This is a Computer Evidence lab

Subject:Computer SciencePrice: Bought3

Share With

This is a Computer Evidence lab. 

Please help me with the step-by-step and screenshots of all the following digital forensics. 

 

SEC-370 Lab 9

Procedure: Opening Windows Registry Files in FTK Registry Viewer.

 

1 Open FTK Registry Viewer. 

 

2 From the Menu bar, select File and Open. 

 

3 Navigate to the Captured Registry Files folder. Open the folder and see your saved registry files. Highlight the system file and Select Open. 

 

4 In the Registry Tree pane, navigate to the applicable key and highlight it. Start with the Mounted Devices. Take a screenshot for your lab report. 

 

5 Select the appropriate value in the Key Value pane and view the content in the Hex Viewer pane. Notice the key values pane and stretch the name until you can recognize the drive letters. Take a screenshot for your lab report.

 

6 To open a new registry file, select View from the Menu bar and select Open. Explore another and include screenshots for your lab report. 

 

7 Click on Edit and select Advanced Find and enter TimeZone. Then click on Search. Here is an example of what I got on a Windows 10 VM in VMware Workstation on my computer. Go and do it on your VM and try clicking on some of the results. Include screenshots for your lab report. 

 

8. Click on Advanced Find and include screenshots for your lab report. Network 
and Display are good items for Advanced Find. Include screenshots for your lab 
report.

 

9. Build a file and label SEC 370 Lab 9 Opening Windows Registry Files in FTK 
Registry Viewer. Include your screenshots to show your progress in completing 
the steps of the lab. Provide labels and notes to accompany your screenshots. with 
your Lab Report.