ISE 640 Module Five Lab 2 Activity
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
640
Subject
Industrial Engineering
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by xavierfrederickx
Xavier Frederick
ISE 640 Module 5-2 Lab Activity
Southern New Hampshire University
10/22/2023
I. Lab Summary:
In the initial part of this lab, we were asked to examine various logs and scheduled tasks in the Windows 7 operating system. This involved opening the command prompt and launching the Event Viewer program. We could then access, analyze, and search through different Windows
logs, specifically looking for .net files. Additionally, we were able to export the application log and security log into a text file and view their contents in Notepad. We also generated an event in
the system log and exported the security log for further analysis.
Moving on to the second section, we focused on examining logs related to the Internet Information Services (IIS) on the Windows 7 machine. We started by connecting to the Windows
7 website from different computers. This allowed us to observe and analyze the IP addresses and user agents associated with each connection. We accessed the website first from a Linux machine
using the Iceweasel browser and then used the wget command in the command prompt to download the website information. We repeated the same process using Internet Explorer and the
command prompt on a Windows 10 machine. Finally, we located the user log files in Windows 7,
which contained detailed information about the connections made to the website.
The third and final section demonstrated how to examine log files in a Linux environment. We began by using the Apache program to view all open ports on the Linux system. Next, we used the Ubuntu system to download the Kali webpage using the wget command. We then logged into the Linux computer and utilized the Kali system to access log files, examine connections made with wget, and view flag files. Additionally, we created SSH keys by creating a username and password, and then verified the password using the Ubuntu machine. Finally, we switched back to the Linux machine to view the auth.log for the user.
II. Specific Practices or Resources:
Log files are highly valuable in forensic investigations as they provide a detailed record of events. Despite their seemingly insignificant nature, a single log can be crucial evidence in a case. When properly configured and managed, logs can serve as an unchangeable fingerprint of system and user activity. They can reveal important information such as the involved systems,
their behavior, accessed information, and the timing of these activities. Log files essentially tell the true story behind an incident. In Windows, logs can be analyzed using Microsoft Event Viewer, which categorizes logs as information, warnings, errors, or critical events. This tool provides a well-organized view of logs. Additionally, Windows allows users to export logs to a .txt file and open them with Notepad
for further analysis. In Linux systems, logs can be viewed by accessing the Apache program in Kali or using the command /var/log. On Ubuntu, logs can be accessed using the auth.log command.
Overall, the information contained in log files is universally available on all computer platforms and can be accessed through command prompts. However, Windows is the only system that offers the convenience of using the dedicated Event Viewer program, providing a more user-friendly experience for viewing log files.
III. Examining Windows Event Logs, IIs Logs, and Scheduled Tasks
Step 20: Challenge #1 Complete
Step 34: Challenge #2 Complete
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Examining Windows IIs Logs
Step 25: Output of Web Logs
Examining Linux Log Files
Step 22: Challenge #4 Complete
Step 40: Challenge #5 Complete