Reference no: EM132998672
Book: System Forensics, Investigation, & Response
Lab 2: Documenting a Workstation Configuration Using Common Forensic Tools
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will perform a forensic analysis of a Windows 2016 machine using three commonly available tools: WinAudit, DevManView, and Frhed. You will review the forensic capabilities of each tool, using the sample files provided, to determine any clandestine threats and vulnerabilities such as viruses and malicious software, if any. You also will recover a file that was altered to hide its native file format. You will document your findings in a forensics report.
Deliverables:
Please complete Sections 1 and 2 of this lab excluding lab quiz
SECTION 1 of this lab has three parts which should be completed in the order specified.
1. In the first part of the lab, you will use WinAudit to explore the configuration of the TargetWindows01.
2. In the second part of the lab, you will use DevManView to identify system devices and configuration.
3. In the third part of this lab, you will use Frhed to perform an analysis of an unknown file type.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will use the same tools to explore the vWorkstation, rather than TargetWindows01
Lab 3: Uncovering New Digital Evidence Using Bootable Forensic Utilities
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use a variety of forensic tools that are independent executables that run locally on a workstation or server under investigation. You will explore the features and functions of the following forensic utilities in this lab: Helix, Process Explorer, FavoritesView, IECacheView, IECookiesView, BrowsingHistoryView, and MyLastSearch. You will document specific data from each tool.
Please complete Sections 1 and 2 of this lab excluding lab quiz
SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of the lab, you will use Helix to identify system information and gather details about the images on the machine under investigation.
In the second part of the lab, you will use different Internet Explorer forensic utility tools to get additional data on running processes, favorites, cache, cookies, browsing history, and browser searches.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods.
Lab 4: Creating a Forensic System Case File for Analyzing Forensic Evidence
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use E3 to investigate an image of a hard drive to find forensic evidence without impacting the integrity of the data on the image. You will create an electronic case file showing the creation of a case and the addition of the evidence file provided to you, and you will save the case for later review. In this way, you will experience all of the steps necessary for a sound forensic investigation that will preserve Please complete Sections 1 and 2 of this lab (excluding lab quiz
SECTION 1 of this lab has one part. In the first part of the lab, you will explore the E3 tool used within the virtual lab environment.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will create a case file for a different drive image.
the source and ensure the evidence is defensible and presentable in a court of law.
Lab 5: Analyzing Images to Identify Suspicious or Modified Files
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use E3's Image Analyzer to automate image analysis to identify suspect files that may be useful in a forensic investigation. You will use E3's sort features to sort the files on the evidence drive into categories for easier analysis. You will document your progress throughout the lab.
Please complete Sections 1 and 2 of this lab (excluding lab quiz)
SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of the lab, you will start a new case file in E3.
In the second part of the lab, you will use E3's Image Analyzer to sort and analyze the images contained within an evidence drive under investigation.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will sort and review evidence from a different drive image.
Attachment:- Forensics labs 2-5.rar