LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

14

Uploaded by joespady4u25

Report
Name: XXXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 2 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Yourname Displayed by the Hostname Command ............................................................................ 3 Screenshot 2 – Create a YOURNAME User account ................................................................................................... 4 Screenshot 3 –YOURNAME Account in the Event Viewer Security Log ...................................................................... 5 Screenshot 4 – Codemeter Runtime Server Stopped in the Application Log ............................................................. 6 Screenshot 5 – Windows Update Medic Service Stopped in the System Log ............................................................. 7 Screenshot 6 – Windows Shutdown Initiated in the System Log ............................................................................... 8 Screenshot 7– Yourname Parsed from the Security Log using PSloglist ..................................................................... 9 Screenshot 8– Yourname Parsed from the Security Log using Notepad++ ............................................................... 10 Screenshot 9 – Windows Security Log Cleared ........................................................................................................ 11 Screenshot 10 –Yourname Scheduled Task in Windows System32 .......................................................................... 12 Take a screenshot of the Yourname Service Running within the Autoruns program ............................................... 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 13 1
Introduction Introduction Network analysts can see events, failures, and crucial information pertaining to the operating system of the device using the windows event viewer as an administrative tool (What is the Windows Event Viewer? 2020). Logs are records that are kept that detail the operating system-specific events that take place; these events aid in the investigation of any mistakes or possibly harmful behavior that may be occurring within an operating system. Network analysts may examine what's occurring in their networks by having complete information of the tasks that the device is carrying out, including time stamps. The Windows Event Viewer logs five different kinds of events: information about programs, services, and drivers; alerts about minor problems like low disk space; errors about major issues that may result in functionality loss and data loss; success audits for successful logon events; and failure audits for unsuccessful logon events. The event viewer creates a comprehensive image of the inner workings of the operating system with all the data it gathers, allowing the network analyst to identify any potential problems. Task scheduling aids forensic teams in managing workloads, meeting deadlines, making progress toward their objectives, and enhancing overall operational efficiency (Prabhu, 2022). To protect network security and determine what may have happened or is presently happening during a network breach, forensic analysts will need to automate the environment in which they gather and evaluate data (Prabhu, 2022). In larger networks, the number of logs reported by Windows Event Viewer can reach the tens of thousands. Scheduled activities can reduce heavy workloads and speed up searching through logs for pertinent information. 2
Screenshot 1 – Yourname Displayed by the Hostname Command 1. When you type the hostname command, the computer name should be Your First Name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name as the Computer Name when you run the hostname command 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 2 – Create a YOURNAME User account 2. The Name of the User created should match your first and last name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname user account being create at the command line. 4
Screenshot 3 –YOURNAME Account in the Event Viewer Security Log 3. The Name of the user created in the Windows Security Log in the Event Viewer should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Yourname being created in the Security Log of the Event Viewer. 5
Screenshot 4 – Codemeter Runtime Server Stopped in the Application Log 4. The Date and Timestamp from the Codemeter Runtime Server Service stopping in the Application Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Codemeter Runtime Server being stopped in the Application log 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 5 – Windows Update Medic Service Stopped in the System Log 5. The Date and Timestamp from the Windows Update Medic Service stopping in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Windows Update Medic Service being stopped in the System log 7
Screenshot 6 – Windows Shutdown Initiated in the System Log 6. The Date and Timestamp from the Windows Shutdown being initiated in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Windows Shutdown being Initiated in the System log 8
Screenshot 7– Yourname Parsed from the Security Log using PSloglist 7. Show your name being parsed from the Security Log using PSloglist at the command line. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname Parsed from the Security Log using PSloglist 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 8– Yourname Parsed from the Security Log using Notepad++ 8. Show your name being parsed from the Security Log using Notepad++. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname Parsed from the Security Log using Notepad++ 10
Screenshot 9 – Windows Security Log Cleared 9. The Date and Timestamp from the Windows Security Log being Cleared in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Windows Security Log being Cleared. 11
Screenshot 10 –Yourname Scheduled Task in Windows System32 10. The Name of the Scheduled Task listed should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Yourname Scheduled Task 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion To assure comprehension of the windows event viewer and its ability to plan tasks, you must successfully complete this lab. Network analysts can analyze the network and its devices more quickly thanks to scheduled activities, as was already noted. Event logs are used as a tool by the event viewer to provide a picture of what is happening inside the operating systems of network devices. The event manager tracks the various types of network events, and when they are combined, they can create a baseline for network administrators to use when deciding what may need their attention (Huculak, 2020). This tool is crucial because network traffic needs to be monitored to ensure the network's security . Scheduled tasks are beneficial for network managers, but they may also be exploited maliciously by network attackers to build persistence in a system (Whims, n.d.). To further breach the network, attackers can configure tasks that allow them to return to the network perimeter whenever they choose. Additionally, tasks may be built to run programs and grant illegal users more rights. A network administrator must take a few steps to ensure that they can spot this malicious activity. These steps include visibility, which develops a process for monitoring any command-line execution of scheduled tasks, a collection stage, where all processes are audited to make sure there are no tasks from an intrusive source, a detection stage, where known scheduled tasks that are frequently used to create persistence are uncovered, as well as testing, which involves performing a self- evaluation on the system. This lab has taught me a lot about the value of event logs and how they relate to digital forensics; they are essential for providing network analysts with a starting point from which to comprehend the activities taking place within a network. I have also gained knowledge about the advantages of scheduled chores as well as the dangers that might arise when a bad actor uses them. APA References 13
Whims, S. (n.d.). Tasks - win32 apps. Win32 apps | Microsoft Learn. Retrieved July 24, 2023, from https://learn.microsoft.com/en-us/windows/win32/taskschd/tasks Scheduled task - threat detection report. Red Canary. (n.d.). Retrieved July 24, 2023, from https://redcanary.com/threat-detection-report/techniques/scheduled-task/ Huculak, M. (2020, September 3). How to use event viewer on Windows 10. Windows Central. Retrieved July 24, 2023, from https://www.windowscentral.com/how-use-event-viewer- windows-10 What is the Windows Event Viewer? Computer Hope. (2020, December 31). Retrieved July 24, 2023, from https://www.computerhope.com/jargon/e/evenview.htm Prabhu, A. (2022, November 25). Importance of scheduling tasks and its benefits. Best OKR Software by Profit.co. Retrieved July 24, 2023, from https://www.profit.co/blog/task- management/importanceofschedulingtasksanditsbenefits/#:~:text=A%20schedule%20is %20important%20for%20the%20following%20reasons%3A,...%205%20Accountability %20...%206%20Happier%20Teams%20 14

Related Documents

LAB11_Digital Forensics Technology and Practices_WORKSHEET1 Kwadwo Antwi.docx
LAB9_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
Problem 11-5.docx
LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB4_Digital Forensics Technology and Practices_WORKSHEET3 Kwadwo Antwi.docx
LAB3_Digital Forensics Technology and Practices_WORKSHEET2.docx
Lab 8 Snort_Student22-1.docx
Case 4A S4H GBI Production-Group 4.docx