LAB6_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi

docx

School

University of Maryland, University College *

*We aren’t endorsed by this school

Course

640

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

16

Uploaded by joespady4u25

Report
Name: XXXXX Semester: Summer Year: 2023 Section Number: 7621 Lab 6 Worksheet Digital Forensics Technology and Practices Table of Contents Introduction ............................................................................................................................................................... 2 Screenshot 1 – Yourname Text File Displayed in the Recycle Bin .............................................................................. 3 Screenshot 2 – Execute the Yourname.bat file ........................................................................................................... 4 Screenshot 3 – Copy the Yourname.bat file to the Windows directory ...................................................................... 5 Screenshot 4 – Create a Scheduled Task that runs Yourname.bat ............................................................................. 6 Screenshot 5 – Yourname Folder on the Root of the C: Drive .................................................................................... 7 Screenshot 6 – Finding Yourname.bat in Windows using FTK Imager ....................................................................... 8 Screenshot 7– Yourname Text within the Recycle Bin for Administrator ................................................................... 9 Screenshot 8 – Evidence Item Information for Autospy ........................................................................................... 10 Screenshot 9– Image File that had the Extension for a Document File .................................................................... 11 Screenshot 10 – Finding Yourname.bat in Windows using Autospy ........................................................................ 12 Conclusion ............................................................................................................................................................... 13 APA References ........................................................................................................................................................ 14 1
Introduction Students: In the box below, please explain the purpose of Disk Analysis and explain how it is relevant to Digital Forensics Technology and Practices. Introduction In Lab 6, we looked at the goal of performing disk analysis and the resources required to execute it. Understanding the various file systems and how to locate pertinent artifacts is crucial when performing forensic investigations. Forensic investigators frequently carry out disk analysis using programs like EnCase or FTK Imager. FAT32, NTFS, and exFAT are the different kinds of file systems that forensic investigators need to be aware of; there are other kinds as well, but these are some of the most typical. File Allocation Table, or FAT, is a general-purpose file system that may be used with several operating systems, including Windows, Mac OS, and Linux ("File Systems Overview", n.d.). The New Technology File System (NTFS) file system, which goes by the abbreviation NTFS, is most frequently used with the Windows operating system and supports extremely large volumes ("File Systems Overview," n.d.). A digital forensic investigator must be aware of how file systems operate in order to choose the most effective approach to the inquiry when performing disk analysis because it can appear daunting to look through every piece of data. The desktop, download folder, documents, common libraries, and registry keys are a few of the most often searched locations (Hamilton, n.d.). In Lab 6, the command line, FTK Imager, and Autopsy are used as tools. A forensics tool called FTK Imager enables investigators to examine and extract information as well as collect digital data from storage devices (Gehlaut, 2021). Additionally, FTK Imager is highly helpful for decrypting files, locating deleted files from the recycle bin, and breaking passwords (Gehlaut, 2021). Autopsy is another often utilized technology by digital forensic investigators that will also be used in this lab. A tool called autopsy is used to recognize, classify, and catalog different types of forensic data (Infosec, 2018). Investigators can view data from practically any file system type using autopsy, including FAT and NTFS file systems. Real-time keyword searches, website artifact extraction, and product results extraction are all possible with Autopsy (Gehlaut, 2021). Disk analysis is one 2
of the most crucial aspects of digital forensics, if not the most crucial. Finding hackers or building a case requires an understanding of how to navigate a file system and locate hidden or deleted files. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 1 – Yourname Text File Displayed in the Recycle Bin 1. When you look at the Yourname Text File Displayed in the Recycle Bin, the file name should be Your First Name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name File within the Recycle Bin Image 1: my name File within the Recycle Bin 4
Screenshot 2 – Execute the Yourname.bat file 2. Take a screenshot after you execute the yourname.bat file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the yourname.bat file being executed Image 2: my name .bat file being executed. Screenshot 3 – Copy the Yourname.bat file to the Windows directory 5
3. Take a screenshot after you copy the yourname.bat file to the Windows directory. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the yourname.bat file being copied to the Windows directory Image 3: my name .bat file being copied to the Windows directory. Screenshot 4 – Create a Scheduled Task “DIR” that runs Yourname.bat 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4. Take a screenshot after you Create a Scheduled Task that runs Yourname.bat. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Creating a Scheduled Task that runs Yourname.bat Image 4: Creating a Scheduled Task that runs Kwadwo.bat. Screenshot 5 – Yourname Folder on the Root of the C: Drive 7
