Ausgabe, Kontext und (falls vorhanden) rechtlicher Erklärung .**
-
-## [++] Timeline of Commands and Comments
-
-### [+] Timestamp: `2025-05-09T06-48-10-588708+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Aufgabe 2.1: Verwenden Sie die Datei vUSB.zip und entpacken Sie diese (z.B. mit 7zip)
-
----
-
-### [+] Command: `7z x /home/kali/Downloads/vUSB.zip -o/home/kali/Documents/analysis-station/Uebung_04`
-- Timestamp: `2025-05-09T06-50-15-117272+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `e11182132e7dbcf323278e3f318b991e0ebf352fb3d67d9b28cdb34a48872f1e`
-
-#### Output:
-```
-[STDOUT]
-
-7-Zip 24.09 (x64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29
- 64-bit locale=en_US.UTF-8 Threads:32 OPEN_MAX:1024, ASM
-
-Scanning the drive for archives:
-1 file, 5484894 bytes (5357 KiB)
-
-Extracting archive: /home/kali/Downloads/vUSB.zip
---
-Path = /home/kali/Downloads/vUSB.zip
-Type = zip
-Physical Size = 5484894
-
-Everything is Ok
-
-Size: 3221225472
-Compressed: 5484894
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T06:50:24.148849+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `mkdir -p /home/kali/Documents/analysis-station/Uebung_04/mnt`
-- Timestamp: `2025-05-09T06-50-30-811874+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T06:50:30.823656+00:00
-
-`mkdir` creates a directory. In forensic workflows, it is often used to prepare target folders for mounts or exported data.
-
-
-The `-p` option ensures that parent directories are created as needed. It also avoids errors if the target directory already exists.
-
----
-
-### [+] Command: `xxd /home/kali/Documents/analysis-station/Uebung_04/vUSB.img | head -n 20`
-- Timestamp: `2025-05-09T06-51-12-136535+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
-
-#### Output:
-```
-[STDOUT]
-00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
-00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
-00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
-00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
-00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
-00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
-00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
-00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
-00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
-00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
-000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
-000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
-000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
-000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
-000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T06:51:12.146934+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T06-51-41-886735+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Scheint nicht beschaedigt und alles in Ordnung. Aufgabe beendet.
-
----
-
-### [+] Timestamp: `2025-05-09T06-52-31-932154+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Aufgabe 2.2 wird gestartet.
-
----
-
-### [+] Command: `sudo losetup --find --show /home/kali/Documents/analysis-station/Uebung_04/vUSB.img`
-- Timestamp: `2025-05-09T06-59-28-055316+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `7a14c39a9aeb23bd6c1fc88585770ac22b4dc1c9866b9ec193e8139edcdaaba5`
-
-#### Output:
-```
-[STDOUT]
-/dev/loop1
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T06:59:31.596821+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-04-57-689819+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Aufgabe 2.2: Nun sollen Sicherungen mit drei Tools angelegt werden, dd, dc3dd, dcfldd
-
----
-
-### [+] Command: `lsblk /dev/loop1`
-- Timestamp: `2025-05-09T07-05-14-970891+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `8747b45e208ba4c685e955d88b42a408e5db35dc8615d8df33f7de2a9f05f017`
-
-#### Output:
-```
-[STDOUT]
-NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
-loop1 7:1 0 3G 0 loop
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:05:14.981961+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `xxd /dev/loop1 | head -n 20`
-- Timestamp: `2025-05-09T07-05-37-507814+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `5966732467316f16861af4b32af89947d5678807c341a60bf6e55acf00a7b5f5`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-xxd: /dev/loop1: Permission denied
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:05:37.517842+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo xxd /dev/loop1 | head -n 20`
-- Timestamp: `2025-05-09T07-05-44-461670+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
-
-#### Output:
-```
-[STDOUT]
-00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
-00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
-00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
-00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
-00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
-00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
-00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
-00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
-00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
-00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
-000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
-000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
