Proj X3: National Software Reference Library (10 pts.)

What You Need for This Project

Purpose

The National Software Reference Library contains hashes of known files. It's useful in forensics to exclude files from analysis that are known commercial files.

Getting Nsrllookup

If you have 32-bit Windows, use this file:

https://samsclass.info/121/proj/nsrllookup-1.2.3-win32.zip

If you are using 64-bit Windows, get the 6-bit version here:

http://rjhansen.github.io/nsrllookup/

Right-click the ZIP file and click "Extract All...", Extract.

A window opens containing a file named "nsrllookup.exe". Right-click this file and click Copy.

In Windows Explorer, navigate to

C:\Windows\System32

Paste the file into that folder, as shown below.

Getting MD5

On your Windows machine, in a Web browser, go to

https://www.fourmilab.ch/md5/

Scroll down to find the md5.zip download link, as shown below.

Download the md5.zip file.

Right-click the md5.zip file and click "Extract All...", Extract.

A window opens containing several files, as shown below. Right-click md5.exe and click Copy.

In Windows Explorer, navigate to

C:\Windows\System32

Paste the file into that folder, as shown below.

Preparing a Test Directory

Open an Administrator Command Prompt and execute these commands, replacing "YOURNAME" with your name:
cd \
mkdir YOURNAME
cd YOURNAME
copy \Windows\System32\cmd.exe .
copy \Windows\System32\notepad.exe .
copy \Windows\System32\md5.exe .
copy \Windows\System32\nsrllookup.exe .

Calculating Hashes

In the Administrator Command Prompt window, execute this command to see the MD5 hashes of your test files:
md5 *.*
The hashes appear, as shown below.

Finding Known and Unknown Files

In the Administrator Command Prompt window, execute these commands to see which files are found in the NSRL, and which are not:
md5 *.* | nsrllookup.exe -k
md5 *.* | nsrllookup.exe -u
Two files are known, and two are unknown, as shown below.

Saving a Screen Image

Capture a whole-desktop image showing these items: If you are using the 64-bit version, all the files are unknown.

YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj X3", replacing "YOUR NAME" with your real name.

Turning In Your Project

Email the image to me as an attachments to an e-mail message. Send it to: cnit.121@gmail.com with a subject line of "Proj X3 From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.


Last modified 11-16-16