Forensics Lab Part 1

00:01

Hi. Welcome back to the core. So in the last video, we wrapped up our discussion on data acquisition.

00:06

In this video, we're gonna do part one of our lab, and then the next video, we'll do part two. So in this lab, we're gonna go ahead and acquire an image, and then we're just gonna perform a quick analysis.

00:16

So let's go ahead and get started. So here in our lab document Step number one. Just log in a cyber If you're not already logged in

00:24

Step number two, we're gonna select catalogue at the top of the page

00:28

and then we're gonna type in the word forensic and search for that.

00:31

So just go ahead and click on catalogue at the top. There,

00:36

we'll see about the search box on the left side here, and there's type in forensic.

00:42

I just kind of wait a second or so and it's gonna pull up some different search results. We're gonna see here that we have the computer forensics and investigations practice lab environment.

00:52

So let's go back to our lab document.

00:54

So we see that, Yes, that's the one that we want. The computer forensics in investigations.

01:00

So once we find that we're just gonna click the start now button to go ahead and launch the lab.

01:07

It might take a moment or so to launch the lab environment there. Let's go back to our lab document.

01:14

So now we're here it step six. So now we want to locate the understanding, the digital forensics profession and investigations. So that's the name of it. That's the lab we're looking for.

01:23

And we see here that that's that very top one right there. So just go ahead and click on that. And the next we're gonna click the start button.

01:30

It's gonna go ahead and launch the lab for us. And once it does, we see our virtual machines here. Let's go ahead and get those started. Oppa's well, So just cover your mouths over top here and just say power on

01:41

and do the same thing for all these just over your miles over top of that machine. And just select the power on option.

01:47

All right, so while those air booting up, let's go back to our lab document.

01:53

All right, so we see here in step six, we found our lab. We selected start button, and then step eight, we went ahead and just powered on all the virtual machines. So you'll see there in the background on the Tech in a moment or so, but they'll boot up eventually,

02:07

and then step nine were rescued. Gonna work now to the actually acquire the data. So in the real world, not in this lab environment, we would be using the right blocker. So that way we don't alter the data. See if you remember we covered that information.

02:21

However, in the lab environment, just gonna go ahead and continue on with our steps.

02:25

You'll see here in the background, everything's kind of booting up for us. So once your machines boot up, you're gonna be connecting to P Lab. Win 8 10

02:34

and by default, that generally is where it's gonna pop you in the lab anyways.

02:38

All right, So what, you're killing the connect to the P lab, win 10 days, give you win a 10

02:44

then it Step 11. Here we're doing double click the shortcut icon on the desktop that says pro Discover basic 64. So this one with that little Sherlock Holmes looking type of guy.

02:55

Once we do that, we're gonna see a dollar on dialogue backwards box. We're just going to say, Cancel to that. So go ahead and double click on that shortcut icon.

03:02

It's gonna launch it for us.

03:05

It might take a moment of soda pop up. You'll see. Here we have that launch dialogue box I mentioned. Just go ahead and click the cancel button at the bottom. Right.

03:15

Let's go back to our lab document.

03:17

So now it's Step 13. We want to select action at the very top, and then we're going to select the capture image options. Let's go and do that now. So click on action of the Very top here and then the capture image option that second that 1st 1 down,

03:36

go back to our lab document here. All right, so now we do see that we do have a papa box open.

03:40

So Step 15 under the source Dr Area were to select the E Drive that's labeled as U. S. B and then 4.997 gigabytes. So let's go ahead and do that now.

03:53

So under the source Dr Area granted clicking here, we want to select the E Drive, and it's the only Dr listed there. Obviously

04:00

the U. S. B 4.997 gigabytes. So go ahead and select that.

04:04

All right, let's go back to our lab document.

04:08

So now we're to click the button with two arrows in the destination area. So let's go ahead and do that now. So it's gonna be this little button on the right side here is going to click on that,

04:16

and we're gonna select use local path.

04:23

All right, So, Step 17 we've chosen the local path option there.

04:27

Next, we're gonna navigate ourselves to the sea, work data files, and then chapter one folder. So let's go ahead and do that now.

04:34

So on the left side here, go ahead, scroll down. Where to? Click on C

04:40

double click on the work

04:42

double click on data files on double click on the chapter one folder.

04:47

All right, let's go back to our lab document.

04:50

So now in step 19 we're gonna go ahead and name this file. So in the file name box area, we're gonna type in

04:58

CHP Dash P r. A. C. So, basically in chapter practice,

05:02

So let's go ahead and do that now.

05:04

So we're gonna type in capital I Lower case end capital C, lower case HP

05:11

Dash P R A c.

05:16

All right, so we've taught that in there. So now we're gonna click the save button just to save what we've done.

05:21

So go ahead. Say that file now.

05:24

All right.

05:26

So Step 21 here on the capture image. Papa, Box of that papa box. We have still have their We're gonna just type. You're a technician. Name your name in the technician box. Excuse me. So I'm just gonna type like a random name in there. You can type your name if you want to. You You're gonna stop a few characters if you want to. It's kind of up to you at that point.

05:44

So let's go ahead and do that now.

05:46

So right here in the technician named box.

05:48

Just go ahead and type your name. I'm just gonna type what is calling myself Bob right now.

05:54

All right. Once you've done that, go back to the lab document.

05:59

Our next step here in step 22. We're gonna go ahead and type that in chap Dash P. R. A. C. With them. We're gonna add 01 to the end of it. So we're gonna type that in the image number box. So let's go ahead and do that now.

06:15

All right? So in chap,

06:20

and then we're gonna type arrest here, Dash P r a C. Then again, instead of how we just had pleurisy appear, we're gonna be typing 01 at the end of that. So in Chap Dash, P R A. C 01

06:33

Let's go ahead and take that in there now.

06:36

All right, we'll go back to our lab document.

06:41

So now we're just gonna select the okay, But that's gonna close the pop up box for us.

06:45

And then we're gonna see here in step 24 at the bottom right of our screen will kind of see a little

06:51

green dash thing. They're kind of a bar that shows us the processing of it on. And then we're going to see that it might take about 20 to 30 seconds total to complete. Could take longer than that, depending on your particular connection. So just go ahead and click. Okay to that.

07:06

You see, down here we have our little process bar. They're going. It's estimating the time remaining again. It's gonna be variable there, and it probably takes around 20 to 30 sometimes 40 seconds. I would say, if you've got a really bad connection, maybe like a minute or so, but generally within about 20 seconds, it's usually done processing.

07:27

You'll see here on the left side. It's kind of jumping up there on the file numbers that it's, Ah, capturing there and you'll see where our endgame there is. Thea 10,479,615 So it's almost there, but not quite yet. So far, we have just a few more seconds.

07:47

All right, So whenever he gets done here and it's almost done there, we may see a papa Boxes says Image. Capture complete. And actually, we probably will see that on and then please check locked file for any airs. Once you see that, just go ahead and say select. Okay, there.

08:03

Let's go ahead and do that now. So we see that we do have that papa box right there. Let's go and say okay to that.

08:09

Let's go back to our lab documents here.

08:13

So now we're gonna just go ahead and close the pro discover tool for this portion of the lab. So in the next video, again, we're gonna actually analyze the capture. So here in step 26 just go ahead and say file at the very top left, and then just go ahead and exit.

08:28

You'll see it'll take a moment or so, but then pro discover will exit for us.