LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

18

Uploaded by joespady4u25

Report
Name: XXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 1 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Creating Your First Name Account ..................................................................................................... 3 Screenshot 2 – Create a YOURNAME User account ................................................................................................... 4 Screenshot 3 – Create a YOURNAME Service ............................................................................................................. 5 Screenshot 4 – Add Yourname.EXE to the Starup Folder for Administrator ............................................................... 6 Screenshot 5 – Your First Folder with the Registry Files with Date Modified ............................................................. 7 Screenshot 6– Windows Computer Name Date Pulled from the Registry ................................................................. 8 Screenshot 8– Yourname Service Pulled from the Registry ........................................................................................ 9 Screenshot 8 – SAM (Security Accounts Manager) with Yourname ......................................................................... 10 Screenshot 9 – Access the Startup Folder ................................................................................................................ 11 Screenshot 10 – Autoruns with Yourname. EXE running at Startup ......................................................................... 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14 1
Introduction Students: In the box below, please explain the purpose of using the Windows Registry and explain how it is relevant to Digital Forensics Technology and Practices. Introduction The windows registry is a repository for artifacts essential to digital forensics investigations and offers forensic analysts access to possible evidence they may need to gather to pursue legal action. To store keys, subkeys, and values that may monitor user data, the Windows registry employs a system of hives and supporting files (Dimov, 2021). A user's program settings, desktop, and use environment, including their network connections, may all be determined using user data. Registry keys are initially kept as negative values that cannot be rewritten; however, once they are destroyed, they are converted to positive values that may be overwritten (Dimov, 2021). Tolls are tools that forensic investigators can employ to analyze data stored in the Windows registry and connect illegal activity to certain deeds. User action often interacts with the Windows registry through installs, applications, and programs rather than directly. Registry keys provide Last Write time information that enables the forensic analyst to determine when the keys were last modified. No extension, extension. Alt, extension.log, and extension. Sav are just a few of the commands forensic analysts employ to browse through the Windows registry to make it simpler for them to gather their evidence (Dimov, 2021). The forensic analyst's toolkits can do replication, duplication, record listing, and backups using these commands. Credit card fraud, the hunt for criminals in possession of child pornography, and users who have stolen sensitive data from companies, including their clients' personally identifiable information (PII) or intellectual property, are some examples of how the windows registry has been used in the real world. specialized applications in digital forensics investigations and extra tools for searching the windows registry for proof. Because they don't want to take the chance of compromising the integrity of the original information, forensic investigators utilize duplicates of the original files they find. Forensic analysts should make use of the FTK imager, command prompt, and windows registry recovery when catering to their demands and requirements to make sure the investigation doesn't mess with original file integrity. 2
3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Your First Name Computer Name 1. Your First Name in the Computer Name Box. The Name of the computer should be your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname being used in the computer name. 4
Screenshot 2 – Create a YOURNAME User account. 2. The Name of the User created should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname user account being create at the command line. 5
Screenshot 3 – Create a YOURNAME Service 3. The Name of the Service created should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname being used in the Service being Created on Windows. 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 4 – Add Yourname.EXE to the Startup Folder for Administrator 4. The Name of the file should be your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname being used in the startup folder for the administrator 7
Screenshot 5 – Your First Folder with the Registry Files with Date Modified 5. The Name of the Folder should match your first and last name. The use of anyone else’s name may result in an academic integrity review by your professor. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit. 8
