CSCI 393 Computer Forensics
Registry Viewer Graded Lab
- In this lab you will work with Washer image.
- In this lab you will create only ONE summarry report for NTUSER.DAT
file for Administrator and document all additional findings in the text or
Word file
named LastNameRegLab
- Create a folder GradedLab to save
registry files, reports, and Words file with answers to the Lab quedstions. Name the Word file: LastNameRegLab.
- Harvest registry files from Washer Image
- Find the following information: the number of
users, SID for each user. Document # of users, names and last four digits
of the SID for each user in the text/Word file LastNameRegLab
- Find Time Zone, Registered Owner, Registered
Organization, ProductID, ProductName, InstallDate (in case and values are set), and ONE USB drive
that
have been attached to the suspect's system(hint: navigate to USBSTOR key in
SYSTEM page 225). Document your findings in LastNameRegLab
- Harvest NTUSER.DAT file for the Administrator
- Find the following information: ONE recovered password, ONE typed
URL,
ONE name of the Recent Document. Add your findings to report you will create.
- Create ONE report that documents information you
found in NTUSER.DAT file. Name report LasNameReport (this is htm file)
- Submit the Report and LastNameRegLab file on campus cruiser