Use the command line interface to run the following commands on a Windows computer. Use the output of the command and research to determine what the purpose of each command is and how it can be used to assist in gathering evidence.
|
Command |
Purpose |
Use as a forensics tool |
|
Doskey/history |
||
|
Time/t |
||
|
Net use |
||
|
Net sessions |
||
|
Net file |
||
|
Openfiles |
||
|
Nbtstat -c |
||
|
Netstat |
||
|
Tasklist |
||
|
Ipconfig |
| command | purpose | forensic tool |
|---|---|---|
| history | you can maintain a command history for each program that you start or repeat. You can edit previous commands at the program's prompt, and start doskey macros created for the program. | To extract what commands are executed |
| Time | used to display and set the current system time. | we can know time |
| Net use | used to connect to, remove, and configure connections to shared resources, like mapped drives and network printers | To know all connection history |
| Net sessions | used to list or disconnect sessions between the computer and others on the network. | To know trend of user activity in network |
| Net file | used to manage open files, close a shared file | know what files are accesssed |
| Openfiles | used to display all system files that are currently opened by users of the same computer network | Current activity of user |
| Nbstat -c | command-line tool that displays NetBIOS over TCP/IP statistics. | shows netBIOS |
| Netstat | TCP/IP networking utility, has a simple set of options and identifies a computer's listening ports, along with incoming and outgoing network connections | Resolve malware issues |
| tasklist | displays the process ID number for each running task, the name of the executable program that started the task | to know all tasks of user |
| Ipconfig | fast way of determining your computer's IP address and other information, such as the address of its default gateway | Track users based on ip |
Please upvote, comment incase of doubt
Get Answers For Free
Most questions answered within 1 hours.