Conducting_Forensic_Investigations_on_System_Memory_4e_-_Frances_Butters

.pdf

School

Indiana University, Purdue University, Indianapolis *

*We aren’t endorsed by this school

Course

420

Subject

Information Systems

Date

Apr 29, 2024

Type

pdf

Pages

Uploaded by AdmiralParrotPerson970 on coursehero.com

Conducting Forensic Investigations on System Memory (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 10 Student: Email: Frances Butters fbutters@iupui.edu Time on Task: Progress: 2 hours, 50 minutes 100% Report Generated: Thursday, February 29, 2024 at 2:31 PM Section 1: Hands-On Demonstration Part 1: Capture Memory using DumpIt 3. Make a screen capture showing the DumpIt success notification . Part 2: Analyze Memory using E3 Page 1 of 7

Conducting Forensic Investigations on System Memory (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 10 8. Make a screen capture showing the list of processes in the memory dump . 10. Record the start times for the oldest process and the newest process. 7/12/2021 4:24:49 AM 7/12/2021 6:42:43 AM 15. Document your findings for the conhost.exe process. What is it and what is it used for? Conhost.exe is a safe file that is essential for Microsoft Windows system that is used to thwart malware exploitation. 17. Document your findings for the hooker.exe process. What is it and what is it used for? hooker.exe is a program that is used to connect to the Internet and record the keyboard and mouse inputs, and monitor applications. Page 2 of 7

Conducting Forensic Investigations on System Memory (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 10 21. Make a screen capture showing the registry keys opened by the Hooker.exe process . 23. Make a screen capture showing the files opened by the hooker.exe process . Page 3 of 7

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help