Professor Davis' Website



5848485-54165500FTK Labs – Lab 5: Working with PRTK (Password Recovery Toolkit)(2019 Training Manual)Access Data Forensics – Training Manual: use .pdf scan of the 2016 Training/Lab Manual in BlackboardAssociated Reading in Training Manual: pages 9-1 to 9-28 (2019 Version)NOTE: There is a misprint in the AccessData Training Manual. You must use the “Washer.E01” image file for this lab (not “Mantooth.E01”). Also, replace the word “Mantooth” with the word “Washer” throughout the lab steps.Part 1. Special Instructions for “WORKING WITH PRTK – Exporting Encrypted Files from a Case” lab:Prior to beginning the steps in the lab, create a New Case in FTK called “Washer” (see FTK Lab 1 in Week #1 to review how to create a new case in FTK)In the new “Washer” case, add the evidence image file called Washer.E01In step #1, create the new folders on your VMWare View desktop. Also create a new folder called “Data.”In step #3, right-click on the “X marks the spot” file and choose Export (pick the last instance of “X marks the spot” in the list)Questions to Answer from Lab Part 1:Where can you find encrypted (i.e., password-protected) files in FTK?Can you open the “X marks the spot.doc” file? Why or why not?Part 2. Special Instructions for “WORKING WITH PRTK – Exporting a Word List and Create a Custom Dictionary” lab: Continue using the Washer.E01 image fileIn step #1a, be sure to select the “sam” and “system” files under windows\system32\configIn step #1c, save the “Washer Wordlist.txt” file to your VMWare View desktop. In step #3, click Tools > Dictionary Utility (not “Dictionary Tools”)In step #5, you should select “Washer Wordlist.txt” (not “Washer Wordlist Export.txt”)In step #7, the OK button does not existQuestions to Answer from Lab Part 2:What are two ways that you can open and view the contents of “Washer Wordlist.txt”?What content does the “Washer Wordlist.txt” contain?What file(s) from the suspect’s device was used to create the Washer Custom Dictionary? Part 3. Special Instructions for “WORKING WITH PRTK – Create a Biographical Dictionary”: Continue using the Washer.E01 image fileContinue to work in PRTKIn step #2, you must click on the drop-down on the right side of the screen in order to enter the required informationIn step #4, keep the default Save location (i.e., do NOT save “Washer BIO” to your desktop)Questions to Answer from Lab Part 3:Explain how the contents of the Biographical Dictionary “Washer BIO” was generatedPart 4. Special Instructions for “WORKING WITH PRTK – Create a Profile”: Continue using the Washer.E01 image fileContinue to work in PRTKIn step #5, you should select a total of three (3) Washer dictionariesQuestions to Answer from Lab Part 4:(none)Part 5. Special Instructions for “WORKING WITH PRTK – Recover Passwords”: Continue using the Washer.E01 image fileContinue to work in PRTKIn step #2, you can also drag and drop files into the PRTK interfaceIn step #3, select the first “X marks the spot.doc” file in the File List (there are two)Not sure why steps 4 and 5 are missing from their lab(?) :-p In step #7, notice the Key-Space attack option. NOTE: Although not part of this lab, the Key-Space option could be selected to perform a Brute-Force password recoveryIn step #21, select Tools > Decrypt Files > Set PasswordsQuestions to Answer from Lab Part 5:What is the contents of the “X marks the spot.doc” file?Why was the Key-Space (i.e., Brute Force attack) option not selected in step #5? ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download