Prodiscover basic pdf#
Submit a single PDF file containing your results of doing the 4 investigations in the lab instructions on github. Save a list of the registry keys you found and their contents, and include them in your sumission for this lab.Use Edit->Find and Edit->Find Next to find the string “superior” and the string “denise” in the registry image.
Prodiscover basic install#
Download the AccessData Registry Viewer and install it.Now we are going to look for references to superior bicycles or denise robinson in the registry to see if they left tracks in the registry.Extract the system.dat and user.dat files to a temporary folder.For this lab, you can download some sample files. Begin by copying the two registry files to a temporary folder.In this scenario, we are trying to determine if a captured registry from an employee’s computer has any information which might be useful to a paralegal investigating a Denise Robinson, who works for a competitor, Superior Bicycles.
Prodiscover basic windows#
If you have an image capture that includes the system.dat and user.dat files form the windows folder on a c: drive, you can examine the registry in that image.
Prodiscover basic zip#
Use that ability to see if there are any pictures there of Clint Eastwood. Clicking on a file in the file listing allows you to view a file.Use the evidence tree to view the filesystems found in the image, and explore them to see what files are in the image.