Total Marks 5. Deadline: 10:30 AM, 13 May (Friday). you will…

Question Answered step-by-step Total Marks 5. Deadline: 10:30 AM, 13 May (Friday). you will… Total Marks 5. Deadline: 10:30 AM, 13 May (Friday).  you will analyze a given NTFS image (binary file) based on your understanding of Week 9’s lecture material. The NTFS image file in hex is given to you in the PDF (the image file has been already loaded to a Hex editor) on the next page. Questions to answer:  (Q1) How many MFT records you can find from the given image file? How did you identify an MFT record? [1 Marks](Q2) In the second MFT record, find the file modification date and time (in user-readable form) from the File Name Attribute. From this record, find the file access data and time (in user-readable form) from the Standard Information Attribute. Briefly explain the steps you took to obtain your answers. [4 Marks] Tip 1: This handout is based on Week 9 Lecture materials (have a look at the slides in the Zoom discussion as well) Tip 2: From the given image file, you will find the dates in hexadecimal form (remember to do littleendian adjustment), convert this hexadecimal number to a decimal number. For this, use an online tool, such as https://www.rapidtables.com/convert/number/hex-to-decimal.html. Then put this decimal number in the https://www.silisoftware.com/tools/date.php tool with “filetime” in “Input format setting” (change from the default “unix” setting) for getting the date and time in user-readable form. Engineering & Technology Computer Science SCIENCE 65316 Share QuestionEmailCopy link Comments (0)