-000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
-000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
-000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:05:44.488574+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dd.img status=progress`
-- Timestamp: `2025-05-09T07-07-01-946380+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `8d6621d3df568cde9986badb67542b72d458ffafd95dc1bd1e584fc02bd1efe8`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-
-165536256 bytes (166 MB, 158 MiB) copied, 1 s, 166 MB/s
-341011968 bytes (341 MB, 325 MiB) copied, 2 s, 171 MB/s
-516391424 bytes (516 MB, 492 MiB) copied, 3 s, 172 MB/s
-689598464 bytes (690 MB, 658 MiB) copied, 4 s, 172 MB/s
-868729344 bytes (869 MB, 828 MiB) copied, 5 s, 174 MB/s
-1046550016 bytes (1.0 GB, 998 MiB) copied, 6 s, 174 MB/s
-1214092800 bytes (1.2 GB, 1.1 GiB) copied, 7 s, 173 MB/s
-1395514880 bytes (1.4 GB, 1.3 GiB) copied, 8 s, 174 MB/s
-1565343744 bytes (1.6 GB, 1.5 GiB) copied, 9 s, 174 MB/s
-1744128512 bytes (1.7 GB, 1.6 GiB) copied, 10 s, 174 MB/s
-1919242240 bytes (1.9 GB, 1.8 GiB) copied, 11 s, 174 MB/s
-2095894528 bytes (2.1 GB, 2.0 GiB) copied, 12 s, 175 MB/s
-2275668480 bytes (2.3 GB, 2.1 GiB) copied, 13 s, 175 MB/s
-2448216064 bytes (2.4 GB, 2.3 GiB) copied, 14 s, 175 MB/s
-2624709120 bytes (2.6 GB, 2.4 GiB) copied, 15 s, 175 MB/s
-2798371328 bytes (2.8 GB, 2.6 GiB) copied, 16 s, 175 MB/s
-2970781184 bytes (3.0 GB, 2.8 GiB) copied, 17 s, 175 MB/s
-3151798784 bytes (3.2 GB, 2.9 GiB) copied, 18 s, 175 MB/s
-6291456+0 records in
-6291456+0 records out
-3221225472 bytes (3.2 GB, 3.0 GiB) copied, 18.5111 s, 174 MB/s
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:07:20.489457+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_u4/usb_dd.img | head -n 20`
-- Timestamp: `2025-05-09T07-07-59-269675+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `c915b705c72f6c41ea9a2edce649ea3a7038bbb6ad35c7a7617f603a861ce35e`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-xxd: /home/kali/Documents/analysis-station/Uebung_u4/usb_dd.img: No such file or directory
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:07:59.304707+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dd.img | head -n 20`
-- Timestamp: `2025-05-09T07-08-14-777981+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
-
-#### Output:
-```
-[STDOUT]
-00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
-00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
-00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
-00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
-00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
-00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
-00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
-00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
-00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
-00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
-000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
-000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
-000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
-000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
-000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:08:14.806240+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo dc3dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img hash=sha256 hlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.hash`
-- Timestamp: `2025-05-09T07-11-38-528356+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `1123e734545cfe4e6d8bce1dc80749d9de1a30dba2b7e1ca6ec9c99517ea3628`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-
-dc3dd 7.3.1 started at 2025-05-09 03:11:38 -0400
-compiled options:
-command line dc3dd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img hash=sha256 hlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.hash
-device size: 6291456 sectors (probed), 3,221,225,472 bytes
-sector size: 512 bytes (probed)
-
- 18415616 bytes ( 18 M ) copied ( 1% ), 0 s, 171 M/s
-
- 41975808 bytes ( 40 M ) copied ( 1% ), 0 s, 197 M/s
-
- 67993600 bytes ( 65 M ) copied ( 2% ), 0 s, 214 M/s
-
- 91521024 bytes ( 87 M ) copied ( 3% ), 0 s, 216 M/s
-
- 115179520 bytes ( 110 M ) copied ( 4% ), 1 s, 218 M/s
-
- 138215424 bytes ( 132 M ) copied ( 4% ), 1 s, 218 M/s
-
- 163020800 bytes ( 155 M ) copied ( 5% ), 1 s, 220 M/s
-
- 187367424 bytes ( 179 M ) copied ( 6% ), 1 s, 222 M/s
-
- 211746816 bytes ( 202 M ) copied ( 7% ), 1 s, 223 M/s
-
- 235929600 bytes ( 225 M ) copied ( 7% ), 1 s, 224 M/s
-
- 260210688 bytes ( 248 M ) copied ( 8% ), 1 s, 224 M/s
-
- 284000256 bytes ( 271 M ) copied ( 9% ), 1 s, 224 M/s
-
- 305004544 bytes ( 291 M ) copied ( 9% ), 1 s, 223 M/s
-
- 329613312 bytes ( 314 M ) copied ( 10% ), 1 s, 223 M/s
-
- 354451456 bytes ( 338 M ) copied ( 11% ), 2 s, 224 M/s
-
- 376569856 bytes ( 359 M ) copied ( 12% ), 2 s, 223 M/s
-
- 402685952 bytes ( 384 M ) copied ( 13% ), 2 s, 225 M/s
-
- 426508288 bytes ( 407 M ) copied ( 13% ), 2 s, 225 M/s
-
- 450134016 bytes ( 429 M ) copied ( 14% ), 2 s, 225 M/s
-
- 473038848 bytes ( 451 M ) copied ( 15% ), 2 s, 224 M/s
-
- 498794496 bytes ( 476 M ) copied ( 15% ), 2 s, 225 M/s
-
- 523894784 bytes ( 500 M ) copied ( 16% ), 2 s, 226 M/s
-
- 542081024 bytes ( 517 M ) copied ( 17% ), 2 s, 224 M/s
-
- 569016320 bytes ( 543 M ) copied ( 18% ), 2 s, 225 M/s
-
- 596836352 bytes ( 569 M ) copied ( 19% ), 3 s, 227 M/s
-
- 624721920 bytes ( 596 M ) copied ( 19% ), 3 s, 228 M/s
-
- 652443648 bytes ( 622 M ) copied ( 20% ), 3 s, 229 M/s
-
- 675774464 bytes ( 644 M ) copied ( 21% ), 3 s, 229 M/s
-
- 698155008 bytes ( 666 M ) copied ( 22% ), 3 s, 228 M/s
-
- 717357056 bytes ( 684 M ) copied ( 22% ), 3 s, 227 M/s
-
- 738295808 bytes ( 704 M ) copied ( 23% ), 3 s, 226 M/s
-
- 759660544 bytes ( 724 M ) copied ( 24% ), 3 s, 225 M/s
-
- 785088512 bytes ( 749 M ) copied ( 24% ), 3 s, 226 M/s
-
- 809500672 bytes ( 772 M ) copied ( 25% ), 3 s, 226 M/s
-
- 834994176 bytes ( 796 M ) copied ( 26% ), 4 s, 226 M/s
-
- 860815360 bytes ( 821 M ) copied ( 27% ), 4 s, 227 M/s
-
- 884801536 bytes ( 844 M ) copied ( 27% ), 4 s, 227 M/s
-
- 907345920 bytes ( 865 M ) copied ( 28% ), 4 s, 227 M/s
-
- 925728768 bytes ( 883 M ) copied ( 29% ), 4 s, 225 M/s
-
- 950468608 bytes ( 906 M ) copied ( 30% ), 4 s, 225 M/s
-
- 978518016 bytes ( 933 M ) copied ( 30% ), 4 s, 226 M/s
-
- 1006174208 bytes ( 960 M ) copied ( 31% ), 4 s, 227 M/s
-
- 1034223616 bytes ( 986 M ) copied ( 32% ), 4 s, 228 M/s
-
- 1062371328 bytes ( 1013 M ) copied ( 33% ), 4 s, 229 M/s
-
- 1090453504 bytes ( 1 G ) copied ( 34% ), 5 s, 230 M/s
-
- 1116405760 bytes ( 1 G ) copied ( 35% ), 5 s, 230 M/s
-
- 1143341056 bytes ( 1.1 G ) copied ( 35% ), 5 s, 231 M/s
-
- 1168408576 bytes ( 1.1 G ) copied ( 36% ), 5 s, 231 M/s
-
- 1180303360 bytes ( 1.1 G ) copied ( 37% ), 5 s, 228 M/s
-
- 1195081728 bytes ( 1.1 G ) copied ( 37% ), 5 s, 227 M/s
-
- 1220739072 bytes ( 1.1 G ) copied ( 38% ), 5 s, 227 M/s
-
- 1248067584 bytes ( 1.2 G ) copied ( 39% ), 5 s, 227 M/s
-
- 1274937344 bytes ( 1.2 G ) copied ( 40% ), 5 s, 228 M/s
-
- 1301872640 bytes ( 1.2 G ) copied ( 40% ), 5 s, 228 M/s
-
- 1326907392 bytes ( 1.2 G ) copied ( 41% ), 6 s, 229 M/s
-
- 1349844992 bytes ( 1.3 G ) copied ( 42% ), 6 s, 228 M/s
-
- 1374388224 bytes ( 1.3 G ) copied ( 43% ), 6 s, 228 M/s
-
- 1396637696 bytes ( 1.3 G ) copied ( 43% ), 6 s, 228 M/s
-
- 1420328960 bytes ( 1.3 G ) copied ( 44% ), 6 s, 228 M/s
-
- 1443758080 bytes ( 1.3 G ) copied ( 45% ), 6 s, 228 M/s
-
- 1468891136 bytes ( 1.4 G ) copied ( 46% ), 6 s, 228 M/s
-
- 1493794816 bytes ( 1.4 G ) copied ( 46% ), 6 s, 228 M/s
-
- 1514012672 bytes ( 1.4 G ) copied ( 47% ), 6 s, 228 M/s
-
- 1542815744 bytes ( 1.4 G ) copied ( 48% ), 6 s, 228 M/s
-
- 1570963456 bytes ( 1.5 G ) copied ( 49% ), 7 s, 229 M/s
-
- 1597440000 bytes ( 1.5 G ) copied ( 50% ), 7 s, 229 M/s
-
- 1623031808 bytes ( 1.5 G ) copied ( 50% ), 7 s, 230 M/s
-
- 1650294784 bytes ( 1.5 G ) copied ( 51% ), 7 s, 230 M/s
-
- 1678901248 bytes ( 1.6 G ) copied ( 52% ), 7 s, 231 M/s
-
- 1701642240 bytes ( 1.6 G ) copied ( 53% ), 7 s, 230 M/s
-
- 1728675840 bytes ( 1.6 G ) copied ( 54% ), 7 s, 231 M/s
-
- 1755676672 bytes ( 1.6 G ) copied ( 55% ), 7 s, 231 M/s
-
- 1774682112 bytes ( 1.7 G ) copied ( 55% ), 7 s, 230 M/s
-
- 1796997120 bytes ( 1.7 G ) copied ( 56% ), 7 s, 230 M/s
-
- 1824063488 bytes ( 1.7 G ) copied ( 57% ), 8 s, 230 M/s
-
- 1850998784 bytes ( 1.7 G ) copied ( 57% ), 8 s, 231 M/s
-
- 1873870848 bytes ( 1.7 G ) copied ( 58% ), 8 s, 231 M/s
-
- 1898971136 bytes ( 1.8 G ) copied ( 59% ), 8 s, 231 M/s
-
- 1922400256 bytes ( 1.8 G ) copied ( 60% ), 8 s, 231 M/s
-
- 1949007872 bytes ( 1.8 G ) copied ( 61% ), 8 s, 231 M/s
-
- 1973420032 bytes ( 1.8 G ) copied ( 61% ), 8 s, 231 M/s
-
- 1996881920 bytes ( 1.9 G ) copied ( 62% ), 8 s, 231 M/s
-
- 2020081664 bytes ( 1.9 G ) copied ( 63% ), 8 s, 231 M/s
-
- 2046689280 bytes ( 1.9 G ) copied ( 64% ), 8 s, 231 M/s
-
- 2075197440 bytes ( 1.9 G ) copied ( 64% ), 9 s, 231 M/s
-
- 2099740672 bytes ( 2 G ) copied ( 65% ), 9 s, 231 M/s
-
- 2123202560 bytes ( 2 G ) copied ( 66% ), 9 s, 231 M/s
-
- 2151612416 bytes ( 2 G ) copied ( 67% ), 9 s, 232 M/s
-
- 2177564672 bytes ( 2 G ) copied ( 68% ), 9 s, 232 M/s
-
- 2201550848 bytes ( 2.1 G ) copied ( 68% ), 9 s, 232 M/s
-
- 2225733632 bytes ( 2.1 G ) copied ( 69% ), 9 s, 232 M/s
-
- 2253160448 bytes ( 2.1 G ) copied ( 70% ), 9 s, 232 M/s
-
- 2277441536 bytes ( 2.1 G ) copied ( 71% ), 9 s, 232 M/s
-
- 2301394944 bytes ( 2.1 G ) copied ( 71% ), 9 s, 232 M/s
-
- 2325676032 bytes ( 2.2 G ) copied ( 72% ), 10 s, 232 M/s
-
- 2353692672 bytes ( 2.2 G ) copied ( 73% ), 10 s, 232 M/s
-
- 2380103680 bytes ( 2.2 G ) copied ( 74% ), 10 s, 233 M/s
-
- 2404122624 bytes ( 2.2 G ) copied ( 75% ), 10 s, 233 M/s
-
- 2431352832 bytes ( 2.3 G ) copied ( 75% ), 10 s, 233 M/s
-
- 2458714112 bytes ( 2.3 G ) copied ( 76% ), 10 s, 233 M/s
-
- 2482601984 bytes ( 2.3 G ) copied ( 77% ), 10 s, 233 M/s
-
- 2505801728 bytes ( 2.3 G ) copied ( 78% ), 10 s, 233 M/s
-
- 2530017280 bytes ( 2.4 G ) copied ( 79% ), 10 s, 233 M/s
-
- 2555740160 bytes ( 2.4 G ) copied ( 79% ), 10 s, 233 M/s
-
- 2579562496 bytes ( 2.4 G ) copied ( 80% ), 11 s, 233 M/s
-
- 2601058304 bytes ( 2.4 G ) copied ( 81% ), 11 s, 233 M/s
-
- 2615279616 bytes ( 2.4 G ) copied ( 81% ), 11 s, 232 M/s
-
- 2626224128 bytes ( 2.4 G ) copied ( 82% ), 11 s, 231 M/s
-
- 2638184448 bytes ( 2.5 G ) copied ( 82% ), 11 s, 229 M/s
-
- 2653487104 bytes ( 2.5 G ) copied ( 82% ), 11 s, 229 M/s
-
- 2672590848 bytes ( 2.5 G ) copied ( 83% ), 11 s, 228 M/s
-
- 2693464064 bytes ( 2.5 G ) copied ( 84% ), 11 s, 228 M/s
-
