This is a Lab so you have to log into to my JBLearning. Lab 5: Conducting Forensic Investigations on Windows Systems (4e) Introduction: Microsoft Windows is the most widely used operating system for


This is a Lab so you have to log into to my JBLearning.

Lab 5: Conducting Forensic Investigations on Windows Systems (4e)

Introduction:

Microsoft Windows is the most widely used operating system for both personal and business use. Originally released in 1985 as a graphical operating system shell for MS-DOS, Windows rapidly became the dominant personal computing operating system over the course of the 1980’s and 1990’s. Despite the resurgent popularity of Apple’s Mac OS in the 2000s, today Windows still maintains more than 75% market share for desktop and laptop computers (among smartphones and similar devices, Android is similarly dominant). For this reason, the relevance of Windows in the field of digital forensics cannot be understated. As a forensics investigator, encountering cases involving Windows-based evidence is all but inevitable.

Within the realm of Windows-based digital forensics, there are multiple forms of analysis that an investigator can perform, most of which intersect with other types of digital forensics. For example, data recovery, network packet capture, and malware analysis are all types of forensic activities that a professional might conduct within a Windows environment. In some situations, the knowledge and skills required may transfer readily from one operating system to another, but in many cases, the mode of forensic analysis and background required will be unique to Windows. The most obvious example of the latter is conducting live analysis directly on a Windows system, which requires an investigator to use Windows-specific utilities and explore Windows-specific artifacts.

PurposeIn this lab, you will use several Windows utilities to perform live analysis on a Windows Server 2019 system. You will explore one of the most evidence-rich areas of the Windows operating system – the Windows Registry. In Section 2, you will shift your attention to a Windows drive image and conduct forensic analysis using Paraben’s E3.

Directions:

1. Go to jblearning.com Links to an external site.and find Lab 5: Conducting Forensic Investigations on Windows Systems.

2. Upon completion of this lab, you are required to submit the following:

  1. A Lab Report file in Microsoft Word or any document file including screen captures of the following step:
    • Section 1: Hands-On Demonstration
      • Part 1 – Step 4, 10, 14, 16, 26
      • Part 2 – Step 5, 7, 9, 15, 17Section 2: Applied Learning
      • Part 1 – Step 14
      • Part 2 – Step 6, 10, 14, 17, 19, 21, 24, 26
  2. YourName Lab 5
  3. The Lab Quiz Assessment –  Lab 5 Quiz

3. To Submit:  Click “Submit” button above.

Be sure to attach all required files to the assignment before clicking Submit. Your assignments are not completed until they are submitted. You must contact the instructor if you submit the wrong file, forget to attach a file, or have any other problems so that the instructor can reset the assignment attempt.

Grading:

This assignment is worth up to 50 (10 points for Lab Quiz and 40 points for Lab Report file) points towards your final grade. Your submission will be evaluated using the following criteria:

  1. All required screenshots are present and all lab directions were followed (up to 40 points with points deducted for any missing steps/screenshots).
  2. All questions on the quiz assessment have been answered completely (10 points).

 Trial Case Study – In-class” style=”float: left;”>Previous Module 5: Lab Assignment 6″ style=”float: right;”>Next

—————————————————————————

 Lab 6: Conducting Forensic Investigations on Linux Systems

Introduction: 

Linux is a free, open-source operating system, which means that the source code is available for anyone who wants to modify, repackage, and distribute it. Although it is available for free, it is a robust, high-performance system that is quite popular in certain areas of the computing community, particularly for infrastructure and web servers. For forensic investigators, this means that you are just as likely to encounter Linux-based evidence while examining servers and network infrastructure as you are likely to encounter Windows-based evidence when dealing with desktops and laptops. It is also worth noting that Linux is the underlying operating system used for Android, the most common mobile operating system worldwide with more than 72 percent of the market share. Although mobile forensics is outside the scope of this particular lab, many of the skills you will learn can also be applied to Android devices.

One of the most important components of Linux is the interactive interface, or shell. The shell is what takes the commands entered into the keyboard and delivers them to the operating system. There are two main shells for Linux: a graphical user interface (GUI) and a command line interface (CLI). Although the GUI may initially feel more familiar to users with a Windows or Mac OS background, the command line interface offers tremendous flexibility and power for interacting with the operating system. As a forensics investigator, understanding common Linux commands is essential to performing forensic analysis on a Linux machine. 

Purpose: 

In this lab, you will explore the Linux file system and practice some basic commands, which you will use to retrieve log files – a common source of forensic evidence. In Section 2, you will shift your attention to an existing Linux drive image and conduct forensic analysis on the file system.

