To ensure that Arif’s machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan on his investigation machine to ensure that there is no rootkit program. Choose at least two scanning programs and provide the screenshots of the scanning results.
Having ensured the safety of his forensic investigation platform, Arif decompresses the file “[login to view URL]” and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.
Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy’s consents. Which log file and which EventID number should Atif search? Provide a screenshot for the account-creation event.
Having identified the event that a new user was created on Amy’s laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file
Arif has extracted Amy’s password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy’s Windows password used on her laptop. Work out what the username and the password are on Amy’s laptop
Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy’s laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.
Arif believes that he can find all important activities on Amy’s system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?
When did this event terminate?
Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).
Arif feels that things might be very serious, so he decides to go through the Registry file “[login to view URL]” in the “[login to view URL]” file. What program(s) will Arif classify as suspicious? Provide strong reasons.
Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user “helpdesk” and the hash is:
Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).
2 фрилансеров(-а) в среднем готовы выполнить эту работу за ₹3747
Overall 15 Year of experience in IT Security which covers VAPT of web and network services , EPT of public URL and IP and malware analysis and reverse engineering