- 2718859264 bytes ( 2.5 G ) copied ( 84% ), 11 s, 228 M/s
-
- 2744418304 bytes ( 2.6 G ) copied ( 85% ), 11 s, 228 M/s
-
- 2761523200 bytes ( 2.6 G ) copied ( 86% ), 12 s, 228 M/s
-
- 2780364800 bytes ( 2.6 G ) copied ( 86% ), 12 s, 227 M/s
-
- 2804744192 bytes ( 2.6 G ) copied ( 87% ), 12 s, 227 M/s
-
- 2827288576 bytes ( 2.6 G ) copied ( 88% ), 12 s, 227 M/s
-
- 2849767424 bytes ( 2.7 G ) copied ( 88% ), 12 s, 227 M/s
-
- 2871230464 bytes ( 2.7 G ) copied ( 89% ), 12 s, 227 M/s
-
- 2893414400 bytes ( 2.7 G ) copied ( 90% ), 12 s, 227 M/s
-
- 2914254848 bytes ( 2.7 G ) copied ( 90% ), 12 s, 227 M/s
-
- 2938601472 bytes ( 2.7 G ) copied ( 91% ), 12 s, 227 M/s
-
- 2964586496 bytes ( 2.8 G ) copied ( 92% ), 12 s, 227 M/s
-
- 2988081152 bytes ( 2.8 G ) copied ( 93% ), 13 s, 227 M/s
-
- 3012001792 bytes ( 2.8 G ) copied ( 94% ), 13 s, 227 M/s
-
- 3038380032 bytes ( 2.8 G ) copied ( 94% ), 13 s, 227 M/s
-
- 3063382016 bytes ( 2.9 G ) copied ( 95% ), 13 s, 227 M/s
-
- 3088187392 bytes ( 2.9 G ) copied ( 96% ), 13 s, 227 M/s
-
- 3113910272 bytes ( 2.9 G ) copied ( 97% ), 13 s, 227 M/s
-
- 3137437696 bytes ( 2.9 G ) copied ( 97% ), 13 s, 227 M/s
-
- 3160145920 bytes ( 2.9 G ) copied ( 98% ), 13 s, 227 M/s
-
- 3184328704 bytes ( 3 G ) copied ( 99% ), 13 s, 227 M/s
-
- 3208577024 bytes ( 3 G ) copied ( 100% ), 13 s, 227 M/s
-
- 3221225472 bytes ( 3 G ) copied ( 100% ), 14 s, 226 M/s
-
- 3221225472 bytes ( 3 G ) copied ( 100% ), 14 s, 226 M/s
-
-input results for device `/dev/loop1':
- 6291456 sectors in
- 0 bad sectors replaced by zeros
- 2c9c0f5117cdc3e8f3b9156bb5eef7d9563f46b4e0e4e51123711d828c89e8a2 (sha256)
-
-output results for file `/home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img':
- 6291456 sectors out
-
-dc3dd completed at 2025-05-09 03:11:52 -0400
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:11:52.137822+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dc3dd.img | head -n 20`
-- Timestamp: `2025-05-09T07-13-09-028006+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
-
-#### Output:
-```
-[STDOUT]
-00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
-00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
-00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
-00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
-00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
-00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
-00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
-00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
-00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
-00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
-000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
-000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
-000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
-000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
-000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:13:09.054618+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo dcfldd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd.img hash=sha256 hashlog=usb_dcfldd.hash status=off errlog=usb_dcfldd.log`
-- Timestamp: `2025-05-09T07-15-58-157193+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `2f673332b624a1e8b049e9b0bdfe9c4782f98aa598588a983b1cca12a0433c64`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-98304+0 records in
-98304+0 records out
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:16:16.724835+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo xxd /home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd.img | head -n 20`
-- Timestamp: `2025-05-09T07-17-24-431943+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `dda431d77053a843ac735281786200d0a3a7dc4565bc9d2384bef7ecef5ac89e`
-
-#### Output:
-```
-[STDOUT]
-00000000: eb58 906d 6b66 732e 6661 7400 0208 2000 .X.mkfs.fat... .
-00000010: 0200 0000 00f8 0000 3f00 ff00 0000 0000 ........?.......
-00000020: 0000 6000 f817 0000 0000 0000 0200 0000 ..`.............
-00000030: 0100 0600 0000 0000 0000 0000 0000 0000 ................
-00000040: 8000 29ae c100 374e 4f20 4e41 4d45 2020 ..)...7NO NAME
-00000050: 2020 4641 5433 3220 2020 0e1f be77 7cac FAT32 ...w|.
-00000060: 22c0 740b 56b4 0ebb 0700 cd10 5eeb f032 ".t.V.......^..2
-00000070: e4cd 16cd 19eb fe54 6869 7320 6973 206e .......This is n
-00000080: 6f74 2061 2062 6f6f 7461 626c 6520 6469 ot a bootable di
-00000090: 736b 2e20 2050 6c65 6173 6520 696e 7365 sk. Please inse
-000000a0: 7274 2061 2062 6f6f 7461 626c 6520 666c rt a bootable fl
-000000b0: 6f70 7079 2061 6e64 0d0a 7072 6573 7320 oppy and..press
-000000c0: 616e 7920 6b65 7920 746f 2074 7279 2061 any key to try a
-000000d0: 6761 696e 202e 2e2e 200d 0a00 0000 0000 gain ... .......
-000000e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-000000f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000100: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000110: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000120: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-00000130: 0000 0000 0000 0000 0000 0000 0000 0000 ................
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:17:24.460514+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-18-03-201283+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Aufgabe 2.2 beendet.
