2.

1Computer Forensics Basics

Computer forensics is a branch of digital
forensics that focuses on collecting,
analyzing, and preserving digital evidence
from computers and other digital storage
devices in a way that is admissible in court.
It is used in cybercrime investigations, legal
disputes, and security incident response.

2.1.1 Key Principles of Computer

Forensics
1. Preservation of Evidence
o Ensure digital evidence is not altered
or tampered with.
o Use write-blockers to prevent
modification of original data.
2. Chain of Custody
o Document every step in handling
evidence to maintain integrity.
o Track who accessed or analyzed the
data.
3. Forensic Soundness
o Use industry-standard tools and
techniques.
 o Ensure all actions are repeatable and
verifiable.
4. Data Recovery and Analysis
o Extract deleted files, logs, and
hidden data.
o Analyze metadata, timestamps, and
access logs.
5. Legal and Ethical Considerations
o Ensure compliance with laws like
GDPR, HIPAA, and CFAA.
o Maintain confidentiality and follow
ethical guidelines.

2.1.2 Computer Forensics Process

1. Identification – Recognizing
potential sources of digital evidence.
2. Collection – Securely acquiring data
from devices (e.g., hard drives, USBs,
cloud storage).
3. Examination – Filtering and
identifying relevant data.
4. Analysis – Reconstructing events
and finding anomalies or criminal
activity.
 5. Documentation & Reporting –
Preparing a detailed forensic report for
legal or corporate use.
6. Presentation – Providing expert
testimony if needed.

Common Forensic Tools

 Autopsy & The Sleuth Kit – Open-
source forensic analysis.
 FTK (Forensic Toolkit) – Digital
forensic investigation software.
 EnCase – A widely used forensic tool for
evidence collection.
 Wireshark – Network traffic analysis.
 Volatility – Memory forensics and
malware analysis.

2.2Computer Forensic Analysis

Techniques
Computer forensic analysis involves
investigating digital evidence to uncover
cybercrimes, data breaches, or unauthorized
activities. Various techniques are used to
recover, analyse, and interpret digital data
while ensuring its integrity. Below is a
detailed breakdown of key forensic analysis
techniques:

2.2.1.Disk and File System Analysis

Disk Imaging & Forensic Duplication
 Before any investigation, forensic
analysts create an exact copy of the
suspect's disk to prevent altering the
original data.
 Tools: FTK Imager, EnCase, dd (Linux
command-line tool), Guymager
Steps:
1. Create a forensic image of the hard
drive using tools like dd or FTK Imager.
2. Use hashing algorithms (MD5,
SHA-256) to verify integrity.
3. Store the image securely for further
analysis.

File Recovery & Carving

 Even after deletion, files can often be
recovered from the disk.
  File carving reconstructs fragmented
files without relying on the file system
metadata.
Techniques:
1. Recover deleted files using tools
like Autopsy, TestDisk, or PhotoRec.
2. File carving for fragmented data
using Scalpel, Foremost.
3. Analyze file metadata (creation
date, last modified, access logs).

2.2.2 Memory (RAM) Analysis

Memory forensics is crucial for analyzing
running processes, malware, and encryption
keys.
Volatile Data Collection
 Volatile data (stored in RAM) disappears
when the system is turned off.
 Analysts capture RAM to analyze active
processes, network connections, and
encryption keys.
 Tools: Volatility, Rekall, DumpIt,
Belkasoft RAM Capture
Steps:
 1. Capture RAM using DumpIt or
Belkasoft RAM Capture.
2. Analyze the memory dump using
Volatility to detect hidden processes
and malware.
3. Extract encryption keys,
passwords, or hidden commands
from memory.

2.2.3 REGISTRY AND LOG FILE

ANALYSIS
The Windows Registry and system logs store
essential information about user activity,
installed programs, and system events.
Windows Registry Analysis
 Registry analysis helps track user
activity, malware persistence, and
system modifications.
 Tools: RegRipper, FTK Imager, NirSoft
Registry Tools
What to look for?
 Auto-run keys: Check if malware is set
to run at startup.
  USB history: Find evidence of external
storage devices.
 Recently accessed files: Determine
what files the suspect opened.
Log File Analysis
 System logs contain timestamps and
event records of user activity.
 Logs can be found in Windows Event
Viewer, Linux logs (/var/log/), or
application logs.
 Tools: Splunk, LogParser, ELK Stack
(Elasticsearch, Logstash, Kibana)
Key log files to analyze:
 Security logs: User login/logout
records.
 Application logs: Actions performed by
software.
 Network logs: Internet activity and IP
addresses.

