Windows Registery forensics

Written Paper: 1-2 pages

PowerPoint presentation: 8 slides on the same question below

The project will be to analyze a compromised system and provide forensic analysis in the form of a narrative report and example graphical images (Jpeg format) from your analysis.
1) Select some Microsoft Windows operating system disk image that has been compromised. You may search for your own image or use the following known image that can be downloaded from:
2) You may select any Windows Registry forensics analysis tool or the tool discussed in the text, RegRipper. You will need to download and install the tool
3) You may use any resources available to understand and use the tool of your choice. You need to provide an APA formatted reference for any resources (books, white papers, or websites) you use to become familiar with the tool
4) Write a narrative/paper focused on your forensics analysis of the compromised image you used for the project
5) Provide a minimum of two JPEG images that capture reporting or some other evidence of the use of the tool
The Final Paper should be in APA format, although for this assignment, you may single space. Provide a cover page, a one-page Executive Summary of the analysis investigation, similar to what you might do for a real-world investigation. Provide 1 to 2 pages (single-spaced) of subsequent narrative related to your observations and experiences using the tool, including setup. Answer the following questions: Did you find evidence that was expected? What other evidence was observed or what other evidence would have been helpful? Was the evidence sufficient to provide a clear report of what happened? Provide a short conclusion. The references for your paper should be included at the end of the report.

Tags: No tags