Directions:

1. Go to jblearning.com Links to an external site.and find  Lab 6: Conducting Forensic Investigations on Linux Systems (4e)

2. Upon completion of this lab, you are required to submit the following:

  1. A Lab Report file in Microsoft Word or any document file including screen captures of the following steps:
    • Section 1: Hands-On Demonstration
      • Part 1, Steps 17, 20, 21, 22,
      • Part 2, Steps 2, 7, 9, 11, 15
      • Part 3, Steps 4, 7,
    • Section 2:
      • Part 1, Steps 15, 17 (Document)
      • Part 2, Steps 3 (Document)
      • Part 3, Step 4 (Document)
  2. The Lab Assessments Quiz – Lab 6 Quiz.

3. To Submit:  Click the “Submit” button above.

Grading:

This assignment is worth up to 50 points(10 points for Lab Quiz and 40 points for Lab Report File towards your final grade. Your submission will be evaluated using the following criteria:

  1. All required screenshots are present and all lab directions were followed (up to 30 points with points deducted for any missing steps/screenshots).
  2. All questions on the assessment sheet have been answered completely.

—————————————————————————-

Lab 2: Recognizing the Use of Steganography in Forensic Evidence (4e)Introduction:

Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out of the usual. The word steganography comes from ancient Greece (steganos), where hiding hidden messages within seemingly harmless messages became an art form. Over the years, steganography has taken on many clever and effective analog forms. One example that is often depicted in movies is invisible ink, which is not actually ink at all but a liquid, such as vinegar, that dries invisibly on paper but reappears when heated by a small flame. Another analog method is newspaper code. Popular among the working class of the Victorian era, newspaper code consisted of holes poked just above specific letters in a newspaper, such that when the dots were transferred and written together, the secret message would be revealed.

In the digital age, steganography can be used for digital watermarking, hiding data within images, or to identify the source of a given image or document (embedded copyright). Businesses sometimes employ steganography when they want to supplement the protection of encryption. In countries where encryption is not permitted (see the Crypto Law Survey at http://www.cryptolaw.org), steganography can often be used instead. While cryptography involves special encoding and decoding of messages or information, steganography replaces useless or unused data with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images. Special software, such as the tools used in this lab, is needed to apply or decipher steganography.

Purpose:

In a forensic investigation, investigators will explore a targeted machine in search of steganographic evidence, but when they do this, they risk changing the very data they seek, potentially invalidating evidence. For this reason, they will often make a copy of an evidence drive and conduct the investigation on that image. In this lab, you will use a variety of free tools to discover possible steganographic activity in image and audio files located on a suspect’s drive image. You will properly identify and extract embedded data in a carrier image and document your findings.

Lab Report Guidelines:

 Before you start working on the projects, keep a word document open.  (or .ODT  or .PDF)  Take screen captures while performing the steps, and plug them in the document. Do not forget to number the steps. That will help me to check if the screen capture matches the step, and how did you complete the project. Note: Submission of individual screen-captures (.png or .jpg)  or a ZIP file will receive grade 0. 

 Once the last step is done, I want you to look back at all the steps and the purpose of the project. Write a brief lab reflection -i.e what did you achieve in the lab, why did you do, and what did you learn. I do not want “how did you do’. The screen captures will show me anyway ‘how did you do’.   

Directions:

1. Go to jblearning.com Links to an external site.and find Lab 2: Documenting a workstation configuration.

2. Complete Lab 2. 

A. Lab Report: See Lab Report Guidelines above. Upon completion of this lab, you are required to submit the following: 

Section 1: Hands-on Demonstration

  •  
    • Part 1, Steps 12
    • Part 2, Step 10, 13
    • Part 3, Steps 2, 16, and 17

Section 2: Applied Learning

  •  
    • Part 1, Step 5
    • Part 2, Steps 6, 10
    • Part 3, Steps 9, 15, 16

B. yourname_Lab2.pdf

C. Lab Assessments – Complete the quiz: Lab 2 Quiz

3. To Submit:  Click the “Submit” button above.

Be sure to attach all required files to the assignment before clicking Submit. Your assignments are not completed until they are submitted. You must contact the instructor if you submit the wrong file, forget to attach a file, or have any other problems so that the instructor can reset the assignment attempt.

Grading:

This assignment is worth up to 50 points(10 points Quiz/40 points Lab Report) towards your final grade. Your submission will be evaluated using the following criteria:

  1. All required screenshots are present and all lab directions were followed (up to 30 points with points deducted for any missing steps/screenshots) and Lab Reflection (up to 5 points).
  2. All questions on the assessment have been answered completely (meaning detailed answers, not “yes/no”) and the answers demonstrate a good understanding of relevant topics and correct usage of terminology (10 points).

 Module 6: Alternate Data Streams (ADS) in NTFS” style=”float: left;”>Previous Module 6: Quiz 4 (classic)” style=”float: right;”>Next