2.2.4 Network and Internet Forensics

Network Traffic Analysis
  Analyzing packet captures (PCAP files)
can reveal unauthorized data transfers
and cyberattacks.
 Tools: Wireshark, Zeek (Bro),
TCPDump
Techniques:
1. Monitor real-time network traffic
to detect malicious activity.
2. Analyze HTTP/HTTPS requests to
trace browsing history.
3. Identify anomalies like
unauthorized file transfers, DNS
tunneling, or C2 (command-and-control)
communications.
Email and Browser Forensics
 Investigating email headers and browser
history can reveal phishing attempts and
cybercrimes.
 Tools: MailXaminer, Xplico, Browser
History Viewer
What to analyze?
 Email headers: Identify sender’s IP and
email spoofing attempts.
  Browser history & cookies: Recover
search queries, visited sites, and
timestamps.
 Downloads and attachments: Analyze
potentially malicious files.

2.2.5️Malware Analysis
Static Analysis (Without Executing
Malware)
 Examining the file structure, metadata,
and code of malware.
 Tools: VirusTotal, PEStudio, ExifTool
Steps:
1. Extract file metadata and hashes.
2. Identify obfuscation techniques
(packing, encryption).
3. Check malware signatures in
VirusTotal.
Dynamic Analysis (Executing Malware
in a Controlled Environment)
 Running malware in a sandbox to
observe its behavior.
  Tools: Cuckoo Sandbox, Any.Run,
Hybrid Analysis
Steps:
1. Execute malware in an isolated
virtual machine.
2. Monitor API calls, registry
modifications, and network connections.
3. Extract payloads and analyze
malicious scripts.

2.2.6️Steganography and Hidden Data

Analysis
Criminals use steganography to hide data
inside images, audio files, or other digital
formats.
Steganalysis Techniques
 Detecting hidden messages in
multimedia files.
 Tools: StegHide, OpenStego,
OutGuess
Steps:
1. Extract hidden files using StegHide.
 2. Compare file sizes and analyze
inconsistencies.
3. Detect manipulated pixels or audio
waveforms.

2.2.7️Cloud Forensics
With the rise of cloud storage, forensic
analysts must investigate virtual
environments and online services.
Cloud Data Collection
 Analyzing AWS, Google Drive, and
Microsoft 365 logs.
 Identifying unauthorized logins or file
modifications.
 Tools: AWS CloudTrail, Microsoft
Security Center, Magnet AXIOM
Cloud
Steps:
1. Collect logs from cloud services.
2. Analyze API access records and
timestamps.
3. Detect unauthorized data transfers.
2.2.8️Anti-Forensics and
Countermeasures
Criminals use anti-forensic techniques to
evade detection. Analysts must identify and
counter these techniques.
Anti-Forensic Methods & Detection
Anti-Forensic Detection
Technique Countermeasure
File wiping Recover fragments using
(secure deletion) Scalpel, Autopsy
Use memory analysis to
Encryption
extract keys
Timestamp Cross-check logs and
manipulation metadata
Analyze file
Steganography inconsistencies with
StegExpose
Anti-forensic Detect with YARA rules
malware and dynamic analysis
2.3 Operating System Artifacts in
Computer Forensics
Operating system (OS) artifacts are crucial
sources of forensic evidence, containing
records of user activities, application usage,
system configurations, and security logs. By
analyzing OS artifacts, forensic investigators
can reconstruct events, track user actions,
and detect malicious activities.

