(Forensics: DevManView) { Device and Driver Listing } Section 0: Background Information Background DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer. Reference Link:  http://www.nirsoft.net/utils/device_manager_view.html Lab Notes In this lab we will do the following: Download DevManView Install DevManView Perform a Device Analysis Save device driver inventory Legal Disclaimer As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices. In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability." In addition, this is a teaching website that does not condone malicious behavior of any kind. You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law. © 2012 No content replication of any kind is allowed without express written permission.   Section 1: Power of Damn Vulnerable WXP-SP2 Start VMware Player Instructions For Windows 7 Click Start Button Search for "vmware player" Click VMware Player For Windows XP Starts --> Programs --> VMware Player   Start Up Damn Vulnerable WXP-SP2. Instructions: Click on Damn Vulnerable WXP-SP2 Click on Edit virtual machine Settings Note(FYI): For those of you not part of my class, this is a Windows XP machine running SP2.   Edit Virtual Machine Settings Instructions: Click on Network Adapter Click on the Bridged Radio button Click on the OK Button   Play Virtual Machine Instructions: Click on Damn Vulnerable WXP-SP2 Click on Play virtual machine   Login to Damn Vulnerable WXP-SP2 Instructions: Click on Administrator Type your password: <Supply Password>   Open a Command Prompt Instructions: Start --> All Programs --> Accessories --> Command Prompt   Obtain Damn Vulnerable WXP-SP2's IP Address Instructions: ipconfig Note(FYI): In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116. In your case, Damn Vulnerable WXP-SP2's IP Address might be different.   Section 2: Download and Install DevManView Open Firefox Instructions: Start --> All Programs --> Mozilla Firefox   Download DevManView Instructions: Navigate to below URL http://www.nirsoft.net/utils/devmanview.zip Click the Save File Radio Button Click the OK Button.   Save DevManView Instructions: Navigate to Downloads File name: devmanview Click the Save Button   Open Containing Folder Instructions: Tools --> Downloads Right Click on devmanview.zip Select Open Containing Folder   Extract DevManView Instructions: Right Click on devmanview.zip Click on Extract All...   Extraction Wizard Instructions: Click Next   Select a Destination Instructions: Click Next   Extraction Complete Instructions: Click Finish   Section 3: Run DevManView Run DevManView Instructions: In Windows Explorer navigate to the following directory C:\Documents and Settings\Administrator\My Documents\Downloads\devmanview Right Click on DevManView.exe Click Open   Open File - Security Warning Instructions: Click Run   Open File - Security Warning Note(FYI): Below you will see a detailed summary of all the physical devices and drivers on your machine.   Section 4: Device Name Analysis Analyze your Ethernet Adapter Instructions: Right Click on the Ethernet Adapter Click on Properties   Ethernet Adapter Device Properties Note(FYI): Below you will see various attributes of the Device and its drivers.   Section 5: Saving your device/driver inventory Add Header Information Instructions: Click on "Options" in the menu bar Click on and Checkmark the "Add Header Line to CSV/Tab-Delimited File"   Select Devices Instructions: Click on "Edit" in the menu bar Click on "Select All"   Select Devices Instructions: Click on the disk icon. Filename: report-YYYYMMDD.csv In my case, report-20121222.csv YYYY = Year, MM = Month, DD = Day Save as type: Comma Delimited Text File (*.csv) CSV format allows for (1) ease of parse-ability, (2) database importation, and (3) excel spreadsheet importation. Click the Save Button   Generate HTML Report Instructions: Click on View in the menu bar Click "HTML Report - All Items"   View HTML Report Note(FYI): If your computer does not have Microsoft office we created a report in HTML format that can be viewed by any computer with a Web Browser.   Section 6: Proof of Lab Open a Command Prompt Instructions: Start --> All Programs --> Accessories --> Command Prompt   Proof of Lab Instructions: cd c:\tools\devmanview dir report* This should result in two files. date /t echo "Your Name" Replace the string "Your Name" with your actual name. e.g., echo "John Gray" Proof of Lab Instructions Press both the <Ctrl> and <Alt> keys at the same time. Do a <PrtScn> Paste into a word document Upload to Moodle

Help ComputerSecurityStudent pay for continued research, resources & bandwidth