-
----
-
-### [+] Timestamp: `2025-05-09T07-18-26-494801+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Aufgabe 2.4 gestartet, 2.3 wird haendisch niedergeschrieben
-
----
-
-### [+] Command: `Error opening image file (raw_open: file "/dev/loop1" - Permission denied)`
-- Timestamp: `2025-05-09T07-19-45-852848+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `b0546c981e99537e5a6a3fe7bc230ca5fb3dcec663695329cce6d0c6eeac7709`
-
-#### Output:
-```
-[!] Command failed:
-Error opening image file (raw_open: file "/dev/loop1" - Permission denied)
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:19:45.891807+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo fsstat /dev/loop1`
-- Timestamp: `2025-05-09T07-19-52-695798+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `377bc3ffe4760f092973bb1a77d97c33b11307bb392768fdcc6dd1a63fe91332`
-
-#### Output:
-```
-[STDOUT]
-FILE SYSTEM INFORMATION
---------------------------------------------
-File System Type: FAT32
-
-OEM Name: mkfs.fat
-Volume ID: 0x3700c1ae
-Volume Label (Boot Sector): NO NAME
-Volume Label (Root Directory):
-File System Type Label: FAT32
-Next Free Sector (FS Info): 16920
-Free Sector Count (FS Info): 6274528
-
-Sectors before file system: 0
-
-File System Layout (in sectors)
-Total Range: 0 - 6291455
-* Reserved: 0 - 31
-** Boot Sector: 0
-** FS Info Sector: 1
-** Backup Boot Sector: 6
-* FAT 0: 32 - 6167
-* FAT 1: 6168 - 12303
-* Data Area: 12304 - 6291455
-** Cluster Area: 12304 - 6291455
-*** Root Directory: 12304 - 12311
-
-METADATA INFORMATION
---------------------------------------------
-Range: 2 - 100466438
-Root Directory: 2
-
-CONTENT INFORMATION
---------------------------------------------
-Sector Size: 512
-Cluster Size: 4096
-Total Cluster Range: 2 - 784895
-
-FAT CONTENTS (in sectors)
---------------------------------------------
-12304-12311 (8) -> EOF
-12312-12695 (384) -> EOF
-12696-16895 (4200) -> EOF
-16896-16927 (32) -> EOF
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:19:52.802013+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-20-25-017861+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Es handelt sich also um FAT32
-
----
-
-### [+] Timestamp: `2025-05-09T07-21-02-367502+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Nun zu Aufgabe 2.5, bei der wir mit speziellen Parametern arbeiten sollen
-
----
-
-### [+] Command: `sudo dcfldd if=/dev/loop1 of=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd_with_extras.img hash=sha1 hashwindow=1M hashlog=/home/kali/Documents/analysis-station/Uebung_04/usb_dcfldd_with_extras.hash status=on | head -n 20`
-- Timestamp: `2025-05-09T07-25-25-239093+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `1374dd6d0390e65da9cf0fa2f36c796c948bb1784f9dd33b35ab5650db6f27f4`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-
-256 blocks (8Mb) written.
-512 blocks (16Mb) written.
-768 blocks (24Mb) written.
-1024 blocks (32Mb) written.
-1280 blocks (40Mb) written.
-1536 blocks (48Mb) written.
-1792 blocks (56Mb) written.
-2048 blocks (64Mb) written.
-2304 blocks (72Mb) written.
-2560 blocks (80Mb) written.
-2816 blocks (88Mb) written.
-3072 blocks (96Mb) written.
-3328 blocks (104Mb) written.
-3584 blocks (112Mb) written.
-3840 blocks (120Mb) written.
-4096 blocks (128Mb) written.
-4352 blocks (136Mb) written.
-4608 blocks (144Mb) written.
-4864 blocks (152Mb) written.
-5120 blocks (160Mb) written.
-5376 blocks (168Mb) written.
-5632 blocks (176Mb) written.
-5888 blocks (184Mb) written.
-6144 blocks (192Mb) written.
-6400 blocks (200Mb) written.
-6656 blocks (208Mb) written.
-6912 blocks (216Mb) written.
-7168 blocks (224Mb) written.
-7424 blocks (232Mb) written.
-7680 blocks (240Mb) written.
-7936 blocks (248Mb) written.
-8192 blocks (256Mb) written.
-8448 blocks (264Mb) written.
-8704 blocks (272Mb) written.
-8960 blocks (280Mb) written.
-9216 blocks (288Mb) written.
-9472 blocks (296Mb) written.
-9728 blocks (304Mb) written.
-9984 blocks (312Mb) written.
-10240 blocks (320Mb) written.
-10496 blocks (328Mb) written.
-10752 blocks (336Mb) written.
-11008 blocks (344Mb) written.
-11264 blocks (352Mb) written.
-11520 blocks (360Mb) written.
-11776 blocks (368Mb) written.
-12032 blocks (376Mb) written.
-12288 blocks (384Mb) written.
-12544 blocks (392Mb) written.
-12800 blocks (400Mb) written.
-13056 blocks (408Mb) written.
-13312 blocks (416Mb) written.
-13568 blocks (424Mb) written.
-13824 blocks (432Mb) written.
-14080 blocks (440Mb) written.
-14336 blocks (448Mb) written.
-14592 blocks (456Mb) written.
-14848 blocks (464Mb) written.
-15104 blocks (472Mb) written.
-15360 blocks (480Mb) written.
-15616 blocks (488Mb) written.
-15872 blocks (496Mb) written.
-16128 blocks (504Mb) written.
-16384 blocks (512Mb) written.
-16640 blocks (520Mb) written.
-16896 blocks (528Mb) written.
-17152 blocks (536Mb) written.
-17408 blocks (544Mb) written.
-17664 blocks (552Mb) written.
-17920 blocks (560Mb) written.
-18176 blocks (568Mb) written.
-18432 blocks (576Mb) written.
-18688 blocks (584Mb) written.
-18944 blocks (592Mb) written.
-19200 blocks (600Mb) written.
-19456 blocks (608Mb) written.
-19712 blocks (616Mb) written.
-19968 blocks (624Mb) written.
-20224 blocks (632Mb) written.
-20480 blocks (640Mb) written.
-20736 blocks (648Mb) written.
-20992 blocks (656Mb) written.
-21248 blocks (664Mb) written.
-21504 blocks (672Mb) written.
-21760 blocks (680Mb) written.
-22016 blocks (688Mb) written.
-22272 blocks (696Mb) written.
-22528 blocks (704Mb) written.
-22784 blocks (712Mb) written.
-23040 blocks (720Mb) written.
-23296 blocks (728Mb) written.
-23552 blocks (736Mb) written.
-23808 blocks (744Mb) written.
-24064 blocks (752Mb) written.
-24320 blocks (760Mb) written.
-24576 blocks (768Mb) written.
-24832 blocks (776Mb) written.
