Analyze the SYSTEM hive using the Registry Explorer tool and unswer the following questions:

a$.$ What is the current control set? $($SYSTEMSelectCurrent$)$

Why is it important to know what the CurrentControlSet is$?$

b$.$ What is the timezone when the image of the evidence hard disk was captured? $($SYSTEMCurrentControlSetYControllTimeZonelnformation$)$

Why is it important to know the time zone that the machine is set in$?$

c$.$ Is the LastAccess timestamp disabled?

$($SYSTEMCurrentControlSetControl$/$FileSystem$)$

Locate NtfsDisableLastAccessUpdate. If set to Ox$1,$ then Access timestamps aro disabled and will not update when a file is opened.

d$.$ What is the computer name?

$($SYSTEMYCurrentControlSet Control CompuerNamelComputerName$)$

e$.$ Check the GUID $\{5185491$C$-401$D$-491$E$-8$c$6$F$-07$F$6$AFFF $1$A$64\}($SYSTEMCurreniControlSet Services$/$Tcpip YParameters Interfaces$)$

What is the DHCPDomain?

What is the last DHCPIPAddress?

f$.$ Find the Network named LOT$38$

$($SOFTWARETMicrosoft WindowsiNTVCurrent Version$\backslash$NetworkList Signatures$)$ Unmmanaged,

SOFTWAREMierrsoft Window NNTCurrent Version $($NetworkList Profiles$)$

$\backslash$table$[[$Description$],[$Gateway$],[$ProfiloGuid$],[$First Connection$],[$Last Connection$],[$Connection Type$],[$WIGLE lookup?$]]$

For the WIGLE lookup, go to wigle net $>$ View $>$ Basic search

g$.$ Find the Network named District Taco

$($SOFTWARE$($Microsoft$\backslash$ WindowsNTVCurent Version$)$NetworkList$\text{'}$SignaturesalUmananaged$,$ SOFTWARELMicrosoft WindowsNI$$CursentVerstonWNetwarkList$\backslash$Profiles$)$

$\backslash$table$[[$Description$,],[$Gateway$,],[$ProfileGuid$,],[$First Conncction,$],[$Last Connection,$],[$Connoction Typo,$],[$WIGLE lookup?,$]]$

h$.$ When was the computer gracefully shur down last time $(64$ bit Hes Vallue$-$Litule Endina$)?($SYSTEMCurrentControlSet$)$Contro$$Windows$)$