Forensic evaluation task

# Forensic evaluation task ## Write up #### Tools used: FTK Imager Registry Explorer DB Browser for SQLite Started off by analyzing the given disc image in FTK imager 1. Name of the computer. DESKTOP-G5R87FV Path: windows\System32\Config\<system reg>\computer name We can find it in the system registry ![](https://github.com/aryaarun12/eval/blob/main/1.png?raw=true) 2. Name of the primary user. Mark Gifford Path: Software registry\LogonUI ![](https://github.com/aryaarun12/eval/blob/main/2.png?raw=true) 3. What OS and version is being used? Windows 10 Pro Path: windows\System32\Config\<software reg>\current version\product name\ ![](https://github.com/aryaarun12/eval/blob/main/3.png?raw=true) 4. What is the nickname of the primary user? Snoop Path: Software registry\LogonUI ![](https://github.com/aryaarun12/eval/blob/main/2.png?raw=true) 5. What OS and version is being used? Windows 10 Pro Path: windows\System32\Config\<software reg>\current version\product name\ ![](https://github.com/aryaarun12/eval/blob/main/3.png?raw=true) 6. What Time Zone is this computer running on? Central Standard Time Path: windows\System32\Config\<system registry>\time zone info ![](https://github.com/aryaarun12/eval/blob/main/6.png?raw=true) 7. What activity does the user seem to be planning? 8. What items might the user be targeting? Provide in format (Title, Date, Accession Number), (Title, Date, Accession Number) 9. Where are these items located? (Building Name) 10. Who might the items be given to for selling? 11. What items does the user need for this activity? 12. Where is the group meeting? 13. Who is the user thinking about working with? 14. What is the password? ## Author [rayst4rk](https://twitter.com/rayst4rk)