lab4IASP 53010/13/2020
Using a live acquisition tool to capture evidence.
Analyzing Virtual Memory Using Forensic Toolkit.
Analyzing Windows Registry
You have used AccessData’s Forensic Toolkit (FTK) Imager to image storage devices, analyze several files. In addition, FTK Imager is provided a portable version that will fit on a small USB storage device (com/product-download#past-versions“>https://accessdata.com/product-download#past-versions, download FTK Imager Version 4.3.1.1 into your USB driver). Then, a forensic investigator can acquire the contents of virtual memory and the Windows registry that may be related to any computer crimes committed on that machine. As we may know, the virtual memory holds data temporarily when the operating system processes instructions.
Procedures:
You should install FTK Imager Lite (not anymore work, so we use FTK Imager Version 4.3.1.1 as a portable tool) on a USB Flash drive and use it to capture the Windows registry files while extracting all the files of FTK Imager Lite (FTK Imager Version 4.3.1.1) into a USB flash drive.
To start the software, double-click the FTK Imager.exe file.
Because virtual memory is temporary (volatile), examination of this evidence may be possible only before the computer is turned off to move it to a forensic lab.
You should process a virtual memory capture performed on a live computer.
Procedures:
Copy the memdump.zip file wherever you want to save, and extract all (like a RAM folder).
To start FTK tool by right-clicking the FTK icon in your USB drive (e.g., Run as administration).
In the search tab (ctrl+F after highlighting the hexadecimal windows at the right bottom), type bank, and click the blue add button. In the search tab, type search, and click the blue add button. Where both bank and search are found together, click the blue view cumulative results button, select all hits, check apply to all and click OK.
Screen shot of search results while indicating John Smith used Bing in Internet Explorer to search for bank locations.
Screen shot of http://www.yellowpages.com to find the Suntrust Bank Plantation location
What is the size of the memdump.mem file?
How many evidence items were processed by FTK?
How many hits are found searching using the word password ?
How many files are found searching the file extension .doc ?
How many Cumulative Result Hits are found using both password and .doc ?
The Windows registry is a central repository for all information such as users, passwords, connected devices, and physical hardware. Those data in the registry can be searched for evidence using Access Data’s Registry Viewer. Although it does not display user information in a readable format, every item listed in the registry represents a 128-bit name called a globally unique ID (GUID) that contains useful information such as the last login or last storage device accessed.
Procedures:
First, you should install AccessData Registry Viewer with rv-registry_viewer-1.5.4.exe file on BB.
Right-click the AcessData Registry Viewer icon to start.
Click File tab and click open, navigate where we you saved in 1) lab, and click Registry folder.
Click the SAM file, and click open, click the + symbol next to the SAM to expand it.
Screen shot of the Administrator account including the Last Logon Time
Screen shot of the Guest account indicating the SID number 501.
What is the SID associated with John Smith user name?
What was the last time John Smith logged into the computer?
Besides Andrews, which other user has never logged into the computer?
Screen shot of the attached storage devices implying that a forensic investigator should look for additional storage devices.
How many USB storage devices have been connected to this computer?
How many internal hard drives have been attached to this computer?
Close the Registry Viewer dialog box while clicking the file tab.
Click the file tab, select open, and double-click the System registry hive to load it into the registry viewer.
Get professional assignment help cheaply
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Our essay writers are graduates with diplomas, bachelor, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.
Why choose our academic writing service?
Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently
Get Professional Assignment Help Cheaply
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason may is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Our essay writers are graduates with diplomas, bachelor’s, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college diploma. When assigning your order, we match the paper subject with the area of specialization of the writer.
Why Choose Our Academic Writing Service?
Plagiarism free papers
Timely delivery
Any deadline
Skilled, Experienced Native English Writers
Subject-relevant academic writer
Adherence to paper instructions
Ability to tackle bulk assignments
Reasonable prices
24/7 Customer Support
Get superb grades consistently
How It Works
1. Place an order
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
2. Pay for the order
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
3. Track the progress
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
4. Download the paper
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
PLACE THIS ORDER OR A SIMILAR ORDER WITH Essay fount TODAY AND GET AN AMAZING DISCOUNT
The post Using a live acquisition tool to capture evidence appeared first on Essay fount.
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but you proved you are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 11***| Rating: ⭐⭐⭐⭐⭐
"This company is the best there is. They saved me so many times, I cannot even keep count. Now I recommend it to all my friends, and none of them have complained about it. The writers here are excellent."
"Order a custom Paper on Similar Assignment at essayfount.com! No Plagiarism! Enjoy 20% Discount!"
