LAB11_Digital Forensics Technology and Practices_WORKSHEET1 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

16

Uploaded by joespady4u25

Report
Name: XXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 11 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Registry Tool or Autoruns .................................................................................................................. 3 Screenshot 3 – Log Viewing ....................................................................................................................................... 4 Screenshot 3 – Log Parsing tool ................................................................................................................................. 5 Screenshot 4 – Hashing Tool ...................................................................................................................................... 6 discuss the tool and explain the relevance to computer forensics ............................................................................. 6 Screenshot 5 – FTK Imager ......................................................................................................................................... 7 Screenshot6 – Disk Analysis Tool (for example Autopsy) ........................................................................................... 8 Screenshot 7 – Browser Recovery Tool ...................................................................................................................... 9 Screenshot 8 – Malware Analysis Tool ..................................................................................................................... 10 Screenshot 9 – Volatility Framework or Sysinternals IR Tool .................................................................................... 11 Screenshot 10 – Wireshark or Network Miner ......................................................................................................... 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14
Introduction Students: In the box below, reflect on some of the Computer Forensics tools and techniques you learned about in this class. Introduction In the discipline of computer forensics, the use of digital forensics tools and techniques is crucial for the investigation and analysis of digital evidence. Digital forensic investigators utilize these methods and tools to recover, examine, and preserve electronic data (A guide to digital forensics and cybersecurity tools 2022). These methods and technologies have substantially evolved throughout time to keep up with the rapid improvements in technology (A guide to digital forensics and cybersecurity tools 2022). The Registry Tool, which is used to extract data from the Windows Registry, is one of the most often used tools in digital forensics. The registry keeps track of user preferences, configuration settings, and system data, and it can offer useful insight into system operations. One such tool for extracting data from the registry is RegRipper (Robb, 2023). Another tool in digital forensics called Autoruns enables users to examine and control the programs and services that start up automatically with a machine. The virus and suspicious programs that can be hidden in the starting processes might be found with this tool. In order to analyze log files, which can reveal important details about system activity, programs like LogParser are utilized. Using this information can help you spot suspicious or unusual activities that could be a sign of a security breach or a possible danger. By creating a distinct digital fingerprint for each file or drive, the process of hashing helps to assure the reliability of digital evidence. Digital forensics depend on hashing to confirm the veracity of data and to spot any changes that may have been made as part of the inquiry. Digital forensics frequently makes use of hashing tools like HashCalc and MD5SUM. A strong tool for creating forensic images of hard drives and other storage media is called FTK Imager. A key component of digital forensics is forensic imaging, which enables investigators to gather and store electronic material for later study (Chandel, 2020). Digital forensics frequently employs FTK Imager because of its efficiency, adaptability, and dependability. Data is analyzed and recovered from hard drives and other
storage media using disk analysis programs like EnCase and the Sleuth Kit. These programs are helpful for restoring damaged or corrupted data, finding deleted or hidden files, and examining a drive's or file system's contents. To retrieve web surfing activity from different browsers, programs like Internet Evidence Finder (IEF) and Web Historian can be utilized. These tools can be helpful in determining a suspect's browser history, which might provide important details about their online habits. IDA Pro and OllyDbg are two examples of malware analysis tools that are used to examine the behavior of malicious software. Digital forensics includes malware analysis since it enables investigators to comprehend how malware functions and how it may be found and eliminated. A memory analysis tool called the Volatility Framework is used to gather data from active processes in volatile memory. This program is helpful in finding rootkits, hidden processes, and other harmful software that might be active in a system's memory (Digital Forensics 2018). A network protocol analyzer called Wire Shark records network traffic and presents it in an intuitive way. In order to identify suspect network activity, track the origin of a network attack, and comprehend a network's communication patterns, network traffic analysis is a crucial component of digital forensics (Wireshark: A network forensic tool 2022). A network forensic investigation program called Network Miner can glean relevant data from recorded network traffic. This program can be used to recognize network-based assaults, comprehend a network's communication patterns, and spot potential security holes (Digital Forensics 2018).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Registry Tool or Autoruns 1. Post a Screenshot of any Windows Registry tool or Autoruns from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 1 For the Windows operating system, configuration settings, user preferences, and system data are kept in a hierarchical database called the Windows Registry. A Windows system's registry is essential to its functionality and can offer useful insights about system activity, user behavior, and software installations. Users can examine and manage the programs and services that launch automatically when a computer starts up using the utility known as Autoruns. The virus and suspicious programs that can be hidden in the starting processes might be found with this tool.
Screenshot 2 – Log Viewing 2. Post a Screenshot of any Log Viewing Utility, (Event Viewer, Notepad++) from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 2 An integrated Windows utility called Event Viewer records system events and alarms and provides helpful details about system activity, application and security problems, and hardware events. Event Viewer can assist in locating and resolving problems that might occur on a Windows system. Multiple programming languages are supported by the text editor Notepad++, which also offers helpful functions like syntax highlighting, code folding, and autocompletion. For editing and analyzing text-based files, scripts, and code snippets, use Notepad++.