Take a screenshot of the Yourname folder with the collected registry files. 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 6– Windows Computer Name Date Pulled from the Registry 6. Show the system hive of the registry with the Computer Name of your Windows operating system. Label your screenshot. Take a screenshot of Yourname in the system registry under machine name. 10
Screenshot 7– Yourname Service Pulled from the Registry 7. Show the system hive of the registry with the Yourname Service. Label your screenshot. Take a screenshot of the Yourname Service in the system registry under services 11
Screenshot 8 – SAM (Security Accounts Manager) with Yourname 8. The Name of the User listed in the SAM file created during should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname user in the SAM file from the Windows Registry. 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 9 – Autoruns with Yourname. EXE running at Startup 9. The Name of the executable file should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname file in Startup within the Autoruns program. 13
14
Screenshot 10 – Autoruns with Yourname Service Running 10. The Name of the Service listed in Autoruns should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname Service Running within the Autoruns program . 15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion A tool utilized in this lab called FTK imager has a lot of features and capabilities for forensics investigators. Email analysis, file decryption, data carving, data visualization, online browsing, Cerberus, and OCR are among services that the FTK imager can offer (Dodt, 2021). These instruments offer extra resources for parsing the windows registry for evidence and have specific use in digital forensics investigations. Because they don't want to take a chance on interfering with the integrity of the original file, forensic investigators make duplicates of the original files they find. Write blocks can also be helpful in these sorts of operations to guarantee there are no write capabilities when examining files with an FTK imager. According to Chandel (2020), analysts may use the FTK imager's full procedure to make forensic images, grab memory, examine image dumps, mount pictures to drives, encrypt, and decode data, access protected information, and export files. The command prompt also gives you a simple way to make folders, copy files, and execute quick applications to help you establish data sets that forensic tools can evaluate. The data sets needed to study registry files are uploaded using a program called Windows registry recovery, which also makes it possible to retrieve files from the registry even after the machine has crashed. In forensic investigations, this is useful if there is damaged hardware. Data recovery is required (Windows registry recovery 2019 enables you to restore registry configuration from wrecked PCs). Data theft, network breaches, online fraud, identity theft, 16
violent and nonviolent crime, and white-collar crimes can all be prevented with the help of digital forensics (Understanding Digital Forensics: Process, Techniques, and Tools, n.d.). The resources utilized in this lab improved my comprehension of the practical applications of the Windows registry and the ways that investigators may use the command prompt and FTK imager to copy data for later analysis and use as evidence in court. 17
APA References Chandel, R. (2020, November 6). Comprehensive guide on FTK imager. Hacking Articles. Retrieved July 16, 2023, from https://www.hackingarticles.in/comprehensive-guide-on-ftk-imager/ Dimov, I. (2021, July 18). Windows systems and artifacts in digital forensics, part I: Registry. Infosec Resources. Retrieved July 16, 2023, from https://resources.infosecinstitute.com/topic/windows- systems-and-artifacts-in-digital-forensics-part-i-registry Dodt, C. (2021, July 10). Computer forensics: FTK forensic toolkit overview [updated 2019]. Infosec Resources. Retrieved July 16, 2023, from https://resources.infosecinstitute.com/topic/computer- forensics-ftk-forensic-toolkit-overview/ Understanding Digital Forensics: Process, techniques, and Tools. BlueVoyant. (n.d.). Retrieved July 16, 2023, from https://www.bluevoyant.com/knowledge-center/understanding-digital-forensics- processtechniquesandtools#:~:text=The%20Digital%20Forensics%20Process %201%20Collection%20The%20collection,built%20by%20the%20examiners. %20...%204%20Reporting%20 Windows registry recovery lets you recover registry configuration from crashed computers. The Windows Club. (2019, August 27). Retrieved July 16, 2023, from https://www.thewindowsclub.com/windowsregistryrecovery#:~:text=Windows%20Registry %20Recovery%20is%20a%20freeware%20that%20can,Registry%20Hive%20is%20and%20how %20this%20tool%20works . 18
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Exercises Chapter 9.docx
Practicing Linux Commands.pdf
LAB11_Digital Forensics Technology and Practices_WORKSHEET1 Kwadwo Antwi.docx
LAB9_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
Problem 11-5.docx
LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB4_Digital Forensics Technology and Practices_WORKSHEET3 Kwadwo Antwi.docx
LAB3_Digital Forensics Technology and Practices_WORKSHEET2.docx