2.3.1 Windows OS Artifacts

Windows systems generate various artifacts
that store user activity and system logs.
These artifacts are useful for investigating
security incidents, data breaches, and
forensic cases.
A. Windows Registry
The Windows Registry is a hierarchical
database that stores system settings, user
preferences, and software configurations.
🔹 Registry Hive Locations:
Purpos
Hive Location
e
NTUSE C:\Users\Username\ Stores
R.DAT NTUSER.DAT user
settings
, recent
files,
and
USB
 Purpos
Hive Location
e
history.
SAM Stores
(Securi user
ty account
C:\Windows\System32\
Accoun credenti
config\SAM
ts als
Manage (hashed
r) ).
Tracks
system
C:\Windows\System32\ startup
System
config\SYSTEM settings
and
drivers.
Lists
installe
d
applicat
Softwar C:\Windows\System32\
ions
e config\SOFTWARE
and
user
settings
.
🔹 Important Registry Keys for
Forensics:
Purp
Key Path
ose
Track
s
conn
HKEY_LOCAL_MACHINE\SYSTEM\
ected
MountedDevices
USB
devic
es.
Store
s
HKEY_CURRENT_USER\Software\ recen
Microsoft\Windows\CurrentVersion\ tly
Explorer\RecentDocs open
ed
files.
HKEY_LOCAL_MACHINE\SYSTEM\ Lists
CurrentControlSet\Services instal
led
servi
ces
(pote
ntial
malw
 Purp
Key Path
ose
are
persi
stenc
e).
Store
s
progr
ams
HKEY_LOCAL_MACHINE\SOFTWARE\
set to
Microsoft\Windows\CurrentVersion\Run
launc
h at
start
up.
Forensic Tools for Registry Analysis:
 RegRipper – Extracts and analyzes
registry keys.
 Registry Explorer – Allows in-depth
examination of registry hives.

B. Windows Event Logs

Windows logs capture security events, user
authentication attempts, and system
changes.
🔹 Key Log Files & Locations:
Log Purpo
File Location
Name se
Record
s login
Securi attemp
C:\Windows\System32\
ty ts,
winevt\Logs\Security.evtx
Logs policy
change
s.
Captur
es
Syste hardwa
C:\Windows\System32\
m re
winevt\Logs\System.evtx
Logs failures
, driver
issues.
Tracks
softwar
Applic e
C:\Windows\System32\
ation crashe
winevt\Logs\Application.evtx
Logs s,
update
s.
Setup C:\Windows\System32\ Logs
Logs winevt\Logs\Setup.evtx system
Log Purpo
File Location
Name se
installa
tions,
update
s.
Forensic Tools for Log Analysis:
 Event Log Explorer – Extracts Windows
logs.
 LogParser – Queries logs using SQL-like
commands.

C. Windows Prefetch Files

Windows Prefetch files store execution
history of recently launched applications.
🔹 Location: C:\Windows\Prefetch\
🔹 Purpose:
 Contains metadata about program
execution (timestamps, file paths).
 Helps detect unauthorized program
execution or malware activity.
 File names follow the format:
PROGRAMNAME.EXE-XXXXXXXX.pf
Forensic Tools for Prefetch Analysis:
 WinPrefetchView – Displays detailed
Prefetch file information.
 PECmd – Extracts and analyzes Prefetch
metadata.

D. Windows Jump Lists

Jump Lists store recently accessed files and
applications.
🔹 Location:
 C:\Users\Username\AppData\Roaming\
Microsoft\Windows\Recent\
AutomaticDestinations\
 C:\Users\Username\AppData\Roaming\
Microsoft\Windows\Recent\
CustomDestinations\
🔹 Purpose:
 Tracks file access history and user
behavior.
 Useful in insider threat investigations.
Forensic Tools for Jump List Analysis:
 JLECmd (Jump List Explorer
Command Line Tool)
E. Windows LNK Files (Shortcuts)
Windows automatically creates LNK
(shortcut) files for recently accessed
documents.
🔹 Location: C:\Users\Username\AppData\
Roaming\Microsoft\Windows\Recent\
🔹 Purpose:
 Stores file paths, timestamps, and
metadata.
 Useful for reconstructing user activity.
Forensic Tools for LNK File Analysis:
 LECmd (LNK Explorer Command Line
Tool)

2.3.2️ Linux OS Artifacts

Linux systems store valuable forensic
artifacts in log files, configuration files, and
shell histories.
A. Bash Command History
🔹 Location:
 ~/.bash_history – Stores a history of user
commands.
  /var/log/auth.log – Tracks user logins and
sudo commands.
Forensic Significance:
 Reveals executed commands, system
modifications, malware activity.
 Helps detect privilege escalation attacks.

B. System Log Files

Linux logs all system events in /var/log/.
🔹 Key Log Files:
Log File Location Purpose
Tracks user
Authenticati /var/log/
logins and sudo
on Logs auth.log
commands.
/var/log/ Stores general
System Logs
syslog system events.
Logs kernel
/var/log/
Kernel Logs activity and
kern.log
driver issues.
Tracks SSH
/var/log/ logins and
Secure Logs
secure authentication
failures .
Forensic Tools for Linux Log Analysis:
 grep, awk, sed – Extract specific log
entries.
 Logwatch – Summarizes log activity.

