Hard Disks and File Systems Add/Remove Pro Lab

FacebookTwitterGoogle+LinkedInEmail
Description
The add/remove lab is the last demonstration lab in Module 7, Hard Drives and Files Systems. This utility is great is the equivalent of Easycleaner Regshot except it finds and removes all the add/remove list items from the system, something a hacker would to hid the fact they modified the system. Add/remove Pro is an excellent and essential tool for forensic analysis because you can trace determine what was done to the system by the list items the Add/Remove tool will find. [toggle_content title="Transcript"] Hi, Leo Dregier here. I want to talk to you about a tool called Add/Remove Pro, and effectively what it does is it takes all of the things out of your lists here Add/Remove and, uh, effectively, uh, deletes them and cleans them up, so it’s a utility that someone could use to basically try to hide their tracks, and that’s certainly falls in the realm of forensics and forensics analysis. So when you first launch, the tool comes up and says Add/Remove Pro checks, removes, uninstalls entries in Windows Add/Remove program list. Um, so click on the install button and proceed with the installations. We’ll go ahead and install it, and we’ll agree to the licensing. We’ll put it right in Program Files, that’s fine. Um, and it says set up cannot copy the file Add/Remove Pro, uh, so let’s retry – it’s not going to work. Cancel, and we’ll go ahead and cancel the utility. Okay, so effectively, uh, by just changing the directory, I was able to get Add/Remove Pro to install. Um, I haven’t normally had problems with the installation of that, so that’s looks like more of a hiccup and anomaly more so than anything else. So, let’s go ahead and look at Add/Remove Programs. Add or Remove programs, we have a whole bunch of stuff here. Uh, so you’ve got Add/Remove Pro, Advance Encryption Package, Big Mother, Easy Cleaner, okay? All of the, uh, Add/Install, uh, forensics programs that I’ve been doing videos on, that’s the theme here, okay? You can refresh the list a couple times if you like. So, um, you can kind of go over the introduction, the accuracy, the status messages. It’s basically a tutorial down here on how to use this file, um, how to find the uninstall strings, uh, how to create backups, all entries, and things like that. So what effectively you could do is you could take something, uh, like the program Add/Remove Pro, and uninstall a program; make sure I want to uninstall this program, yes, let’s go ahead and uninstall it – the actual program that I’m using, and see if it removes from this list. All right? So, looks fine to me; looks like it’s still there. If we hit F5 here, um, still here. Let’s see if the Uninstall works from here. Make sure you want to remove this specific utility, yes. Add/Remove Pro is successfully removed from your computer, all right? Interesting because I still have it open right here. So that just goes to show you, sometimes tools, they work exactly how they sound, sometimes they don’t work exactly how they sound, um, but you get to test them out and evaluate them. Um, in this case, a user would be using this tool, thinking that it would be working, and it’s actually not cleaning the tracks, so that’s the takeaway here. Sometimes it’s nice to show programs and, you know, how cool they are, but also it’s nice to show exceptions and deviations from what you expect normal behavior to be, and there’s several of those types of videos, um, including in here, where the student has to evaluate does this make sense? Okay, so these are one of the, the questionable videos in the series. [/toggle_content]
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel