Due Date: October 5th, 2008, 23:59 EDT
Deliverables: Analysis Report, repaired floppy image
This lab is worth 15% of your final grade.
Your task is to recover data from a floppy disk. The disk image is available through blackboard in the "Assignments" section under "Lab 2". If you have not done so by now, read the FAT 12 paper available in Blackboard to get started on this lab. The SHA1 checksum of the file is:
b94310c0286be698a40d24b5834da4badc4f44db lab2-image
Document all the steps you undertake to recover the data. For each file you recovered you need to explain what sectors belong to it and how you determined this. For example, it is not sufficient to merely state: "File x had a starting sector of a and an end sector of b." Instead state something along the lines of: "A well-known file header for files of type Y was found at sector a. A corresponding footer was present at the end of sector b. I extracted all sectors of the range between a and b and verified that all sectors belong to a file (File x)." You will still need to explain how this was verified. Any long program output (such as strings) has no place in your analysis description. If you feel you need to include it, put it into an appendix, or limit yourself to the important parts, describing how you found them.
In addition to your analysis, create a "map" of the cluster allocations for the image showing which clusters of the disk belong to which files, and which are free. For example, the map for the HoneyNet Scan 24 image described in the paper would look like:
JIMMYJ.DOC: 2-41
COVER.JPG: 42-72
SCHEDULE.ZIP: 73-77
free: 78-2846
You can use commas to denote the order of fragments. A file consisting of clusters 3, 2, 4, 5, 6, 10, 11, 12, 13 (in that order) would then be mapped as 3, 2, 4-6, 10-13.
You also need to submit a repaired image of the floppy, so that when you mount the floppy (or the image) all files that could be recovered can be accessed. This includes a restoration of the missing root directory. Highlight what was modified to repair the image in your analysis description. Repairing the image manually will be time-consuming, and I highly discourage you from doing so. Use a tool or write a program/script to do it. When repairing the image, do not modify any clusters that you believe have file data in them. That means your basic building block is the cluster, and you should only have to modify the boot sector, the FATs, and directories (not all of these may need to be repaired for this lab). Also, make sure that your file sizes are correct.
Furthermore, answer the following questions:
Submit your analysis description and your answer to the questions in a single PDF document. Make sure you describe the methodology you used to analyze the floppy and what needed to be done to fix it. You may use any software tool/program you can find for this lab, but you have to document how you used it. Name your PDF document "<your last name>-report.pdf" and your repaired image "<your last name>-image". Place both files inside a directory "<your last name>-lab2", and zip (or tar/gzip) the entire directory to a file called "<your last name>-lab2.zip" (or .tgz). When I unzip the file, the directory must be created! Submit the archive file for your lab submission in Blackboard.