Graded Lab
- Open one of the cases you have
- In this lab you will work with the following images: Mantooth and Washer
- ADD BOTH IMAGES TO THE CASE, any other images must be removed from your case.
- Document results in Word file
- Find the total number of enrypted files
- Find the number of EFS encrypted files
- List the owner (name and SID) for each encrypted file.
- Decrypt all files. Document your steps. Pay attention, the procedure is different for
EFS encrypted
files.
- List all recovered passwords: make a table: first column - file name and second column - recovered
password
- List first 3 words from each decrypted file:
make a table: first column - file name and second column - first 3 words in the file.
- Submit Word file on Campus Cruiser
Pay Attention :
Before you start decryption process make sure you exported the Word List, created a Custom
Dictionary and Created a Profile. Follow Parts 2 and 4 on pages 720 - 722
Make sure when you start decryption process you are using the Profile you just created. Follow Part 5
Don't extract EFS encrypted
files from the case. Follow Page 724 to decrypt EFS encrypted files. Pay attention that in this
case you
have 2(!!!) images. You would need to extract SAM and SYSTEM for Manthoon image and SAM and system for
Washer image and recover the logon password for users from each image. Make sure you are pairing correct
SAM with correct SYSTEM/system file.