Week 1: The Windows Registry

Week 1: The Windows Registry
In Week 1, for your first lab, you will use FTK Imager to extract the registry files from the Operating System. You will then use a registry viewer to locate key values related to the installation and configuration of your Windows system. You will also use the Sysinternals suite, which is a set of free tools from Microsoft that can be downloaded from here: https://download.sysinternals.com/files/SysinternalsSuite.zip. Some of the tools are very helpful for computer forensics, incident response, and malware analysis, all topics that are important for forensic practitioners.

 

of 14

 

 

 

 

Name:
Semester:
Year:
Section Number:
Lab 1 Worksheet Digital Forensics
Technology and Practices
Table of Contents
Introduction……………………………………………………………………………………………………………………………………………2
Screenshot 1 – Creating Your First Name Account……………………………………………………………………………………….3
Screenshot 2 – Create a YOURNAME User account………………………………………………………………………………………4
Screenshot 3 – Create a YOURNAME Service……………………………………………………………………………………………….5
Screenshot 4 – Add Yourname.EXE to the Starup Folder for Administrator……………………………………………………..6
Screenshot 5 – Your First Folder with the Registry Files with Date Modified……………………………………………………7
Screenshot 6– Windows Computer Name Date Pulled from the Registry………………………………………………………..8
Screenshot 8– Yourname Service Pulled from the Registry……………………………………………………………………………9
Screenshot 8 – SAM (Security Accounts Manager) with Yourname……………………………………………………………….10
Screenshot 9 – Access the Startup Folder………………………………………………………………………………………………….11
Screenshot 10 – Autoruns with Yourname. EXE running at Startup………………………………………………………………12
Conclusion……………………………………………………………………………………………………………………………………………13
APA References……………………………………………………………………………………………………………………………………..14
1

Introduction
Students: In the box below, please explain the purpose of using the Windows Registry and
explain how it is relevant to Digital Forensics Technology and Practices.
Introduction
2

Screenshot 1 – Your First Name Computer Name
1. Your First Name in the Computer Name Box. The Name of the computer should be your first name.
The use of anyone else’s name may result in an academic integrity review by your professor. Please
label your screenshot to receive full credit.
Take a screenshot of the Yourname being used in the computer name.
3

Screenshot 2 – Create a YOURNAME User account
2. The Name of the User created should match your first name. The use of anyone else’s
name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of the Yourname user account being create at the command line.
4

Screenshot 3 – Create a YOURNAME Service
3. The Name of the Service created should match your first name. The use of anyone else’s
name may result in an academic integrity review by your professor. Please label your
screenshot to receive full credit.
Take a screenshot of the Yourname being used in the Service being Created on Windows.
Screenshot 4 – Add Yourname.EXE to the Startup Folder for Administrator
5

4. The Name of the file should be your first name. The use of anyone else’s name may
result in an academic integrity review by your professor. Please label your screenshot to
receive full credit.
Take a screenshot of the Yourname being used in the startup folder for the administrator
Screenshot 5 – Your First Folder with the Registry Files with Date Modified
6

Answer Preview: Windows Registry


$20.00

Posted

in

by

Tags: