This page introduces computer forensics lab setup and network forensics lap setup. Notes are given for students interested in setting up their own lab environment at home.
1. Computer Forensics Lab Setup
The machines in Olsen 310 have three virtual machines on them in the folder called c:\virtualmachines. Use the free VMware Player program on each lab machine to start a vmware station. Do not install any vmware tools if not instructed.
- Virtual Machine 1 - UMLSEEDUbuntu: Account setup is the same as the original SEEDUbuntu by Prof. Wenliang Du at Syracuse University. Click here to download the manual.
- Virtual Machine 2 - Unpatched Windows XP SP3: The administrator password for the xp machine is umlcs. DO NOT patch this system since the unpatched version has vulnerabilities we will exploit in labs.
- Virtual Machine 3 - Metasploitable2 (Linux): "Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means). To contact the developers, please send email to email@example.com. For more information please see the following URL: https://community.rapid7.com/docs/DOC-1875." - from Metasploitable2 README.
Students can also use this setup to run related network forensics labs.
2. Network Forensics Lab Setup
There are 6 virtual machines in our vmware cluster that have the Metasploitable2 vm on them - they are on an isolated network. The setup is illustrated in the following figure.
To get to the isolated network:
Step 1. Login the Linux server on our public network with an ip address of 126.96.36.199 via ssh program such as putty. Please contact Harry Lee (firstname.lastname@example.org) for username and password.
Step 2. Get to a team machine with IPs of 192.168.16.121-192.168.16.126
- Team 1 IP: 192.168.16.121.
- Team 2 IP: 192.168.16.122.
- Team 3 IP: 192.168.16.123.
- Team 4 IP: 192.168.16.124.
- Team 5 IP: 192.168.16.125.
- Team 6 IP: 192.168.16.126.
At this time, the user account, which is a pseudo account, on those machines is given below. Change the password immediately.
From the public server 188.8.131.52, you can login the team machine, for example, 192.168.16.121, using the following command:
- ssh email@example.com