Lab Activity – Event Logs and Scheduled Tasks-Lab 2 Worksheet Digital Forensics Technology and Practices
Table of Contents
Screenshot 1 – Yourname Displayed by the Hostname Command 3
Screenshot 2 – Create a YOURNAME User account 4
Screenshot 3 –YOURNAME Account in the Event Viewer Security Log 5
Screenshot 4 – Codemeter Runtime Server Stopped in the Application Log 6
Screenshot 5 – Windows Update Medic Service Stopped in the System Log 7
Screenshot 6 – Windows Shutdown Initiated in the System Log 8
Screenshot 7– Yourname Parsed from the Security Log using PSloglist 9
Screenshot 8– Yourname Parsed from the Security Log using Notepad++ 10
Screenshot 9 – Windows Security Log Cleared 11
Screenshot 10 –Yourname Scheduled Task in Windows System32 12
Take a screenshot of the Yourname Service Running within the Autoruns program. 12
Students: In the box below, please explain the purpose of using the Windows Event Viewer and Scheduled Tasks and explain how they are relevant to Digital Forensics Technology and Practices.
Screenshot 1 – Yourname Displayed by the Hostname Command
- When you type the hostname command, the computer name should be Your First Name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Your Name as the Computer Name when you run the hostname command
Screenshot 2 – Create a YOURNAME User account
- The Name of the User created should match your first and last name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Yourname user account being create at the command line.
Screenshot 3 –YOURNAME Account in the Event Viewer Security Log
- The Name of the user created in the Windows Security Log in the Event Viewer should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of Yourname being created in the Security Log of the Event Viewer.
Screenshot 4 – Codemeter Runtime Server Stopped in the Application Log
- The Date and Timestamp from the Codemeter Runtime Server Service stopping in the Application Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Codemeter Runtime Server being stopped in the Application log
Screenshot 5 – Windows Update Medic Service Stopped in the System Log
- The Date and Timestamp from the Windows Update Medic Service stopping in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Windows Update Medic Service being stopped in the System log
Screenshot 6 – Windows Shutdown Initiated in the System Log
- The Date and Timestamp from the Windows Shutdown being initiated in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Windows Shutdown being Initiated in the System log
Screenshot 7– Yourname Parsed from the Security Log using PSloglist
- Show your name being parsed from the Security Log using PSloglist at the command line. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Yourname Parsed from the Security Log using PSloglist
Screenshot 8– Yourname Parsed from the Security Log using Notepad++
- Show your name being parsed from the Security Log using Notepad++. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Yourname Parsed from the Security Log using Notepad++
Screenshot 9 – Windows Security Log Cleared
- The Date and Timestamp from the Windows Security Log being Cleared in the System Log in the Event Viewer should match the timeframe of this course. Timestamps from a previous semester may also result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Windows Security Log being Cleared
Screenshot 10 –Yourname Scheduled Task in Windows System32
- The Name of the Scheduled Task listed should match your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Yourname Scheduled Task
Conclusion
Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab.
Hint: Discuss tools and commands used in the lab.
APA References
Students: Please list at least 5 relevant APA References.