Problem of Computer Running Slow & Arif Case Study - IT Computer Science Assignment Help

Assignment Task

Task 

Problem of Computer Running Slow

Case - Arif received 2 memory dump files from his IT forensics manager and was told these two files were extracted from two computers which might have been compromised. "forensic-1.zip" was from a staff member who complained that every time when he used Windows calculator and Google Chrome, the computer became very slow. "forensic-2.zip" was from a staff member who recently resigned from Deakin. Arif was asked to find out the computer's name, user name and password, etc. 

To analyse memory dump, Volatility Framework is a good choice. Arif installed the current Volatility 2.6 (x64) on his computer (x64). After carefully studied the volatility help files Arif started his investigation. The Volatility Windows x64 version and the 2 forensic files are available on Clouddeakin, under Content> Assessment Resources> Assessment task2. 

For forensic-1.zip memory dump, Arif has the following tasks: 

Task 1 (When the Windows calculator is last used)

To find out when the Windows calculator was last used, Ai-if used volatility. After researching the volatility command reference and materials online, he successfully extracted the time in the format DD-MM-YYYY_HH:MM:SS timestamp in UTC. Which command can be used for this task and why? Explain each investigation step with screenshots. (Hints: commands relevant to registry and user) 

Task 2 (How many times Google Chrome is used)

Similar to Task 1, Arif also extracted the number of times (an integer count) that Chrome was used on the first staff member's computer. Explain each investigation step and provide the screenshots of each step. 

For forensic-2.zip memory dump, Arif has the following tasks: 

Task 3 (What are the computername and username)

To find the computername and username from the second memory dump, Arif extracted the resident pages for pid 1764 in memory and successfully identified the COMPUTERNAME and USERNAME. Which command can be used for this task and why? Explain each investigation step with screenshots. (Hints: commands relevant to process memory and memory dump) 

Task 4 (Listing the hive files) To extract the password(s)

from registry, Arif needs to first locate the virtual addresses of registry hives in memory, and the full paths to the corresponding hive on disk. Arif used volatility and successfully retrieved the virtual addresses of relevant registry hives in memory. Which command can be used for this task and why? Explain each investigation step with screenshots. (Hints: commands relevant to registry and hive list) 

Task 5 (Extracting hash)

Once the virtual addresses are available, Arif is ready to extract and decrypt cached password hash values stored in the registry. He used volatility and successfully extracted the password hashes. Which command can be used for this task and why? Explain each investigation step with screenshots. (Hints: commands relevant to registry and hash dump) 

Task 6 (Cracking the hash)

Arif picked up the LM and NTLM hash values corresponding to the username identified in Task 3 (of case 2). He used some online tool(s) and successfully cracked the hash value(s). Why IM and NTLM hashes have different cracked output. Explain the reason and each investigation step with screenshots. 

This IT Comuter Science Assignment has been solved by our IT Comuter Science Expert at My Uni Paper. Our Assignment Writing Experts are efficient to provide a fresh solution to this question. We are serving more than 10000+ Students in Australia, UK & US by helping them to score HD in their academics. Our Experts are well trained to follow all marking rubrics & referencing Style. Be it a used or new solution, the quality of the work submitted by our assignment experts remains unhampered. 

You may continue to expect the same or even better quality with the used and new assignment solution files respectively. There’s one thing to be noticed that you could choose one between the two and acquire an HD either way. You could choose a new assignment solution file to get yourself an exclusive, plagiarism (with free Turn tin file), expert quality assignment or order an old solution file that was considered worthy of the highest distinction.