Lab 9-Memory Forensics-CST 640
Lab 9-Memory Forensics-Lab 9 Worksheet Digital Forensics
Technology and Practices
Table of Contents
Introduction……………………………………………………………………………………………………………………………………………2
Screenshot 1 – Ping of YOURNAME……………………………………………………………………………………………………………3
Screenshot 2 –Yourname-IR Volume Label for the D: Drive…………………………………………………………………………..4
Screenshot 3 – Yourname as the Incident Responder…………………………………………………………………………………..5
Screenshot 4 – Yourname as the Incident Responder with Date and Time………………………………………………………6
Screenshot 5 – Psinfo Command Displaying Yourname…………………………………………………………………………………7
Screenshot 6 – System Information Displaying Yourname…………………………………………………………………………….8
Screenshot 7 – The MD5 and SHA1 hashes of your MYIRTEXT.TXT file.…………………………………………………………..9
Screenshot 8 – Creating a Yourname RAM Dump File…………………………………………………………………………………10
Screenshot 9 – Using Dir to Display Yourname RAM Dump File……………………………………………………………………11
Screenshot 10 – The MD5 and SHA1 hashes of yourname RAM Dump file.……………………………………………………12
Conclusion……………………………………………………………………………………………………………………………………………13
APA References……………………………………………………………………………………………………………………………………..1
Technology and Practices
Table of Contents
Introduction……………………………………………………………………………………………………………………………………………2
Screenshot 1 – Ping of YOURNAME……………………………………………………………………………………………………………3
Screenshot 2 –Yourname-IR Volume Label for the D: Drive…………………………………………………………………………..4
Screenshot 3 – Yourname as the Incident Responder…………………………………………………………………………………..5
Screenshot 4 – Yourname as the Incident Responder with Date and Time………………………………………………………6
Screenshot 5 – Psinfo Command Displaying Yourname…………………………………………………………………………………7
Screenshot 6 – System Information Displaying Yourname…………………………………………………………………………….8
Screenshot 7 – The MD5 and SHA1 hashes of your MYIRTEXT.TXT file.…………………………………………………………..9
Screenshot 8 – Creating a Yourname RAM Dump File…………………………………………………………………………………10
Screenshot 9 – Using Dir to Display Yourname RAM Dump File……………………………………………………………………11
Screenshot 10 – The MD5 and SHA1 hashes of yourname RAM Dump file.……………………………………………………12
Conclusion……………………………………………………………………………………………………………………………………………13
APA References……………………………………………………………………………………………………………………………………..1
Introduction
Students: In the box below, please explain the purpose of doing this lab below and explain how it is relevant to Computer Forensics.
Introduction-Lab 9-Memory Forensics
Students: In the box below, please explain the purpose of doing this lab below and explain how it is relevant to Computer Forensics.
Introduction-Lab 9-Memory Forensics
Screenshot 1 – Ping of YOURNAME
1. Ping yourname, where yourname is your first name. Take a screenshot of the ping which is using the IPv6 lookback address of ::1. The use of anyone else’s name may result in an academic integrity
review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Ping of yourname (IPv6 loopback)
1. Ping yourname, where yourname is your first name. Take a screenshot of the ping which is using the IPv6 lookback address of ::1. The use of anyone else’s name may result in an academic integrity
review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of the Ping of yourname (IPv6 loopback)
Screenshot 2 –Yourname-IR Volume Label for the D: Drive
2. Label the D: drive, Yourname-IR, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit.
Take a screenshot of the D: Drive labeled with Yournams-IR
2. Label the D: drive, Yourname-IR, where yourname is your first name. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit.
Take a screenshot of the D: Drive labeled with Yournams-IR
Screenshot 3 – Yourname as the Incident Responder
3. Add your name to the Incident Response text file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of yourname as the Incident Responder
3. Add your name to the Incident Response text file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of yourname as the Incident Responder
Screenshot 4 – Yourname as the Incident Responder with Date and Time
4. In addition to your name, add the date and time to the Incident Response text file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of yourname as the Incident Responder with the Date and Time
4. In addition to your name, add the date and time to the Incident Response text file. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of yourname as the Incident Responder with the Date and Time
Screenshot 5 – Psinfo Command Displaying Yourname
5. Redirect the psinfo command to the incident response text file. Your name from the computer name will be displayed. The use of anyone else’s name may result in an academic integrity review by
your professor. Please label your screenshot to receive full credit.
