Professional Documents
Culture Documents
Skilling Exercise-11
Skilling Exercise-11
Learning Outcomes:
To understand and analyse the timestamps.
To understand and analyse the timelines.
To understand and recover passwords
Task 1: In this activity you will analyze a series of timestamps related to one event – the
creation of a Microsoft Word document.
Q2. When was the Prefetch file created and when was it last modified?
Q3. When was the file named “Hidden.docx” created and last modified?
1
19CS3259S- DIGITAL FORENSICS
2
19CS3259S- DIGITAL FORENSICS
Task 2: In this activity you will analyze a series of timestamps for events in a Windows
Event log to show when a user logged on and off a Windows 7 system.
Q1. What user account logged into the system on October 2, 2015, through an interactive
session?
Q4. When did the system event logs start and stop on October 2, 2015?
Q5. Based on a comparison of these times against the Security log for the same day,
which log runs longer?
3
19CS3259S- DIGITAL FORENSICS
4
19CS3259S- DIGITAL FORENSICS
Task3: In this activity you will crack passwords taken from a Windows-based computer
using Ophcrack in Kali Linux.
5
19CS3259S- DIGITAL FORENSICS
6
19CS3259S- DIGITAL FORENSICS
Viva Voce:
1. What are the three rules for a forensic hash?
3. In Windows 7 and later, how much data from RAM is loaded into RAM slack on
a disk drive?