Scribd Logo
Upload

Welcome to Scribd!

  • Artifacts - Windows Forensic Hands-On

    Uploaded by

    Yusuf
    1 views13 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views13 pages

    Artifacts - Windows Forensic Hands-On

    Uploaded by

    Yusuf

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    2nd INDIVIDUAL ASSIGNMENT DIGITAL FORENSIC

    “Artifacts - Windows Forensic Hands-On”

    DIGITAL FORENSIC

    CYBER SECURITY CLASS 2

    By:

    Muhammad Yusuf (001202200028)

    FACULTY OF COMPUTING

    VISUAL COMMUNICATION DESIGN STUDY PROGRAM

    CIKARANG, FEBRUARY 2024


    SAM
    A. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SAM:
    SAM\Domains\Account\Users\Names\yusuf

    It shows information specific to the user account include various settings and properties
    associated with the user account, but the specifics depend on the version of Windows and any
    customizations made to the system.

    SOFTWARE
    A. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows NT\CurrentVersion

    It shows information about the operating system on this device.


    B. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles

    It shows the list of wifi or network names that the device has been connected to.

    C. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows\CurrentVersion\Authentication\LogonUI
    Shows information about user account on this device.

    D. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE: Classes

    It show default app for certain extension files.

    E. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows Portable Devices\Devices
    It shows the list of device names that the laptop has been connected to.

    F. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows\CurrentVersion\Uninstall

    It shows the list of application names that have been uninstalled/deleted by the device.
    G. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SOFTWARE:
    Microsoft\Windows\CurrentVersion\Run

    It show the system that always runs in the background system on this device.

    SYSTEM
    H. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM:
    ControlSet001\Control\ComputerName\ComputerName

    It show the device name.


    I. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM: HardwareConfig

    It shows information about the device (hardware).

    J. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM:
    ControlSet001\Control\Windows
    It shows various configuration settings related to the behavior and appearance of the
    Windows operating system.

    K. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM:
    ControlSet001\Control\CrashControl

    It shows information about how many times the system crash/error appear.
    L. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM:
    ControlSet001\Control\Session Manager\Memory Management

    It shows various settings related to memory management in the Windows operating


    system.

    M. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\SYSTEM:
    ControlSet001\Services

    It shows information about configuration settings for various services installed on the
    system.
    NTUSER.DAT
    A. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\NTUSER.DAT:
    Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    Shows the list of last docs opened on this laptop.


    B. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\NTUSER.DAT:
    Software\Microsoft\Windows\CurrentVersion\Run

    Shows a list of apps started when the device is turned on in this device.
    C. C:\Users\yusuf\OneDrive\Desktop\Week 5 DigFor\NTUSER.DAT:
    Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery

    Shows the list of last search at File Explorer on this laptop.

    You might also like