SUBMITTED LATE BUT NOT FOR CONTEST PURPOSES
Downloaded: Oct 21/02/12:36 AM
Finish:Oct 21/02/4:08 AM

Starts: 
//2:30: AM cn std time
Answers:

1. Who is Joe Jacob's supplier of marijuana and what is the address listed for the supplier? 
Given the image file and extracted Microsoft Word document in plaintext Joe Jacob obviously writing a letter to his supplier Jimmy Jungle at this address:
Jimmy Jungle  626 Jungle Ave Apt 2  Jungle, NY 11111

2.What crucial data is available within the coverpage.jpg file and why is this data crucial? 
After easy extraction of the coverpage.jpg, message on the coverpage after viewing it further incriminate Jimmy Jungle by the following text:
''POT SMOKERS MONTHLY 
Your monthly guide to the best pot on the plant!
this month's featured pot grower,
smoker and seller is Jimmy Jungle''

3. What (if any) other high schools besides Smith Hill does Joe Jacobs frequent? 
Extracting Compressed and passworded file in Excel ''Scheduled Visits", reveal the following. Since this is not a real world scenario our friend should not just leave the password in plainttext. IMHO

Here's what I've got!
Key High School
Leetch High School
Birard High School
Richter High School
Hull High School

//3:43AM cn std tme
4. For each file, what processes were taken by the suspect to mask them from others? 
Given the zipped Image file any forensic analyst or computer security expert with fairly good knowledge of filesystem and file structures (STANDARD FILE STRUCTURES) can easily identify file header information for
they are unique. Ex. COM/EXE/ELF/DOC and etc.

Regarding Joe jacob (fictitiously) employed simple and but discreet (less the pw=goodtimes) method to conceal information by utilizing compression programs (probably Winzip) and password protecting it "scheduled visits.xls" and in my guess devicing simple coded schedule for each school and day of week he visits.
where day of week(coded number) = school (coded alphabet) where 1=A,2=B; correct me if I’m wrong :-( 3:46AM

As to the Microsoft Word Document I find to process taken by JJ in my point of view cause it reality Microsoft Word
regardless of version (unless encrypted) reveal whatever document it contain in plaint text (kids: I’m direct disk editing)

Lastly the coverpage file (unless JJ employ steganography :-() which I can't see does nothing to conceal anything that may further incriminate his Arse.
//3:52 AM cn std time

5. What processes did you (the investigator) use to successfully examine the entire contents of each file? 
S.OP.
0day dl of the Image file. 
Make a backup copy (no virus scan) just in-case booby trapped.
transfer it my linux box perform a MD5SUM.
tried a linux hexeditor, easily identify the boot sector info.
After that: In my case I first extract the ZIP file, after succesfully guessing that the pw=goodtimes
next I identify the word document by its destinguisable header info.
get the Mail Address of Jimmy Jungle.(PTXT)
as to the picture file in JPG format same procedure as above zip file after identifying the header info.
the rest of the image mark as free space.

Note to readers: I never use a disk transferring utils here. 

//402. AM cn std time

6. What Microsoft program was used to create the Cover Page file. What is your proof (Proof is the key to getting this question right, not just making a guess). 

Done in Microsoft Photo Editor
where commercial photo editor like ''Adobe'' and etc. put string
signature just after the 16+ bytes header info.
hex bit "y0ya..JFIF" marking for Joint Photography Expert Group Header Standards

FF D8 FF E0 00 10 4A 46 49 46 00 01 01 01 00 60
00 60 00 00 FF DB 00 43 00 08 06 06 07 06 05 06
 
//End :4:08 AM cn std time

EOT: Just for keeps (to illustrate how easy a computer expert or forensic analyst can find incriminating evidence at once hdisk) and I’m not even an Expert :-(

Britanico Dophine