5Lab Assignment: Lab Three ReportAssignment 
To complete this assignment, review the prompt and grading rubric in the Lab Three Guidelines and Rubric document. Use the Lab Report Template to structure your lab report. When you have finished your work, submit the assignment here for grading and instructor feedback.
This assignment requires you to use CYBRScore.
Lab Report Template
Complete each of the critical elements in your lab and submit this report to your instructor for grading in your course. Be sure to keep the lab reports that you complete and review, along with any feedback provided by your instructor, as they will help you create a quality submission for your final project. Review the individual lab guidelines and rubric documents for more information on these assignments.
You may complete the report in a separate Word document. If you choose to use a separate document, include all the questions asked in the guidelines and rubric document for that lab, as well as the accompanying screenshot. Your completed report should reflect the information below. Add additional question numbers with accompanying description and screenshot as needed to match the total number of questions required on a given lab guidelines and rubric document.s
1. Lab Number and Name:
2. Brief Summary of Lab:
· What did you do in the lab?
· How did it work?
· What did you look for/find?
3. Specific Practices or Resources:
· Briefly describe the specific practices or resources that were most important in terms of supporting the investigation and maintaining evidentiary integrity in this lab. For example:
a. Chain of custody practices
b. Digital forensic tools
c. Incident response tactics
4. Best Practices:
· Briefly describe best practices or resources necessary in terms of next steps in this lab scenario.
5. Screenshots:
· Include screenshots that support items 3 and 4 in your briefing.
Ensure your entire report is appropriate to your internal audience, employing brevity and consumable language (in this lab, your audience will be your teammates/company attorneys/executive team).
Lab Three Guidelines and Rubric
Creating a Baseline Using the Windows Forensic Toolchest
Overview: You will be completing several labs throughout this course. The purpose of these labs is twofold:
The experience will provide you with valuable opportunities to “walk a mile” in the shoes of a forensic practitioner performing basic forensic tasks. Gaining this type of experience is necessary in managing and relating to the individuals and teams with whom you will interact with in the field.
Practice the communication and writing skills you will need to employ in both pieces of your final project.
It is important to note that these activities are important to your final project but do not share the same scenario as your final project. They are practice opportunities that focus on a specific but smaller set of topics and skills. You will complete a lab “briefing” paper and submit it to your instructor for grading. A template of this brief is provided for you.
Scenario: Please be aware that the instructions given inside of Lab Three refer to a separate scenario, not the one that we will be addressing in class. Use our classroom scenario to focus your learning in the lab.
In the previous lab, Lab Two, you were given the following scenario: While working for ACME Construction Company, you have been tasked with an investigation of a Windows 8 hard drive. You have been told that your company suspects a high-level employee of a policy violation. It is believed that Drew Patrick wrongfully copied sensitive corporate documents containing valuable intellectual property (IP) to his personal computer. Further, there is reason to believe that he may have then provided the documents to a competitor. Due to the value of the IP, the investigation has moved from a simple incident response to a forensic investigation.
In Lab Two, you finished creating and verifying an image for use in the forensic lab. Lab Three will have you tasked with a different part of the investigation. Wily miscreants will often attempt to cover their tracks. One supposedly clever way of doing this is to create a separate login account and use that account to perform all their evil deeds. Any decent investigator will analyze all the accounts, their creation dates, privileges, and activities in an effort to rule out the idea of evidence being planted by another or any attempt to cover one’s tracks.
Windows Forensic Toolchest (WFT) is often used on Windows computers to quickly and easily gather many details concerning the operating system and related functions. An investigator can use WFT to run a scripted set of commands that will allow them to easily identify many properties such as logins (successful or failed), network shares, groups and accounts, and many others. Proper documentation of these settings and characteristics will help to weaken the “it was not me” argument.
In your lab, be sure to document the following for your final project:
1. Internet protocol (IP) address of the computer at the time of the examination (IPCONFIG)
2. List of user accounts on the suspect machine (NET USER)
3. List of users who have logged on locally (LOGINS – ALL)
4. The shared directories on the network, which may aid in passing data outside of the company-controlled environment (NET SHARE)
5. The security logs and their details will be used in the log analysis lab. You can take a quick look at them here so you know what to expect during the following lab. (EVENT LOGS – SECURITY LOG)
as usual sensitive information will be communicated to you directly.Thank you
