Digital Forensics

Question 1
Translate the following PDU manually to text message explaining the process.

31990E060B3601

Question 2 :

Translate the following three text messages.

A82300620011000A81553512546500000B28CD72990E6A9741613AA89D26BBD367341D24CE83E8E832E8CD2683DEE135882E2F9743C92300620011000A81553512557800000B254910F9ED3ED1417474DABD06DDCBA039FA5D67935D20641934AFCFE1E5317DEE02E92300620011000A81553512557800000B204910F9ED3ED141E3B0BCCC022541E8B0BD0CA2BF41F37219947FD75D

Tips:

This isn’t pure PDU. There’s a time stamp somewhere.
Break things into bytes first.
Look for markers that might help separate the messages.
Don’t try to manually translate in part 3. Search for tools that can assist.
Question 3
In the file GoblinsV2.dd there are lots of hidden goblins. I’ve done the work for you and I’ll tell you where they are, but you have to extract them using dd. Provide the image files and the dd commands you used to extract them.

Starting file:
https://www.dropbox.com/s/kj992tx2ir9tpyb/GoblinsV2.dd?dl=0

Note: I’ll be checking to make sure each file starts with “0xFFD8FFE1” or “0XFFD8FFE0” and ends with “0xFFD9.” Points will be deducted if they don’t, even if they open in an image viewer.

Tip: A Hex editor can be very useful.

5 pts per Goblin found for a total of 20 pts:

Goblin1 can be found 512 bytes in the image and is 126,437 bytes in size.
Goblin2 is hiding immediately after Goblin1 and he ends at byte offset 0x2B2A1.
Goblin3 is hiding at byte offset 0x2B8A2 and he is 68,459 bytes in size.
Goblin4 is hiding right after Goblin3 and ends at 0x3F72A.