More Subjects
Student’s Name
Instructor’s Name
Course Code
Date
Information technology
1.0. What are the permissions for your .login file? Who can access this file and what can they do with it? (Hint: ls –al /etc/passwd)
The .login files contains settings which are executed when login. The permission to the .login file is 644, which the file is readable and only writable by the owner. However, the administrator can have access to .login files. At .login files an administrator can be able to edit files, create accounts and provide other commands.
2) What are the permissions for the /etc/passwd file? Who can access this file and what can they do with it? List two possible ways this file could be abused.
Unauthorized edit
Editing
3) Where are the encrypted passwords stored on Linux/Unix machines? (Hint: What file?)
- The encrypted passwords are stored in the /etc/shadow file in the Linux/Unix machines.
4) How might a forensic examiner use a password cracker (be specific)?
- John the Ripper can be used through the command prompt to crack password.
5) Why might a forensic examiner want to check /etc/passwd?
- The forensic examiners are required to check password to be able to gather evidence.
6) What logins and passwords did you find in the shadow file?
- Shadow files contain username and password in an encryption status.
7) Where are passwords stored in Windows 7? (Hint: File path) How are they stored?
- The passwords are stored in C:\users\username\AppData\Roaming\Microsoft\credentials.
8) How do you create a new user account?
Choose Start→Control Panel and in the resulting window, click the Add or Remove User Accounts link. The Manage Accounts dialog box appears.
Click Create a New Account. ...
Enter an account name and then select the type of account you want to create.
Click the Create Account button and then close the Control Panel
9) Do some searching and list some password cracking applications: (Not the ones listed in the instructions)
- John the Ripper, Ophcrack, AccessData and PSTools: are some of the applications which can be used in crackling password.
10) What federal law makes it illegal to traffic in passwords (Hint: review Lecture 2, full name and/or code section #):
- The Computer Fraud and Abuse Act (CFAA) I makes it illegal to traffic any password.
11) What is an encrypted volume?
- Encrypted volume is a technology which converts data or information codes which can only be decrypted by the owner only. It offers advanced security
12) How can you tell that an encrypted volume is running? (Give multiple examples)
-You checked at the BitLocker when it is on. It indicates that the encryption volume is running.
- If the entropy is high it shows that encrypted volume is working.
13) What is the estimated time it would take to crack AES 256 bit encryption using Brute Force?
- Using Brute Force it may take 500 million years to crack AES 256 bit encryption.
14) Include a screen shot of the file/file contents in FTK Imager.
Figure 1: FTK image
15) What happens when you try to export and open the encrypted test file from FTK Imager?
- A new dialogue box will open which indicates something wrong happens.
16) Include a screen shot of the file/file contents in FTK Imager.
Figure 2: FTK image appears when opening a encrypted file
17) What happens when you try to export and open the test file from FTK Imager?
- An error message is received and file reboot
18) What is PSTools and what does it show?
PSTools is a commandline tool package which has got some tools like the psexec, psservice, psloggedon, pslist and other standard command line. These commands are used to manage both local and remote systems and therefore, they are used to manage some remote systems. It is also regarded as cmds tools suite which contains cmd utilities. It mostly helps in providing remote administration work for windows.
More Subjects
Join our mailing list
© All Rights Reserved 2024