ComputerSecurityStudent (CSS) [Login] [Join Now]




|FORENSICS >> Windows Tools >> Audit Tools >> Current Page |Views: 16150

(Forensics: DevManView)

{ Device and Driver Listing }


Section 0: Background Information
  1. Background
    • DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer.
    • In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer.

  2. Reference Link: 
  3. Lab Notes
    • In this lab we will do the following:
      1. Download DevManView
      2. Install DevManView
      3. Perform a Device Analysis
      4. Save device driver inventory

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

     

Section 1: Power of Damn Vulnerable WXP-SP2
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        1. Click Start Button
        2. Search for "vmware player"
        3. Click VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Edit virtual machine Settings
    • Note(FYI):
      • For those of you not part of my class, this is a Windows XP machine running SP2.

     

  3. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

     

  4. Play Virtual Machine
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Click on Play virtual machine

     

  5. Login to Damn Vulnerable WXP-SP2
    • Instructions:
      1. Click on Administrator
      2. Type your password: <Supply Password>

     

  6. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt

     

  7. Obtain Damn Vulnerable WXP-SP2's IP Address
    • Instructions:
      1. ipconfig
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • In your case, Damn Vulnerable WXP-SP2's IP Address might be different.

 

Section 2: Download and Install DevManView
  1. Open Firefox
    • Instructions:
      1. Start --> All Programs --> Mozilla Firefox

     

  2. Download DevManView

     

  3. Save DevManView
    • Instructions:
      1. Navigate to Downloads
      2. File name: devmanview
      3. Click the Save Button

     

  4. Open Containing Folder
    • Instructions:
      1. Tools --> Downloads
      2. Right Click on devmanview.zip
      3. Select Open Containing Folder

     

  5. Extract DevManView
    • Instructions:
      1. Right Click on devmanview.zip
      2. Click on Extract All...

     

  6. Extraction Wizard
    • Instructions:
      1. Click Next

     

  7. Select a Destination
    • Instructions:
      1. Click Next

     

  8. Extraction Complete
    • Instructions:
      1. Click Finish

 

Section 3: Run DevManView
  1. Run DevManView
    • Instructions:
      1. In Windows Explorer navigate to the following directory
        • C:\Documents and Settings\Administrator\My Documents\Downloads\devmanview
      2. Right Click on DevManView.exe
      3. Click Open

     

  2. Open File - Security Warning
    • Instructions:
      1. Click Run

     

  3. Open File - Security Warning
    • Note(FYI):
      1. Below you will see a detailed summary of all the physical devices and drivers on your machine.

 

Section 4: Device Name Analysis
  1. Analyze your Ethernet Adapter
    • Instructions:
      1. Right Click on the Ethernet Adapter
      2. Click on Properties

     

  2. Ethernet Adapter Device Properties
    • Note(FYI):
      1. Below you will see various attributes of the Device and its drivers.

 

Section 5: Saving your device/driver inventory
  1. Add Header Information
    • Instructions:
      1. Click on "Options" in the menu bar
      2. Click on and Checkmark the "Add Header Line to CSV/Tab-Delimited File"

     

  2. Select Devices
    • Instructions:
      1. Click on "Edit" in the menu bar
      2. Click on "Select All"

     

  3. Select Devices
    • Instructions:
      1. Click on the disk icon.
      2. Filename: report-YYYYMMDD.csv
        • In my case, report-20121222.csv
        • YYYY = Year, MM = Month, DD = Day
      3. Save as type: Comma Delimited Text File (*.csv)
        • CSV format allows for (1) ease of parse-ability, (2) database importation, and (3) excel spreadsheet importation.
      4. Click the Save Button

     

  4. Generate HTML Report
    • Instructions:
      1. Click on View in the menu bar
      2. Click "HTML Report - All Items"

     

  5. View HTML Report
    • Note(FYI):
      • If your computer does not have Microsoft office we created a report in HTML format that can be viewed by any computer with a Web Browser.

     

Section 6: Proof of Lab
  1. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
     
  2. Proof of Lab
    • Instructions:
      1. cd c:\tools\devmanview
      2. dir report*
        • This should result in two files.
      3. date /t
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth