Scribd Logo
Upload

Welcome to Scribd!

  • Lab2 - 500086199 - JigeshSheoran - Digital Forensics

    Uploaded by

    devil cry
    73 views7 pages
    This document contains the answers to questions about analyzing a computer suspected of criminal activity. The questions and answers indicate that the computer belonged to Greg Schardt, also known as Mr. Evil. By examining various files and settings on the computer, the analysis revealed the IP address, MAC address, email address, newsgroups subscribed to, and IRC chat logs of the user. Potential hacking tools such as password crackers and packet sniffers were also identified as being installed on the computer.

    Original Description:

    University of Petroleum and Energy Studies - Digital Forensics II

    Original Title

    Lab2_500086199_JigeshSheoran_Digital Forensics

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains the answers to questions about analyzing a computer suspected of criminal activity. The questions and answers indicate that the computer belonged to Greg Schardt, also known as Mr. Evil. By examining various files and settings on the computer, the analysis revealed the IP address, MAC address, email address, newsgroups subscribed to, and IRC chat logs of the user. Potential hacking tools such as password crackers and packet sniffers were also identified as being installed on the computer.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    73 views7 pages

    Lab2 - 500086199 - JigeshSheoran - Digital Forensics

    Uploaded by

    devil cry
    This document contains the answers to questions about analyzing a computer suspected of criminal activity. The questions and answers indicate that the computer belonged to Greg Schardt, also known as Mr. Evil. By examining various files and settings on the computer, the analysis revealed the IP address, MAC address, email address, newsgroups subscribed to, and IRC chat logs of the user. Potential hacking tools such as password crackers and packet sniffers were also identified as being installed on the computer.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    1

     UNIVERSITY OF PETROLEUM AND ENERGY STUDIES


    DEHRADUN

     
    DIGITAL FORENSICS LAB
    LAB 2 Greg Schardt Case Study

    BTECH-COMPUTER SCIENCE
    ENGINEERING (HONS.)
    CYBER SECURITY AND FORENSICS 
    BATCH: B2 (Hons.) 
     

    Name: Jigesh Sheoran 


    SAP ID: 500086199 
    Enrolment No: R2142201569 

    Q.11) A search for the name of “G=r=e=g S=c=h=a=r=d=t” reveals multiple hits. One of these
    proves that G=r=e=g S=c=h=a=r=d=t is Mr. Evil and is also the administrator of this
    computer. What file is it? What software program does this file relate to?

    JIGESH SHEORAN
    500086199
    2

    Solution: In the irunin.ini file, it is mentioned that regowner is Greg Schardt while the LAN
    user is Mr. Evil which proves that both are same.

    Q.12) List the network cards used by this computer.

    Solution: Full Path = “C:\windows\system32\config\software\Microsoft\Windows NT\


    CurrentVersion\NetworkCards”

    JIGESH SHEORAN
    500086199
    3

    Q.13) This same file reports the IP address and MAC address of the computer. What are they?

    PATH:  “C:\Program Files\Look@LAN\irunin.ini”.

    Q.14) An internet search for vendor name/model of NIC cards by MAC address can be used to
    find out which network interface was used. In the above answer, the first 3 hex characters of

    JIGESH SHEORAN
    500086199
    4

    the MAC address report the vendor of the card. Which NIC card was used during the
    installation and set-up for LOOK@LAN?

    Solution: We just found out the MAC address in the above question which is
    MAC: 0010a4933e09

    Q.15) Find 6 installed programs that may be used for hacking.

    1. 123WASP:- Freeware used to get all stored passwords.

    JIGESH SHEORAN
    500086199
    5

    2. b) Anonymizer:- Tool used to create a proxy.

    3. c) Cain:- Password cracking tool

    4. d) Ethereal:- Packet sniffing tool

    5. e) Look@LAN:- Network monitoring tool

    6. f) NetStumbler:- wireless networking tool to hack wifi password

    Q.16) What is the SMTP email address for Mr. Evil?

    PATH: “C:\Documents and Settings\Mr. Evil\NTUSER.DAT”

    Q.17) What are the NNTP (news server) settings for Mr. Evil?

    JIGESH SHEORAN
    500086199
    6

    PATH:  “C:\Documents and Settings\Mr. Evil\NTUSER.DAT”

    Q.18) What two installed programs show this information?

    PATH:  “C:\windows\system32\config\software\clients\mail”

    Q.19) List 5 newsgroups that Mr. Evil has subscribed to?

    JIGESH SHEORAN
    500086199
    7

    PATH: “C:\Document and Settings\Mr. Evil\Local Settings\Application Data\Identities\


    {EF086998–1115–4ECD-9B13 9ADC067B4929} \Microsoft\Outlook Express”

    Q.20) This IRC program has the capability to log chat sessions. List 3 IRC channels that the
    user of this computer accessed.

    PATH: “C:\Program Files\mIRC\logs”

    The three IRC channels are:


    Ushells.undernet.log, Elite.hackers.undernet.log, & Mp3xserv.undernet.log.

    JIGESH SHEORAN
    500086199

    You might also like