-25088 blocks (784Mb) written.
-25344 blocks (792Mb) written.
-25600 blocks (800Mb) written.
-25856 blocks (808Mb) written.
-26112 blocks (816Mb) written.
-26368 blocks (824Mb) written.
-26624 blocks (832Mb) written.
-26880 blocks (840Mb) written.
-27136 blocks (848Mb) written.
-27392 blocks (856Mb) written.
-27648 blocks (864Mb) written.
-27904 blocks (872Mb) written.
-28160 blocks (880Mb) written.
-28416 blocks (888Mb) written.
-28672 blocks (896Mb) written.
-28928 blocks (904Mb) written.
-29184 blocks (912Mb) written.
-29440 blocks (920Mb) written.
-29696 blocks (928Mb) written.
-29952 blocks (936Mb) written.
-30208 blocks (944Mb) written.
-30464 blocks (952Mb) written.
-30720 blocks (960Mb) written.
-30976 blocks (968Mb) written.
-31232 blocks (976Mb) written.
-31488 blocks (984Mb) written.
-31744 blocks (992Mb) written.
-32000 blocks (1000Mb) written.
-32256 blocks (1008Mb) written.
-32512 blocks (1016Mb) written.
-32768 blocks (1024Mb) written.
-33024 blocks (1032Mb) written.
-33280 blocks (1040Mb) written.
-33536 blocks (1048Mb) written.
-33792 blocks (1056Mb) written.
-34048 blocks (1064Mb) written.
-34304 blocks (1072Mb) written.
-34560 blocks (1080Mb) written.
-34816 blocks (1088Mb) written.
-35072 blocks (1096Mb) written.
-35328 blocks (1104Mb) written.
-35584 blocks (1112Mb) written.
-35840 blocks (1120Mb) written.
-36096 blocks (1128Mb) written.
-36352 blocks (1136Mb) written.
-36608 blocks (1144Mb) written.
-36864 blocks (1152Mb) written.
-37120 blocks (1160Mb) written.
-37376 blocks (1168Mb) written.
-37632 blocks (1176Mb) written.
-37888 blocks (1184Mb) written.
-38144 blocks (1192Mb) written.
-38400 blocks (1200Mb) written.
-38656 blocks (1208Mb) written.
-38912 blocks (1216Mb) written.
-39168 blocks (1224Mb) written.
-39424 blocks (1232Mb) written.
-39680 blocks (1240Mb) written.
-39936 blocks (1248Mb) written.
-40192 blocks (1256Mb) written.
-40448 blocks (1264Mb) written.
-40704 blocks (1272Mb) written.
-40960 blocks (1280Mb) written.
-41216 blocks (1288Mb) written.
-41472 blocks (1296Mb) written.
-41728 blocks (1304Mb) written.
-41984 blocks (1312Mb) written.
-42240 blocks (1320Mb) written.
-42496 blocks (1328Mb) written.
-42752 blocks (1336Mb) written.
-43008 blocks (1344Mb) written.
-43264 blocks (1352Mb) written.
-43520 blocks (1360Mb) written.
-43776 blocks (1368Mb) written.
-44032 blocks (1376Mb) written.
-44288 blocks (1384Mb) written.
-44544 blocks (1392Mb) written.
-44800 blocks (1400Mb) written.
-45056 blocks (1408Mb) written.
-45312 blocks (1416Mb) written.
-45568 blocks (1424Mb) written.
-45824 blocks (1432Mb) written.
-46080 blocks (1440Mb) written.
-46336 blocks (1448Mb) written.
-46592 blocks (1456Mb) written.
-46848 blocks (1464Mb) written.
-47104 blocks (1472Mb) written.
-47360 blocks (1480Mb) written.
-47616 blocks (1488Mb) written.
-47872 blocks (1496Mb) written.
-48128 blocks (1504Mb) written.
-48384 blocks (1512Mb) written.
-48640 blocks (1520Mb) written.
-48896 blocks (1528Mb) written.
-49152 blocks (1536Mb) written.
-49408 blocks (1544Mb) written.
-49664 blocks (1552Mb) written.
-49920 blocks (1560Mb) written.
-50176 blocks (1568Mb) written.
-50432 blocks (1576Mb) written.
-50688 blocks (1584Mb) written.
-50944 blocks (1592Mb) written.
-51200 blocks (1600Mb) written.
-51456 blocks (1608Mb) written.
-51712 blocks (1616Mb) written.
-51968 blocks (1624Mb) written.
-52224 blocks (1632Mb) written.
-52480 blocks (1640Mb) written.
-52736 blocks (1648Mb) written.
-52992 blocks (1656Mb) written.
-53248 blocks (1664Mb) written.
-53504 blocks (1672Mb) written.
-53760 blocks (1680Mb) written.
-54016 blocks (1688Mb) written.
-54272 blocks (1696Mb) written.
-54528 blocks (1704Mb) written.
-54784 blocks (1712Mb) written.
-55040 blocks (1720Mb) written.
-55296 blocks (1728Mb) written.
-55552 blocks (1736Mb) written.
-55808 blocks (1744Mb) written.
-56064 blocks (1752Mb) written.
-56320 blocks (1760Mb) written.
-56576 blocks (1768Mb) written.
-56832 blocks (1776Mb) written.
-57088 blocks (1784Mb) written.
-57344 blocks (1792Mb) written.
-57600 blocks (1800Mb) written.
-57856 blocks (1808Mb) written.
-58112 blocks (1816Mb) written.
-58368 blocks (1824Mb) written.
-58624 blocks (1832Mb) written.
-58880 blocks (1840Mb) written.
-59136 blocks (1848Mb) written.
-59392 blocks (1856Mb) written.
-59648 blocks (1864Mb) written.
-59904 blocks (1872Mb) written.
-60160 blocks (1880Mb) written.
-60416 blocks (1888Mb) written.
-60672 blocks (1896Mb) written.
-60928 blocks (1904Mb) written.
-61184 blocks (1912Mb) written.
-61440 blocks (1920Mb) written.
-61696 blocks (1928Mb) written.
-61952 blocks (1936Mb) written.
-62208 blocks (1944Mb) written.
-62464 blocks (1952Mb) written.
-62720 blocks (1960Mb) written.
-62976 blocks (1968Mb) written.
-63232 blocks (1976Mb) written.
