speedstill.blogg.se

Getting last shutdown time accessdata ftk imager
Getting last shutdown time accessdata ftk imager







getting last shutdown time accessdata ftk imager
  1. GETTING LAST SHUTDOWN TIME ACCESSDATA FTK IMAGER SOFTWARE
  2. GETTING LAST SHUTDOWN TIME ACCESSDATA FTK IMAGER CODE

GETTING LAST SHUTDOWN TIME ACCESSDATA FTK IMAGER SOFTWARE

Evil possesses an account on this device.įinding 4 A software program used to capture and monitor data packets passing through wired and wireless networks (Ethereal) was installed on this device.įinding 5 The software program Ethereal was configured in a promiscuous mode, a setting needed in order to infiltrate unauthorized data packets on a network.įinding 6 The software program Ethereal was running while Greg Schardt aka Mr. The Ethereal program was configured to function in promiscuous mode:Įthereal configuration file indicating where saved text file of unauthorized intercepted Internet traffic:Īctual file location of Ethereal capture text file:ĭata captured from Ethereal file verifying the capture of unauthorized network data packets:įinding 1 System configuration information confirms that Greg Schardt is the owner of this device.įinding 2 Greg Schardt is identified with the user name Mr. The following verifies that the network packet capturing software program Ethereal was installed upon this computer: Evil possesses an account on this device. The following was retrieved that verifies that Greg Schardt / Mr.

getting last shutdown time accessdata ftk imager

Evil on LANHOST / LANDOMAIN N-1A9ODN6ZXK4LQ:Ī second example identifying Schardt as Mr. Schardt’s laptop contained configuration files identifying himself as Mr. The identified computer name for this device: This details information that Greg Schardt is the registered owner for this laptop. The following display was recovered from Greg Schardt’s laptop. Last recorded computer shutdown date / time Summary of data captured from Schardt’s laptop DateĮthereal (data packet capturing software) initiated Evil was logged onĮthereal configuration file indicating where saved text file of unauthorized intercepted Internet traffic Text file verifying that a network data capturing application was configured in promiscuous modeĮthereal was running while Schardt / Mr. Evilĭirectory showing the installation of a network data capturing application Information confirming that Schardt is affiliated with the user name Mr. SUMMARY OF PERTINENT EVIDENCE COLLECTED #Ĭonfiguration information verifying that Schardt is the registered owner of the device Evil\NTUSER.DAT: $$$PROTO.HIV\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\\CountĤDell Latitude CPi.E01\Partition 1 \NONAME \\Documents and Settings\Mr. Evil\Application Data\Ethereal\preferencesĤDell Latitude Cpi.E01\Partition 1 \NONAME \Documents and Settings\Mr. GREG SCHARDT EVIDENCE ITEMS Evidence ItemĤDell Latitude Cpi.E01\Partition 1 \NONAME \\WINDOWS\system32\config\system: $$$PROTO.HIV\ControlSet001\Control\ComputerName\ComputerNameĤDell Latitude Cpi.E01\Partition 1 \NONAME \\WINDOWS\system32\config\software\$$PROTO.HIV\Microsoft\Windows NT\CurrentVersionĤDell Latitude CPi.E01\Partition 1 \NONAME \\Program that aĤDell Latitude CPi.E01\Partition 1 \NONAME \\Program Files\Ethereal\ethereal.exeĤDell Latitude Cpi.E01\Partition 1 \NONAME \\Documents and Settings\Mr. Unauthorized interception of electronic communicationĪccessData FTK Imager 4.3.0.18 Registry Explorer 1.5.2.0 Evil, intercepted the electronic communications of another user without authorization To determine if Greg Schardt, also referred to as Mr.

GETTING LAST SHUTDOWN TIME ACCESSDATA FTK IMAGER CODE

Code § 2511 – Interception and disclosure of wire, oral, or electronic communications prohibited ĭell CPi Notebook Computer of Greg Schardt aka Mr.

getting last shutdown time accessdata ftk imager getting last shutdown time accessdata ftk imager

Evil.” Some of Greg Schardt’s associates have said that he would park his vehicle within range of Wireless Access Points (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numbers, usernames & passwords”. This laptop computer is registered to Greg Schardt, who also goes by the online alias of “Mr. It is suspected that this computer was used for hacking purposes. “On, a Dell CPi notebook computer was found abandoned along with a wireless PCMCIA card and an external homemade 802.11b antennae. The intention of this digital forensics report is to provide examination procedures, findings, and recommendations from fictitious evidence regarding the unauthorized use of capturing Internet traffic.









Getting last shutdown time accessdata ftk imager