[go: up one dir, main page]
Scribd
Upload
80 views26 pages

Windows Security and Recovery Lab

This document outlines 5 experiments on computer forensics and information security topics. The experiments include: 1) Analyzing the registry and system processes using Regshot and Autorun, 2) Cracking a password protected document using a password recovery tool, 3) Performing steganography by hiding files inside an image, 4) Analyzing Windows event logs, and 5) Recovering deleted files using disk recovery software. The document provides step-by-step instructions for completing each experiment and analyzing the results. The overall aim is to gain experience with various forensic analysis and information security techniques.

Uploaded by

MOHAMMED NABEEL P JU
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views26 pages

Windows Security and Recovery Lab

This document outlines 5 experiments on computer forensics and information security topics. The experiments include: 1) Analyzing the registry and system processes using Regshot and Autorun, 2) Cracking a password protected document using a password recovery tool, 3) Performing steganography by hiding files inside an image, 4) Analyzing Windows event logs, and 5) Recovering deleted files using disk recovery software. The document provides step-by-step instructions for completing each experiment and analyzing the results. The overall aim is to gain experience with various forensic analysis and information security techniques.

Uploaded by

MOHAMMED NABEEL P JU
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

CFI LAB – Practice Lab-2

19BCAR2014
Mohammed Nabeel P
BCA CTIS 5th Sem

Aim: Do Five Experiments (7-11)


Hardware Requirement: 1 GB Ram

i3 Processor

HDD 20GB
Software Requirement: Any OS with internet

Experiment No.1
To analyze the registry using Regshot and system process information using Autorun

Step 1: REGSHOT

STEP 2 :- Comparison of shot 1 and 2 in regshot


CFI LAB – Practice Lab-2

AUTORUN:

1. Everything Tab
CFI LAB – Practice Lab-2

2.Logon Tab

3.Explorer Tab
CFI LAB – Practice Lab-2

4.Drivers Tab:
CFI LAB – Practice Lab-2

CONCLUSION:
We have successfully analyzed the changes made in Registry using Regshot comparison, and
seen how the important tabs in AutoRun works

Experiment No:2

To crack the document file using password recovery tool


Procedure

Step 1: Download Advance office Password Recovery tool, Install Advance office Password
Recovery tool
Step 2: Open the tool and click on the option open file, then select the file to be cracked

Step 3: Select the type of attack you want to implement the crack, Start the attack.
CFI LAB – Practice Lab-2

Step 4: Cracking Password


CFI LAB – Practice Lab-2

Step 5: Opening the document with cracked password

Step 6: Information available on the document


CFI LAB – Practice Lab-2

Conclusion
In this Piratical we were able to crack the document file password. Hence completed the
particle successfully.
Experiment No:3
To perform Steganography using Invisible Secrets tool
Step 1: Download and Install Invisible Secrets tool
CFI LAB – Practice Lab-2

Step 2: Download and install hex Editor

Step 3: Open Invisible Secrets tool and click on Hide Files and add files you want to hide
CFI LAB – Practice Lab-2

Step 4: Provide carrier file and encrypt with password,then provide name for the new file
and click on hide
CFI LAB – Practice Lab-2

Step 5: Hiding process completed


CFI LAB – Practice Lab-2

Step 6: To Compare both files open hex editor


CFI LAB – Practice Lab-2

Step 7: Comparison
CFI LAB – Practice Lab-2

Conclusion
In this Piratical we were able to hide document file inside PNG file using Steganography
technique. Hence completed the particle successfully.
Experiment 4:
In this Practical we are going to analyze an events on windows
Step 1: Open Computer Management in Windows
CFI LAB – Practice Lab-2

Step 2: Click on event viewer on side tab


CFI LAB – Practice Lab-2

Step 3: Administrative Events


CFI LAB – Practice Lab-2

Step 4: Security
CFI LAB – Practice Lab-2

Step 7: Reliability Monitor


CFI LAB – Practice Lab-2

Conclusion
By this we conclude that we have explored and analyzed the Windows Event log.
Experiment 5:
Step 1: Download the Disk Internal Partition Recovery and Install
Step 2: Open the Disk Internal Partition Recovery Tool, Select the option launch trial version
CFI LAB – Practice Lab-2
CFI LAB – Practice Lab-2

Step 3: Step 3: Click on next


Step 4: Select the disk for which you want to recover deleted files
CFI LAB – Practice Lab-2

Step 5: Click on next


Step 6: Choose file System for recovery and then click next

Step 7: Choose the files type you want to search for recovery and then click next
CFI LAB – Practice Lab-2
CFI LAB – Practice Lab-2

Step 7: Click on Recovery files


CFI LAB – Practice Lab-2

Step 8: Select the file that you want to recover, Click on recover.

Step 9: Select the destination where you want to restore


CFI LAB – Practice Lab-2

Conclusion
We successfully recovered the deleted file and folders. Hence completed the practical
successfully

You might also like