-63488 blocks (1984Mb) written.
-63744 blocks (1992Mb) written.
-64000 blocks (2000Mb) written.
-64256 blocks (2008Mb) written.
-64512 blocks (2016Mb) written.
-64768 blocks (2024Mb) written.
-65024 blocks (2032Mb) written.
-65280 blocks (2040Mb) written.
-65536 blocks (2048Mb) written.
-65792 blocks (2056Mb) written.
-66048 blocks (2064Mb) written.
-66304 blocks (2072Mb) written.
-66560 blocks (2080Mb) written.
-66816 blocks (2088Mb) written.
-67072 blocks (2096Mb) written.
-67328 blocks (2104Mb) written.
-67584 blocks (2112Mb) written.
-67840 blocks (2120Mb) written.
-68096 blocks (2128Mb) written.
-68352 blocks (2136Mb) written.
-68608 blocks (2144Mb) written.
-68864 blocks (2152Mb) written.
-69120 blocks (2160Mb) written.
-69376 blocks (2168Mb) written.
-69632 blocks (2176Mb) written.
-69888 blocks (2184Mb) written.
-70144 blocks (2192Mb) written.
-70400 blocks (2200Mb) written.
-70656 blocks (2208Mb) written.
-70912 blocks (2216Mb) written.
-71168 blocks (2224Mb) written.
-71424 blocks (2232Mb) written.
-71680 blocks (2240Mb) written.
-71936 blocks (2248Mb) written.
-72192 blocks (2256Mb) written.
-72448 blocks (2264Mb) written.
-72704 blocks (2272Mb) written.
-72960 blocks (2280Mb) written.
-73216 blocks (2288Mb) written.
-73472 blocks (2296Mb) written.
-73728 blocks (2304Mb) written.
-73984 blocks (2312Mb) written.
-74240 blocks (2320Mb) written.
-74496 blocks (2328Mb) written.
-74752 blocks (2336Mb) written.
-75008 blocks (2344Mb) written.
-75264 blocks (2352Mb) written.
-75520 blocks (2360Mb) written.
-75776 blocks (2368Mb) written.
-76032 blocks (2376Mb) written.
-76288 blocks (2384Mb) written.
-76544 blocks (2392Mb) written.
-76800 blocks (2400Mb) written.
-77056 blocks (2408Mb) written.
-77312 blocks (2416Mb) written.
-77568 blocks (2424Mb) written.
-77824 blocks (2432Mb) written.
-78080 blocks (2440Mb) written.
-78336 blocks (2448Mb) written.
-78592 blocks (2456Mb) written.
-78848 blocks (2464Mb) written.
-79104 blocks (2472Mb) written.
-79360 blocks (2480Mb) written.
-79616 blocks (2488Mb) written.
-79872 blocks (2496Mb) written.
-80128 blocks (2504Mb) written.
-80384 blocks (2512Mb) written.
-80640 blocks (2520Mb) written.
-80896 blocks (2528Mb) written.
-81152 blocks (2536Mb) written.
-81408 blocks (2544Mb) written.
-81664 blocks (2552Mb) written.
-81920 blocks (2560Mb) written.
-82176 blocks (2568Mb) written.
-82432 blocks (2576Mb) written.
-82688 blocks (2584Mb) written.
-82944 blocks (2592Mb) written.
-83200 blocks (2600Mb) written.
-83456 blocks (2608Mb) written.
-83712 blocks (2616Mb) written.
-83968 blocks (2624Mb) written.
-84224 blocks (2632Mb) written.
-84480 blocks (2640Mb) written.
-84736 blocks (2648Mb) written.
-84992 blocks (2656Mb) written.
-85248 blocks (2664Mb) written.
-85504 blocks (2672Mb) written.
-85760 blocks (2680Mb) written.
-86016 blocks (2688Mb) written.
-86272 blocks (2696Mb) written.
-86528 blocks (2704Mb) written.
-86784 blocks (2712Mb) written.
-87040 blocks (2720Mb) written.
-87296 blocks (2728Mb) written.
-87552 blocks (2736Mb) written.
-87808 blocks (2744Mb) written.
-88064 blocks (2752Mb) written.
-88320 blocks (2760Mb) written.
-88576 blocks (2768Mb) written.
-88832 blocks (2776Mb) written.
-89088 blocks (2784Mb) written.
-89344 blocks (2792Mb) written.
-89600 blocks (2800Mb) written.
-89856 blocks (2808Mb) written.
-90112 blocks (2816Mb) written.
-90368 blocks (2824Mb) written.
-90624 blocks (2832Mb) written.
-90880 blocks (2840Mb) written.
-91136 blocks (2848Mb) written.
-91392 blocks (2856Mb) written.
-91648 blocks (2864Mb) written.
-91904 blocks (2872Mb) written.
-92160 blocks (2880Mb) written.
-92416 blocks (2888Mb) written.
-92672 blocks (2896Mb) written.
-92928 blocks (2904Mb) written.
-93184 blocks (2912Mb) written.
-93440 blocks (2920Mb) written.
-93696 blocks (2928Mb) written.
-93952 blocks (2936Mb) written.
-94208 blocks (2944Mb) written.
-94464 blocks (2952Mb) written.
-94720 blocks (2960Mb) written.
-94976 blocks (2968Mb) written.
-95232 blocks (2976Mb) written.
-95488 blocks (2984Mb) written.
-95744 blocks (2992Mb) written.
-96000 blocks (3000Mb) written.
-96256 blocks (3008Mb) written.
-96512 blocks (3016Mb) written.
-96768 blocks (3024Mb) written.
-97024 blocks (3032Mb) written.
-97280 blocks (3040Mb) written.
-97536 blocks (3048Mb) written.
-97792 blocks (3056Mb) written.
-98048 blocks (3064Mb) written.
-98304 blocks (3072Mb) written.