Take a screenshot of using the psinfo command showing your name for the Computer Name
5. Redirect the psinfo command to the incident response text file. Your name from the computer name will be displayed. The use of anyone else’s name may result in an academic integrity review by
your professor. Please label your screenshot to receive full credit.
Take a screenshot of using the psinfo command showing your name for the Computer Name
Screenshot 6 – System Information Displaying Yourname
6. The System Information in the incident response text file will display your name from the computer name. The use of anyone else’s name may result in an academic integrity review by your professor.
Please label your screenshot to receive full credit.
Take a screenshot of System Information in the incident response text file displaying your name
6. The System Information in the incident response text file will display your name from the computer name. The use of anyone else’s name may result in an academic integrity review by your professor.
Please label your screenshot to receive full credit.
Take a screenshot of System Information in the incident response text file displaying your name
Screenshot 7 – The MD5 and SHA1 hashes of your MYIRTEXT.TXT file.
7. Take a screenshot of the yourname.txt file hashed with sigcheck. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit. It is mathematically possible that you and another student could have the same
MD5 hash for your IR text file. But the chance of that is 1 in
340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor.
Take a screenshot of the MYIRTEXT.TXT file hashed with sigcheck
7. Take a screenshot of the yourname.txt file hashed with sigcheck. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit. It is mathematically possible that you and another student could have the same
MD5 hash for your IR text file. But the chance of that is 1 in
340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor.
Take a screenshot of the MYIRTEXT.TXT file hashed with sigcheck
Screenshot 8 – Creating a Yourname RAM Dump File
8. Use DumpIT to create a RAM dump. The RAM dump will have yourname in it from the computer name. It will also have today’s date and time, which should match the timeframe of this course. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of using DumpIt to create the RAM Dump with Your Name in it
8. Use DumpIT to create a RAM dump. The RAM dump will have yourname in it from the computer name. It will also have today’s date and time, which should match the timeframe of this course. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of using DumpIt to create the RAM Dump with Your Name in it
Screenshot 9 – Using Dir to Display Yourname RAM Dump File
9. The RAM dump will have yourname in it from the computer name. It will also have today’s date and time, which should match the timeframe of this course. The use of anyone else’s name may result in
an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of using the DIR command to display the Yourname RAM DUMP File
9. The RAM dump will have yourname in it from the computer name. It will also have today’s date and time, which should match the timeframe of this course. The use of anyone else’s name may result in
an academic integrity review by your professor. Please label your screenshot to receive full credit.
Take a screenshot of using the DIR command to display the Yourname RAM DUMP File
Screenshot 10 – The MD5 and SHA1 hashes of yourname RAM Dump file.
10. Take a screenshot of the yourname RAM Dump file hashed with sigcheck. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit. It is mathematically possible that you and another student could have the same MD5 hash for your IR text file. But the chance of that is 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor.
Take a screenshot of the Yourname RAM Dump file hashed with sigcheck
10. Take a screenshot of the yourname RAM Dump file hashed with sigcheck. The use of anyone else’s name may result in an academic integrity review by your professor. Please label your screenshot to
receive full credit. It is mathematically possible that you and another student could have the same MD5 hash for your IR text file. But the chance of that is 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456. For that reason, the hash should be unique or there may be an academic integrity review by your professor.
Take a screenshot of the Yourname RAM Dump file hashed with sigcheck
Conclusion
Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab.
Hint: Discuss tools and commands used in the lab.
Conclusion
APA References
Students: Please list at least 5 relevant APA References.
Students: In the box below, please explain the purpose of doing this lab below and explain how in is relevant to Digital Forensics Technology and Practices. Highlight any new learning that occurred while doing this lab.
Hint: Discuss tools and commands used in the lab.
Conclusion
APA References
Students: Please list at least 5 relevant APA References.
Answer Preview-Lab 9-Memory Forensics-CST 640
$15.00