Student Solution

-->

"Education is the most powerful weapon which you can use to change the world”
– Nelson Mandela

1 University

1 Course

1 Subject

Week 5 Lab 8 Submission

Week 5 Lab 8 Submission

Q Weekly Lab Exercises Login to Lab VMs is User: student Password: Pa$$word 1. Label each Lab Assignment by Week and Title. 2. Follow the steps for each lab. 3. Ask the instructor questions when you need clarification. 4. Use the Windows Snipping Tool or another Screenshot tool to take screenshots showing your steps to complete the lab. 5. Provide a short description accompanying each screenshot. 6. For any files submitted, place them in the Evidence folder, and zip the folder. 7. Describe any issues that you encountered doing the lab. 8. Describe what steps you take to resolve issues. 9. If you are still stuck, reach out to your instructor for support. Provide details identifying the lab, the step with issues, what you tried so far, including the research you did. Screenshots can be beneficial for problem resolution. 10. What research sources did you use? 11. Provide references for your sources in APA format (preferred) or Title and URL (alternative). 12. Provide a short paragraph describing what you learned. If this was something you already knew about, then explain what you reviewed in this lab. 13. How could the information in this lab provide value for an incident response investigation?

View Related Questions

Solution Preview

1 Open FTK Imager. 2 From the Menu bar, select File and Obtain Protected Files. Selecting “Obtain Protected File” 3 Select “Password Recovery and all Registry Files.” Below is a screenshot of menu before registry capture begins 4 Select the destination for the captured Registry Files. The desktop of your Forensic Workstation in a folder named “Captured Registry Files” is ideal and makes them easy to locate. Click OK. Below is the program retrieving registry files Below are the files that were captured 4 Include your screenshots to show your progress in completing the steps of the lab. Provide labels and notes to accompany your screenshots. with your Lab Report. Create a file and label SEC 370 Lab #8 Capturing Windows Registry Files in FTK Registry Imager.