Cyber Security Assignment ( Auditing)

Exercise 2: Auditing
Mark: 30%
This is the second exercise that makes up the Portfolio of CO4610.
A. Briefly explain the use of Windows Registry and demonstrate how the registry can be analysed using
RegShot.
Your discussion should show understanding of regedit and the structure of the registry. For the
demonstration, you are required to do the following:
i. Install RegShot on a Windows machine. You are strongly advised to use a virtual machine (VM)
as you may not be able to undo any registry changes you make. You can use a university provided
VM or one on your personal PC.
ii. Take a snapshot of the system’s registry.
iii. Perform some system changes or install a new software. That is, carry out any activity that will
cause some registry entries.
iv. Take a second snapshot of the registry. This must be done after (iii) above.
v. Compare the two snapshots and briefly discuss your findings. Use screenshots to document this
exercise.
B. On a Linux VM, create a log file in /var/log with your J number (e.g., J12345.log) that collects all
security related logs. Set logrotate to rotate all logs, including the new log, every hour. Compress
the rotated new log and change its permission to 0700. Document and discuss the process you have
taken using some screenshots.

Note: This will require you to create a logrotate configuration file for the new log. Remember that
the options in this log-specific configuration file override the global configuration options which are
contained in logrotate.conf. Refer to the lecture note or read online to remind yourself the
directories where relevant .conf files are stored.
______________________________________________________