5. Take a screenshot after you create a Yourname Folder on the Root of the C: Drive. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Yourname Folder on the Root of the C: Drive Image 5: my name Folder on the Root of the C: Drive 8
Screenshot 6 – Finding Yourname.bat in Windows using FTK Imager 6. Take a screenshot after you find yourname.bat in the Windows directory using FTK Imager. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Finding Yourname.bat in Windows using FTK Imager Image 6: Finding Kwadwo.bat in Windows using FTK Imager 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 7– Yourname Text within the Recycle Bin for Administrator 7. When you use FTK Imager to look at the Recycle Bin for the Administrator (500), you will find a deleted file. The text within the file should include Your First Name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of the Your Name Text Displayed within the Recycle Bin Image 7: my name Text Displayed within the Recycle Bin 10
Screenshot 8 – Evidence Item Information for Autospy 8. Take a screenshot of Your First Name and Your Last Name as the Examiner along with the other items you are required to fill out for the New Case Information for Autopsy. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Your First Name and Your Last Name as the Examiner Image 8: my First Name and Your Last Name as the Examiner 11
Screenshot 9– Image File that had the Extension for a Document File 9. Provide a screenshot of one of the Image Files that had the Extension for a Document File. Please label your screenshot to receive full credit. Take a screenshot of one of the Image Files that had the Extension for a Document File Image 9: screenshot of one of the Image Files that had the Extension for a Document File 12
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Screenshot 10 – Finding Yourname.bat in Windows using Autospy 10. Take a screenshot after you find yourname.bat in the Windows directory using FTK Imager. The use of anyone else’s name may result in an academic integrity review by your professor. The timestamp of the modified time of this file should be within the class timeframe. The use of a time stamp not during this class may result in an academic integrity review by your professor. Please label your screenshot to receive full credit. Take a screenshot of Finding Yourname.bat in Windows using Autopsy Image 10: Finding Kwadwo.bat in Windows using Autopsy. 13
Conclusion Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab. Hint: Discuss tools and commands used in the lab. Conclusion I located and retrieved files using disk imaging tools. It takes a lot of knowledge and understanding of file systems to examine digital material for artifacts that reveal a hacker or are connected to a forensics case. I started the lab by creating a text file with my name in it in notepad, deleting it so it would end up in the recycle bin, then subsequently reviewing it with the disk analysis tools. After finishing that, I created a batch file with my name using the command line. A batch file is a particular kind of file that can automate routine chores, reduce the amount of time needed to complete jobs, and turn complex processes into something that everyone can use (Buckley, 2021). I was able to see any hidden files and directories once the batch file had been run. I then used the schtasks /create command to add a scheduled task to the system after copying the batch file into the Windows Directory. I next copied image files into the folder I had just made with my name on it at the root of C. I then changed the.jpg files' names to.doc files to hide them. Hackers frequently alter file extensions to try to conceal their activities. I was able to locate the batch file that included my name and inspect the text file that was deleted using FTK Imager. In FTK Imager's System32 folder, I also discovered the scheduling task I made. Finally, I utilized Autopsy to locate the picture files that had their extensions converted to.doc. I was also able to determine the date the batch file with my name on it was created. Although there are many ways to perform disk analysis, a digital forensics investigator's strongest tool for thwarting intrusions or presenting evidence in a case will be their knowledge of the many kinds of file systems and how to use popular tools to navigate them. 14
APA References Autopsy Computer Forensics Platform Overview. INFOSEC. (2022). Retrieved 17 August 2023, from https://resources.infosecinstitute.com/topic/autopsy-computer-forensics-platform-overview/ Buckley, I. (2021). How to Create a Batch (BAT) File in Five Simple Steps. MUO. Retrieved August 18, 2023, from https://www.makeuseof.com/tag/write-simple-batch-bat-file/ File Systems Overview. Kb.wisc.edu. Retrieved 18 August 2023, from https://kb.wisc.edu/helpdesk/page.php? id=11300#ntf 15
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Gehlaut, R. (2021). Use of FTK Imager Forensic Tool. Hacknos. Retrieved August 18, 2023, from https://www.hacknos.com/use-of-ftk-imager-forensic-tool/ Hamilton, M. Forensic Analysis of Digital Media - 4 Methods Explained. Critical Insight. Retrieved August 18, 2023, from https://www.criticalinsight.com/resources/news/article/forensic-analysis-of-digital-media-4-methods-explained 16

Related Documents

LAB10_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB8_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
LAB1_Digital Forensics Technology and Practices_WORKSHEET Kwadwo Antwi.docx
LAB5_Digital Forensics Technology and Practices_Kwadwo Antwi.docx
LAB2_Digital Forensics Technology and Practices_WORKSHEET2 Kwadwo Antwi.docx
Problem 11-5.docx
LAB4_Digital Forensics Technology and Practices_WORKSHEET3 Kwadwo Antwi.docx
LAB3_Digital Forensics Technology and Practices_WORKSHEET2.docx
Lab 8 Snort_Student22-1.docx
Case 4A S4H GBI Production-Group 4.docx
2-1 Discussion Use Case Diagram.docx
Remediation template for Fundamentals Practice A & B (1).docx