Lab 1

Lab 1.1 – Installing OSForensics
Step – 1. Extract the software package and run the osf.exe application to start the installation wizard.

Step – 2. Follow the installation wizard, accept the license agreement.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Step – 3. Follow the installation wizard and click Next.
Step – 4. Click Install.

Step – 5. Click Finish to complete the installation and launch the application.

OSForensics Application –
Step – 6. To import hashsets in the application, extract the hashsets to C:ProgramDataPassMarkOSForensicshashSets.

Lab – 1.2 Installing FTK Imager
Step – 1 Browse to https:\accessdataproduct-download and search for FTK Imager. Download the application.

Step – 2. Open the .exe file and follow the installation wizard.

Step – 3. Click install after accepting the license agreements and the destination folder for installation of the application.

FTK Imager –
Lab – 1.3 Installing ProDiscover Basic.

Step – 1. Extract the 64-bit version of ProDiscover Basic.

Step – 2. Open the .exe file to start the installation wizard.

Step – 3. Follow the installation wizard, accept the license agreements and select the destination folder for installation of the application.

Step – 4. Click finish to complete the installation and launch the application.

ProDiscover Basic –
Lab – 1.4 Installing AccessData Registry Viewer.

Step – 1. Browse to https:\accessdataproduct-download and search for Registry Viewer. Download the application.

Step – 2. Open the .exe file and follow the installation wizard.

Step – 3. Click install after accepting the license agreements and selecting the destination folder for installation of application.

AccessData Registry Viewer –
Hands-on Project 1.1 – Investigation of a USB drive to find probable evidences related with case involving a suspicious death.

Step – 1. Open ProDiscover Basic. Enter project number and project name and click open.

Step – 2. Click action from the main menu and click add to import the image of the USB drive.
Step – 3. Expand content view in the tree view on the left side to explore all the files present in the image.

Step – 4. Right click on the file and click view to open the file and find possible evidences.

Step – 5. Export the file by right clicking on the file and click copy file.

Exported file –
Step – 6. Save the project and exit ProDiscover Basic.

Hands-on Project 1.2 – Investigation of an USB drive of an ex-employee to find possible evidences of any sensitive information present on the drive.

Step – 1. Open ProDiscover Basic. Enter project number and project name and click open.

Step – 2. Click action from the main menu and click add to import the image of the USB drive.

Step – 3. Expand content view in the tree view on the left side to explore all the files present in the image.

Step – 4. Click search in the tree view, type ‘book’ in the search toolbar. Select the image that needs to be searched and click OK.

Step – 5. In the tree view click Search Content View to view the search results.

Step – 6. Explore the file returned in the search result to find possible evidence.

Step – 7. Open the search dialogue box again, click on the cluster search tab. Enter the keyword in the search toolbar and select the image that needs to be searched.

Step – 8. Click on Cluster Search Results in the tree view to analyse the results returned.

One .xls file was returned in Content search and 27 hits were received when the keyword ‘book’ was searched in clusters.

Hands-on Project 1.3 –
Hands-on Project 1.4 – Extract the files from the image which has not been deleted.

Step – 1. Open ProDiscover Basic. Enter project number and project name and click open.

Step – 2. Click action from the main menu and click add to import the image of the evidence.

Step – 3. Expand content view in the tree view on the left side to explore all the files present in the image. Click Deleted in the column headers to sort the files into YES and NO.

Step – 4. Extract the undeleted files by right clicking on them and click copy file.

Hands-on Project 1.5 – In continuation with Hands-on Project 1.4. Prepare a report having the information of the deleted files present in the image.

Step – 1. Open the saved Hands-on Project 1.4 case file.

Step – 2. Expand content view in the tree view on the left side to explore all the files present in the image. Click Deleted in the column headers to sort the files into YES and NO. Click the check box for each deleted file and add a relevant comment for the file to add it in the report.

Step – 3. Click on Report in the tree view.

Step – 4. Click export button in the toolbar and save the report.

Hands-on Project 1.6 – Search specific keywords in the image and prepare a report for the same.

Step – 1. Open ProDiscover Basic. Enter project number and project name and click open.

Step – 2. Click action from the main menu and click add to import the image of the evidence.

Step – 4. Click search in the tree view, type in the keywords as separate line items in the search toolbar. Select the image that needs to be searched and click OK.

Step – 5. In the tree view click Search Content View to view the search results and explore the file returned in the search result to find the keywords.

Step – 6. Click on the check box against the file and add the information about the keywords as a comment in the files returned in the search.

Step – 7. Click on Report in the tree view.
Step – 8. Click export button in the toolbar and save the report.