-98304+0 records in
-98304+0 records out
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:25:54.424666+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-26-30-741366+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Weiter zu Aufgabe 2.6
-
----
-
-### [+] Timestamp: `2025-05-09T07-34-19-247795+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Wir werden nun zunaechst die Datei-Inhalte mit fls auflisten
-
----
-
-### [+] Command: `sudo fls -r -m / /dev/loop1`
-- Timestamp: `2025-05-09T07-35-04-342626+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `6450c6a6b404c0b2b9be24ce2d37798162b9de4c921eb38727ccb12deabf1a56`
-
-#### Output:
-```
-[STDOUT]
-0|/Bild1.jpg|4|r/rrwxrwxrwx|0|0|192827|1652068800|1652124148|0|1652124149
-0|/Bild2.jpeg|6|r/rrwxrwxrwx|0|0|2148214|1652068800|1652124160|0|1652124161
-0|/Blue.png|8|r/rrwxrwxrwx|0|0|15540|1652068800|1652125932|0|1652125933
-0|/$MBR|100466435|v/v---------|0|0|512|0|0|0|0
-0|/$FAT1|100466436|v/v---------|0|0|3141632|0|0|0|0
-0|/$FAT2|100466437|v/v---------|0|0|3141632|0|0|0|0
-0|/$OrphanFiles|100466438|V/V---------|0|0|0|0|0|0|0
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:35:08.857575+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `Invalid metadata address (fatxxfs_inode_lookup: 192827 is not an inode)`
-- Timestamp: `2025-05-09T07-38-10-193453+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `7b36f3a2e00ddafa7c0ff65c621f6122baffcaac0e736d3ade5b12267d2b0be5`
-
-#### Output:
-```
-[!] Command failed:
-Invalid metadata address (fatxxfs_inode_lookup: 192827 is not an inode)
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:38:10.263484+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-39-18-001829+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Korrektur, wir werden nun die l-Flag verwenden um von fls die korrekten lnodes zu erhalten
-
----
-
-### [+] Command: `sudo fls -o 0 -f fat -l /dev/loop1`
-- Timestamp: `2025-05-09T07-39-42-150112+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `217b465c426599228c3b679340e8d577acbc010137f84498d4188360a80f65be`
-
-#### Output:
-```
-[STDOUT]
-r/r 4: Bild1.jpg 2022-05-09 15:22:28 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:22:29 (EDT) 192827 0 0
-r/r 6: Bild2.jpeg 2022-05-09 15:22:40 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:22:41 (EDT) 2148214 0 0
-r/r 8: Blue.png 2022-05-09 15:52:12 (EDT) 2022-05-09 00:00:00 (EDT) 0000-00-00 00:00:00 (UTC) 2022-05-09 15:52:13 (EDT) 15540 0 0
-v/v 100466435: $MBR 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 512 0 0
-v/v 100466436: $FAT1 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 3141632 0 0
-v/v 100466437: $FAT2 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 3141632 0 0
-V/V 100466438: $OrphanFiles 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0000-00-00 00:00:00 (UTC) 0 0 0
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:39:42.188633+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-40-34-472272+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Nun koennen wir die gefundenen Dateien mit icat extrahieren
-
----
-
-### [+] Command: `sudo icat /dev/loop1 4 > /home/kali/Documents/analysis-station/Uebung_04/Bild1.jpg`
-- Timestamp: `2025-05-09T07-40-41-860969+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:40:41.915848+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo icat /dev/loop1 6 > /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpeg`
-- Timestamp: `2025-05-09T07-40-57-935742+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:40:57.991781+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo icat /dev/loop1 8 > /home/kali/Documents/analysis-station/Uebung_04/Blue.png`
-- Timestamp: `2025-05-09T07-41-14-892023+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:41:14.943345+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-41-34-889472+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Nun berechnen wir zur Kontrolle die Hashes
-
----
-
-### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Bild1.jpg > /home/kali/Documents/analysis-station/Uebung_04/Bild1.hash`
-- Timestamp: `2025-05-09T07-42-06-112318+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:42:06.128482+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sha256sum: /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpg: No such file or directory`
-- Timestamp: `2025-05-09T07-42-27-257676+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `f2df0d991d210ebde33c1eba9038bc0c61a2fc70964881812fe8a3bbe2746ebb`
-
-#### Output:
-```
-[!] Command failed:
-sha256sum: /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpg: No such file or directory
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:42:27.270390+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Bild2.jpeg > /home/kali/Documents/analysis-station/Uebung_04/Bild2.hash`
-- Timestamp: `2025-05-09T07-42-52-845786+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:42:52.863339+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sha256sum /home/kali/Documents/analysis-station/Uebung_04/Blue.png > /home/kali/Documents/analysis-station/Uebung_04/Blue.hash`
-- Timestamp: `2025-05-09T07-43-19-290292+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:43:19.303093+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Timestamp: `2025-05-09T07-44-13-453381+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Wir fanden drei Bilder bisher, zwei von einem Adler oder Falken und ein blaues Bild
-
----
-
-### [+] Timestamp: `2025-05-09T07-47-53-499583+00-00`
-#### [+] Comment from analyst: Niklas Heringer
-
-#### [+] Content:
-Wir fanden ausserdem Hinweise auf verwaiste Dateien, wir werden das untersuchen, da wir den PIN noch nicht gefunden haben.
-
----
-
-### [+] Command: `sudo fls -r -o 0 -f fat /dev/loop1 100466438`
-- Timestamp: `2025-05-09T07-48-03-381375+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:48:08.005654+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo losetup -d /dev/loop0`
-- Timestamp: `2025-05-09T07-56-25-044550+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:56:27.046275+00:00
-
-[x] No specific explanation found.
-
----
-
-### [+] Command: `sudo losetup -d /dev/loop1`
-- Timestamp: `2025-05-09T07-56-32-230410+00-00`
-- GPG-signature: [+] Valid
-- SHA256: `aec4dbdae6db78716bf86b6c6d3a9f3327d00c39a9d0715fb7ff7b953c1c499f`
-
-#### Output:
-```
-[STDOUT]
-
-[STDERR]
-```
-
-#### Context:
-**Analyst:** Niklas Heringer
-**Timestamp:** 2025-05-09T07:56:32.256258+00:00
-
-[x] No specific explanation found.
-
-## [+] GPG-Overview
-Each `.log`-file was digitally signed with GPG where applicable.
-The signature status is documented per command.
-
-
-
-----
-
-## 3. Ergebnisse
-
-Der USB-Stick enthielt drei Bilddateien, zwei zeigen einen Adler und das dritte zeigt vollständig das kräftige Blau des Logos der Hochschule Mannheim.
-Von der Handy-PIN konnten wir nichts entdecken.
-
----
-### 4. Verwendete Quellen
-[1]
-[2]
-[3]