INSTITUTE OF ACCOUNTANCY ARUSHA

ASSIGNMENT TITLE:
PROGRAM:
COURSE NAME:
COURSE ID:
BLOCK:
III

Scheduled Task for Backup and Email Notification

Masters in information security (MIS)
Computer Forensic
ITM 09316

NAME:
ASSIGNMENT

Edward simon

Reg. No: MIS/0030/T.2014

#:3

FACILITATORS: Dr. KHAMIS KALEGELE (kalegs03@gmail.com )

Question
The suspect that you are investigating is so good that he/she left no tracks. However, you have
established that the suspect has two behaviors.
-He/she often uses same USB external drive which you have already confiscated
-He/she often visit a particular website
In an attempt to identify the suspect, design a scheduled task which does the following
-Make backup of the windows log that records external device setup events
-Notifies you by email when the suspects device us connected to a computer

Solution
I.

Get the physical serial number (Manufacture serial number) of the

confiscated device

The physical serial number of the confiscated USB external device can be obtained using the
windows command line and scripting interface known as Windows Management
Instrumentation Command line (WMIC). To get the physical serial number can be captured
using the following steps.

1. Connect the confiscated device into the computer and then type the following command
as shown in the captured screen short below

2. The output of above command will show all the physical serial numbers (Manufacture
serial numbers ) of the connected devices as show in the screen shot below.

3. Then note the physical serial number of the device (i.e from the above screen shot we
got 057B0D35C030)

II.

Design the scheduled task algorithm

The following algorithms will be used to make backup log that records external
device events and notifies me by email when the suspect device is connected to the
computer.
Algorithm
1. Get s the physical serial number for all connected devices

2. Compare each serial number with the serial number of the confiscated one
(057B0D35C030)
3. If the one of the serial numbers is the same with the 057B0D35C030 then
notify me through the email address (kilindoaa@ardhi.go.tz) and do registry
backup to the specified path (E:\Backup) and exit the script.
4. If the no serial number is the same with the 057B0D35C030 wait for the 3
seconds and then go to step 1.
III.

The flowchart of the scheduled task

Flowchart for the above Algorithm is shown below.

IV.

The design code implementation

The following is the implementation of the above flow chart/Algorithm using the
batch script

V.

Make the script run at the startup/log in

The following steps can be used to make the above script run at the window startup

1.
2.
3.
4.

Log in with an Administrator account

Click on start and type Task Scheduler and hit return
Click on Task Scheduler Library
Click on Create New Task on the right hand side of the screen and set the
parameters as follows:
a. Set the user account to SYSTEM
b. Choose "Run with highest privileges"
c. Choose the OS for Windows7

5. Click on Triggers tab and then click on New Choose At Startup from the
drop down menu, click Enabled and hit OK

6. Click on the Actions tab and then click on New If you are running a .bat file
use cmd as the program the put /c .bat In the Add arguments field
7. Click on OK then on OK on the create task panel and it will now be
scheduled.
Add the .bat script to the place specified in your task event.