Lab 2 - Report file
docx
keyboard_arrow_up
School
Saint Leo University *
*We aren’t endorsed by this school
Course
452
Subject
Communications
Date
Apr 3, 2024
Type
docx
Pages
19
Uploaded by hnmathewson
Lab 2:
Documenting a Workstation Configuration Using Common Forensic Tools
Hannah Mathewson
Computer Forensics
COM-452-OL01
Professor James Jones
January 28, 2024
Section 1
Part 1
6.) Make a screen capture showing the System Overview and paste it into the Lab Report file.
7.) Make a screen capture showing the Windows Firewall findings and paste it into the Lab Report file.
10.) Make a screen capture of the User Accounts findings and paste it into the Lab Report file.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
12.) Make a screen capture showing the Drive C findings and paste it into the Lab Report file.
13.) Make a screen capture showing any other WinAudit findings that you feel are critically important to a forensic investigation and paste them into the Lab Report file.
Part 2
2.) In your Lab Report file, record the number of connected devices identified by DevManView.
78 devices
4.) In your Lab Report file, record the total number od devices identified by DevManView.
121 devices
6.) Make a screen capture showing the System CMOS/real time clock properties and paste it into
the Lab Report file.
Part 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
8.) Make a screen capture showing the contents of the challenge.pdf file and paste it into the Lab Report file.
12.) Make a screen capture showing the contents of the File properties dialog box and paste it into your Lab Report file.
22.) On the vWorkstation desktop, drag the deliverable file(s) into the File Transfer folder to complete the download to your local computer.
Section 2
Part 1
4.) Make a screen capture showing the System Overview and paste it into the Lab Report file.
6.) Make a screen capture showing the Environment Variables and paste it into the Lab Report file.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
8.) Make a screen capture of the User Accounts findings and paste it into the Lab Report file.
10.) Make a screen capture showing the Drive C findings and paste it into the Lab Report file.
12.) Make a screen capture showing any other WinAudit findings that you feel are critically important to a forensic investigation and paste them into the Lab Report file.
13.) In the Lab Report file, explain why you chose to include the information you collected
The TCP/IP (Transmission Control Protocol/Internet Protocol) suite is crucial to computer forensics for several reasons:
1.
Network Communication Analysis:
TCP/IP is the fundamental protocol suite governing internet communication. Analyzing network traffic through protocols like TCP and IP enables forensic investigators to understand the flow of data between systems.
Examining packet-level details helps in reconstructing the sequence of events during a security incident or any suspicious activity.
2.
Evidence Identification and Collection:
In computer forensics, investigators often need to identify and collect evidence related to network activities. This includes tracing communication between
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
devices, identifying sources of malicious traffic, or understanding data exchanges between systems.
TCP/IP protocols provide the structure for this communication, and analyzing them allows forensic experts to gather relevant evidence.
3.
Event Reconstruction:
TCP/IP plays a crucial role in reconstructing events during an incident. By examining network packets, forensic analysts can piece together the timeline of activities, helping to understand the progression of an attack or the sequence of user actions.
4.
Malware Analysis:
Malware often communicates with command and control servers or engages in network activities to exfiltrate data. Analyzing network traffic using TCP/IP protocols helps in detecting patterns associated with malware behavior.
Understanding how malware communicates over the network is essential for identifying infected systems and mitigating potential threats.
5.
Incident Response:
During incident response, investigators need to quickly analyze network traffic to identify the scope and impact of an incident. TCP/IP protocols provide the means to inspect packets, understand communication patterns, and respond effectively to
ongoing security events.
6.
Digital Footprint Analysis:
TCP/IP helps in analyzing the digital footprint left by users or attackers. Examining network logs and traffic provides insights into user activities, unauthorized access, or any suspicious behavior that may have occurred over the network.
7.
Authentication and Authorization Data:
TCP/IP is involved in the transmission of authentication and authorization data. Analyzing this information helps in understanding user access patterns and detecting any unauthorized attempts to access systems or data.
In summary, TCP/IP is fundamental to computer forensics because it forms the backbone of network communication. Analyzing the protocols within this suite is essential for identifying, collecting, and interpreting digital evidence related to network activities, aiding forensic investigators in understanding, and responding to security incidents.
Part 2
2.) In your Lab Report file, record the total number of devices identified by DevManView.
115 devices
3.) In your Lab Report file, record the number of connected devices identified by by DevManView.
77 devices
5.) Make a screen capture showing NDIS Virtual Network Adapter Enumerator properties and paste it into the Lab Report file.
6.) In your Lab Report file, record the Device Instance ID and .inf File name.
Device Instance ID: ACPI\ACPI0003\1
.inf File: cmbatt.inf
Part 3
3.) Make a screen capture showing the clue that identifies the correct file type and paste it in the Lab Report file.
7.) Make a screen capture showing the contents of the renamed target.abc file and paste it into your Lab Report file.
Section 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Part 1
1.) In your own words, explain why it is important to use tools like WinAudit, DevManView, and
Frhed.
Answer: These tools allow a forensic analyst to gather information from a workstation such as the operating system that was used, what software has been installed, the port access and firewall
capabilities, user configurations, and encrypted file properties.
Part 2
1.) Open a remote connection to TargetWindows01 and use Fhred to investigate the 10GB disk drive. Identify the partition format and its hex code. Make a screen capture showing your results.
Partition format is NTFS
Part 3
1.) Identify the encryption format and the user account the encrypted certificate was issued by. Make a screen capture showing your findings.
Encryption Format:
User Account: Administrator
Encryption Certificate Issuer: Microsoft Enhanced Cryptographic Provider
2.) Download a copy of WinAudit to your local computer and run and audit report of your local hard drive. Make a screen capture showing the System Overview and the Drive C findings.
System Overview
Drive C Findings
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help