CSCI 388 Computer Forensics Fall 2014
Registry Viewer Graded Lab

• In this lab you will work with Washer image.
• In this lab you will create only ONE summarry report for NTUSER.DAT file for Administrator and document all additional findings in the text or Word file named LastNameRegLab

• Create a folder GradedLab to save registry, report, and LastNameRegLab files there
• Harvest registry files from Washer Image
• Find the following information: the number of users, SID for each user. Document # of users, names and last four digits of the SID for each user in the text/Word file LastNameRegLab
• Find Time Zone, Registered Owner, Registered Organization, ProductID, ProductName, InstallDate (in case and values are set), and ONE USB drive that have been attached to the suspect's system(hint: navigate to USBSTOR key in SYSTEM page 225). Document your findings in LastNameRegLab
• Harvest NTUSER.DAT file for the Administrator
• FInd the following information: ONE recovered password, ONE typed URL, ONE name of the Recent Document
• Create ONE Summary report that documents information above you found in NTUSER.DAT file
• Submit the Summary Report and LastNameRegLab file on campus cruiser