Description
In this lab, you will get to examine the FAT and NTFS file systems and use forensic software to recover deleted files from a disk.
Please do the Introduction and Conclusion inside the attached document ONLY.
Questions 1-10 are answered with my screenshots.
Utilize the screenshots to answer the Introduction and Conclusion questions.
Learning Outcomes:
Students will use industry standard forensic tools to recover deleted data from a Windows Disk.
Students will explain and differentiate between partitions, disks, and volumes.
Students will use a forensic tool, Such as Autopsy, to analyze a forensic image of a disk.
Tools used: FTK Imager, Autopsy, Hashtab
Unformatted Attachment Preview
Name:
Semester:
Year:
Section Number: 9040
Lab 6 Worksheet Digital Forensics
Technology and Practices
Table of Contents
Introduction ……………………………………………………………………………………………………………………………………………. 2
Screenshot 1 – Yourname Text File Displayed in the Recycle Bin…………………………………………………………………… 3
Screenshot 2 – Execute the Yourname.bat file …………………………………………………………………………………………….. 4
Screenshot 3 – Copy the Yourname.bat file to the Windows directory …………………………………………………………… 5
Screenshot 4 – Create a Scheduled Task that runs Yourname.bat ………………………………………………………………….. 6
Screenshot 5 – Yourname Folder on the Root of the C: Drive ………………………………………………………………………… 7
Screenshot 6 – Finding Yourname.bat in Windows using FTK Imager…………………………………………………………….. 8
Screenshot 7– Yourname Text within the Recycle Bin for Administrator ………………………………………………………… 9
Screenshot 8 – Evidence Item Information for Autospy ………………………………………………………………………………. 10
Screenshot 9– Image File that had the Extension for a Document File ………………………………………………………….. 11
Screenshot 10 – Finding Yourname.bat in Windows using Autospy …………………………………………………………….. 12
Conclusion …………………………………………………………………………………………………………………………………………….. 13
APA References ………………………………………………………………………………………………. Error! Bookmark not defined.
1
Introduction
Students: In the box below, please explain the purpose of Disk Analysis and explain how it is
relevant to Digital Forensics Technology and Practices.
Introduction
2
Screenshot 1 – Yourname Text File Displayed in the Recycle Bin
1. When you look at the Yourname Text File Displayed in the Recycle Bin, the file name should be Your
First Name. The use of anyone else’s name may result in an academic integrity review by your
professor. Please label your screenshot to receive full credit.
Take a screenshot of the Your Name File within the Recycle Bin
3
Screenshot 2 – Execute the Yourname.bat file
2. Take a screenshot after you execute the yourname.bat file. The use of anyone else’s name may
result in an academic integrity review by your professor. Please label your screenshot to receive full
credit.
Take a screenshot of the yourname.bat file being executed
4
Screenshot 3 – Copy the Yourname.bat file to the Windows directory
3. Take a screenshot after you copy the yourname.bat file to the Windows directory. The use of
anyone else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of the yourname.bat file being copied to the Windows directory
5
Screenshot 4 – Create a Scheduled Task “DIR” that runs Yourname.bat
4. Take a screenshot after you Create a Scheduled Task that runs Yourname.bat. The use of anyone
else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of Creating a Scheduled Task that runs Yourname.bat
6
Screenshot 5 – Yourname Folder on the Root of the C: Drive
5. Take a screenshot after you create a Yourname Folder on the Root of the C: Drive. The use of
anyone else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of Yourname Folder on the Root of the C: Drive
7
Screenshot 6 – Finding Yourname.bat in Windows using FTK Imager
6. Take a screenshot after you find yourname.bat in the Windows directory using FTK Imager. The use
of anyone else’s name may result in an academic integrity review by your professor. Please label
your screenshot to receive full credit.
Take a screenshot of Finding Yourname.bat in Windows using FTK Imager
8
Screenshot 7– Yourname Text within the Recycle Bin for Administrator
7. When you use FTK Imager to look at the Recycle Bin for the Administrator (500), you will find a
deleted file. The text within the file should include Your First Name. The use of anyone else’s name
may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit.
Take a screenshot of the Your Name Text Displayed within the Recycle Bin
9
Screenshot 8 – Evidence Item Information for Autospy
8. Take a screenshot of Your First Name and Your Last Name as the Examiner along with the other
items you are required to fill out for the New Case Information for Autopsy. The use of anyone
else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of Your First Name and Your Last Name as the Examiner
10
Screenshot 9– Image File that had the Extension for a Document File
9. Provide a screenshot of one of the Image Files that had the Extension for a Document
File. Please label your screenshot to receive full credit.
Take a screenshot of one of the Image Files that had the Extension for a Document File
11
Screenshot 10 – Finding Yourname.bat in Windows using Autospy
10. Take a screenshot after you find yourname.bat in the Windows directory using FTK Imager. The use
of anyone else’s name may result in an academic integrity review by your professor. The timestamp
of the modified time of this file should be within the class timeframe. The use of a time stamp not
during this class may result in an academic integrity review by your professor.
Please label your screenshot to receive full credit.
Take a screenshot of Finding Yourname.bat in Windows using Autopsy
12
Conclusion
Students: In the box below, please explain the purpose of doing this lab below and explain
how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning
that occurred while doing this lab.
Hint: Discuss tools and commands used in the lab.
Conclusion
13
APA References
Students: Please list at least 5 relevant APA References.
14
Purchase answer to see full
attachment
