please see the attached file

Name:

G#:

Lab Questions:

• ANSWERS MUST BE IN COMPLETE SENTENCES FOR FULL CREDIT.

• USE YOUR OWN WORDS.

• YOU WILL NOT RECEIVE CREDIT FOR QUESTIONS THAT ASK FOR DEFINITIONS OR EXAMPLES IF YOU USE THE ONES GIVEN IN THE DIRECTIONS.

1) What are the permissions for your .login file? Who can access this file and what can they do with it? (Hint: ls –al /etc/passwd)

2) What are the permissions for the /etc/passwd file? Who can access this file and what can they do with it? List two possible ways this file could be abused.

3) Where are the encrypted passwords stored on Linux/Unix machines? (Hint: What file?)

4) How might a forensic examiner use a password cracker (be specific)?

5) Why might a forensic examiner want to check /etc/passwd?

6) What logins and passwords did you find in the shadow file?

7) Where are passwords stored in Windows 7? (Hint: File path) How are they stored?

8) How do you create a new user account?

9) Do some searching and list some password cracking applications: (Not the ones listed in the instructions)

10) What federal law makes it illegal to traffic in passwords (Hint: review Lecture 2, full name and/or code section #):

11) What is an encrypted volume?

12) How can you tell that an encrypted volume is running? (Give multiple examples)

13) What is the estimated time it would take to crack AES 256 bit encryption using Brute Force?

14) Include a screen shot of the file/file contents in FTK Imager.

15) What happens when you try to export and open the encrypted test file from FTK Imager?

16) Include a screen shot of the file/file contents in FTK Imager.

17) What happens when you try to export and open the test file from FTK Imager?

18) What is PSTools and what does it show?