CSCI 388 Computer Forensics Fall 2014
Registry Viewer Graded Lab
- In this lab you will work with Washer image.
- In this lab you will create only ONE summarry report for NTUSER.DAT
file for Administrator and document all additional findings in the text or
Word file
named LastNameRegLab
- Create a folder GradedLab to save
registry, report, and LastNameRegLab files there
- Harvest registry files from Washer Image
- Find the following information: the number of
users, SID for each user. Document # of users, names and last four digits
of the SID for each user in the text/Word file LastNameRegLab
- Find Time Zone, Registered Owner, Registered
Organization, ProductID, ProductName, InstallDate (in case and values are set), and ONE USB drive
that
have been attached to the suspect's system(hint: navigate to USBSTOR key in
SYSTEM page 225). Document your findings in LastNameRegLab
- Harvest NTUSER.DAT file for the Administrator
- FInd the following information: ONE recovered password, ONE typed
URL,
ONE name of the Recent Document
- Create ONE Summary report that documents information above you
found in NTUSER.DAT file
- Submit the Summary Report and LastNameRegLab file on campus cruiser