Screenshot 3 – Log Parsing tool 3. Post a Screenshot of a Log Viewer or commands useful for Log parsing from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Analyzing log files to extract pertinent data, such as particular events, errors, and timestamps, is the process known as log parsing. The use of log parsing tools to search, filter, and extract data from log files can reveal important details about system activity, security flaws, and potential problems. The data that was retrieved can be utilized to create reports, spot trends, and aid forensic investigations.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 4 – Hashing Tool 4. Post a Screenshot of Hashing Tool (hashtab, sigcheck, etc) from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics Image 4 Programs known as hashing tools accept input data and output a fixed-length hash or message digest. As any changes to the input data will result in a different hash output, these techniques are frequently used to verify the integrity and validity of data. The hashing algorithms SHA-256, MD5, and SHA-1 are a few well-known ones. Numerous uses for hashing technologies exist, such as password storage, digital signatures, and data validation.
Screenshot 5 – FTK Imager 5. Post a Screenshot of FTK Imager from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 5 A forensic imaging tool called FTK Imager is used to create and examine forensic photographs of digital objects like memory cards, hard disks, and USB drives. Without changing the original data, it enables investigators to build bit-by-bit pictures of the storage medium, which can then be analyzed to draw out crucial information and evidence. E01, DD, and AFF are just a few of the picture file formats that FTK Imager supports. Additionally, it offers several tools for finding and analyzing the image, including file filtering, hash analysis, and keyword search.
Screenshot6 – Disk Analysis Tool (for example Autopsy) 6. Post a Screenshot of any Disk Analysis tool (like Autopsy) from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 6 Programs called disk analysis tools are used to look through and analyze the data on storage devices including hard disks, SSDs, and USB drives. With the help of these tools, you may get a thorough overview of all the data on the disk, including its file system, file kinds, and use data. They can be applied to minimize storage consumption, find potential security problems, and restore deleted items. Autopsy WinDirStat, TreeSize, and Disk Analyzer Pro are a few well-known disk analysis programs. System administrators, experts in data recovery, and anybody else trying to efficiently manage their disk space can all benefit from these technologies.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 7 – Browser Recovery Tool 7. Post a Screenshot of any Browser Recovery Tool from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 7 Tools for recovering lost or deleted data from web browsers like Google Chrome, Mozilla Firefox, and Internet Explorer are known as "browser recovery tools." These tools are made to extract surfing-related information from temporary and cached files in the browser, including browsing history, bookmarks, saved passwords, and other information. They can be used to recover mistakenly deleted data or to investigate surfing activities for security or legal reasons. Recuva, EaseUS Data Recovery Wizard, and Forensic Browser History Extractor (FBHE) are a few well-known browser recovery applications.
Screenshot 8 – Malware Analysis Tool 8. Post a Screenshot of using a Malware Analysis tool the file command or the virustotal website In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 8 Tools used to inspect and analyze dangerous software, including viruses, trojans, and worms, are known as malware analysis tools. These tools are made to find and recognize the functionality, structure, and behavior of malware in order to create efficient defenses and safeguard against upcoming dangers. Sandboxing, code analysis, and reverse engineering are just a few of the ways that malware analysis tools may employ to examine malware behavior and pinpoint its origins. IDA Pro, OllyDbg, Malwarebytes, Virustotal, and other well-known malware analysis programs are some examples. These resources are crucial for forensic investigators, researchers, and cybersecurity experts who need to examine and comprehend malware activity.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 9 – Volatility Framework or Sysinternals IR Tool 9. Post a Screenshot of using the Volatility Framework or Sysinternals IR Tool from any of your Prior labs. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics. Image 9 A collection of sophisticated system utilities and tools called Sysinternals IR (Incident Response) tool was created by Microsoft for Windows operating systems. In addition to malware analysis, rootkit identification, system monitoring, and process analysis, these tools can be used for a variety of system management and diagnostic duties. The Sysinternals IR tool was created to offer system administrators and IT professionals a complete range of tools for troubleshooting and fixing system issues. Process Explorer, Autoruns, TCPView, and Process Monitor are some of the suite's most well- known tools.
Screenshot 10 – Wireshark or Network Miner 10. Post a Screenshot of Wireshark or Network Miner. In 3-5 complete sentences, discuss the tool and explain the relevance to computer forensics. In 3-5 complete sentences (below your screenshot), discuss the tool and explain the relevance to computer forensics.
Conclusion Students: In the box below, please give some feedback on the course. Discuss what you like and what you think could be improved. Discuss your new perspective on Computer forensics. Conclusion To recap, digital forensics tools and techniques are crucial in the field of computer forensics to recover, examine, and preserve electronic data. Digital forensic investigators utilize these technologies to look into cybercrime, recover data from damaged systems, and evaluate digital evidence. They have undergone substantial evolution over time to keep up with the rapid improvements in technology. For digital forensics, each tool is crucial because it has its own special characteristics and abilities (Digital Forensics 2018). APA References Chandel, R. (2020, November 6). Comprehensive guide on FTK imager. Hacking Articles. Retrieved September 24, 2023, from https://www.hackingarticles.in/comprehensive-guide-on-ftk-
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
imager/#:~:text=FTK%20Imager%20is%20an%20open-source%20software%20by %20AccessData,soon%20be%20preserved%20and%20can%20be%20analyzed%20further Digital Forensics. NIST. (2018, May 11). Retrieved September 24, 2023, from https://www.nist.gov/programs-projects/digital-forensics A guide to digital forensics and cybersecurity tools. Forensics Colleges. (2022, May 19). Retrieved September 24, 2023, from https://www.forensicscolleges.com/blog/resources/guide-digital- forensics-tool Robb, D. (2023, January 19). 16 Best Digital Forensics Tools & Software: Esecurity Planet. eSecurityPlanet. Retrieved September 25, 2023, from https://www.esecurityplanet.com/products/digital-forensics-software/ Wireshark: A network forensic tool. Forensic Yard. (2022, December 12).Retrieved September 25, 2023, https://forensicyard.com/wiresharkinforensics/#:~:text=The%20types%20of%20information %20that%20can%20be%20gathered,has%20been%20implemented%20on%20a%20system. %20More%20items

Related Documents

Exercises Chapter 7.docx
Exercises Chapter 12.docx
Exercises Chapter 1.docx
Untitled document.docx
Exercises Chapter 9.docx
Practicing Linux Commands.pdf
LAB9_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx