CNIT 121 Project X7: Finding More Evidence in Anon Case (up to 25 pts.)
What You Need for This Project
- A Windows machine, with FTK installed. It can be real or virtual. I used a Windows XP virtual machine.
Downloading the Evidence File
Dowload the file below:
anon-E.7z
Use Hashcalc to calculate the hash of the file
you downloaded. It should match the figure below:
Unzip the file with 7-Zip.
Tasks
You need to examine the evidence you obtained from
that file and find these evidence items. For each item,
you must determine the answer and include a screen
capture image that proves it.
TYPE THE ANSWER FOR EACH ITEM INTO YOUR EMAIL.
ALSO PROVIDE A FULL-DESKTOP IMAGE TO PROVE EACH ITEM.
There are no step-by-step instructions, but we have covered
all the required procedures in earlier projects and
the lectures.
Evidence Items to Find (5 pts. each)
- Determine the CurrentControlSet value
- How many user accounts have been used on this system? List them all.
- What is the name of the currently logged-on user?
- What USB devices have been connected to this computer? List them all, by "friendly name", and provide image(s) to prove it.
- How many URLs has the current user typed into Internet Explorer recently? Provide an image listing them all.
Turning in your Project
Email the images to me. Send the email to: cnit.121@gmail.com with a subject line of "Proj 15 From Your Name", replacing Your Name with your own first and last name. Send a Cc to yourself.
Last Modified: 4-10-13