C. User Activity Tracking

🔹 Key Files:
 ~/.ssh/authorized_keys – Lists SSH keys
for remote access.
 /etc/passwd & /etc/shadow – Stores user
account information.
 /var/spool/cron/crontabs/ – Stores
scheduled cron jobs.
Forensic Significance:
 Detects unauthorized access, privilege
escalation.
 Identifies malicious cron jobs
(persistence mechanisms).

2.3.3 macOS OS Artifacts

macOS forensic artifacts share similarities
with Linux but have unique storage
locations.
A. User Activity Tracking
 TCC.db (Transparency, Consent, and
Control Database):
o Stores app permission settings.
o Location: /Library/Application
Support/com.apple.TCC/TCC.db
 Unified Logs:
o macOS logs system and application
events.
o Location: /var/db/diagnostics/
Forensic Tools for macOS Analysis:
 mac_apt – Extracts macOS artifacts.
 macOS Unified Log Parser – Analyzes
system logs.

Conclusion
Operating system artifacts provide critical
insights into user activities, application
usage, security events, and system
modifications.
Windows: Registry, Event Logs, Prefetch,
Jump Lists, LNK Files.
Linux: Bash History, System Logs, User
Activity Files.
macOS: TCC.db, Unified Logs, System
Preferences.
By analyzing these artifacts, forensic
investigators can reconstruct cybercrimes,
detect unauthorized access, and provide
evidence for legal cases.
2.4 Reporting and Documentation in
Computer Forensics
Importance of Reporting &
Documentation
Reporting and documentation are crucial in
computer forensics investigations as
they ensure:
A clear and structured record of findings.
Legal admissibility of evidence in court.
Reproducibility for future analysis.
Accountability and credibility of forensic
work.

2.4. 1. Key Components of a Forensic

Report
A computer forensic report must be
clear, concise, and well-organized. Below
are the essential components:
🔹 1.1 Cover Page
 Case Title (e.g., "Digital Forensic
Analysis Report for Case XYZ")
 Case Number
 Date of Report
 Investigator’s Name & Contact
Information
 Organization/Agency Name

🔹 1.2 Executive Summary

A brief overview of the case, including:
 Why the investigation was conducted.
 Key findings.
 Any significant conclusions.
Example:
"This report presents the forensic analysis of
a suspect’s laptop seized in a cyber fraud
case. The investigation revealed
unauthorized financial transactions and the
presence of malicious software."
🔹 1.3 Case Background & Objectives
 Case Description: Nature of the case
(e.g., data theft, malware attack).
 Requesting Party: Who requested the
investigation (e.g., law enforcement,
corporate security team).
 Scope of Investigation:
o What evidence was examined?
o What questions need to be
answered?
Example:
"The forensic investigation aims to
determine if unauthorized data exfiltration
occurred and identify the responsible party."

🔹 1.4 Tools & Methodologies Used

 Forensic Tools Used (e.g., FTK Imager,
Autopsy, Volatility, Wireshark).
 Evidence Acquisition Methods (e.g.,
disk imaging, live forensics).
 Analysis Techniques (e.g., file
recovery, memory analysis).
Example Table:
Tool
Purpose
Used
FTK
Disk Imaging
Imager
File Recovery & Timeline
Autopsy
Analysis
Volatility RAM Analysis
Wireshar
Network Traffic Analysis
k

🔹 1.5 Evidence Collection & Chain of

Custody
 How evidence was acquired (e.g.,
disk cloning, memory dump).
 Who handled the evidence (log every
step).
 Evidence Hash Values (MD5, SHA-256
for integrity).
Example Chain of Custody Table:
Handle Action Evidenc
Date/Time
r Taken e ID
2024-01-30 John Acquired EVID-001
 Handle Action Evidenc
Date/Time
r Taken e ID
10:00 AM Doe disk image
2024-01-30 Jane Verified
EVID-001
11:00 AM Smith hash values

🔹 1.6 Findings & Analysis

 Recovered Files & Artifacts (e.g.,
deleted files, registry entries, log files).
 Timeline of Events (What happened,
and when).
 Suspicious Activities (e.g., malware
execution, unauthorized logins).
Example Findings:
 USB device XYZ was connected at 2024-
01-28 14:15:00.
 A deleted file (financial_data.xlsx) was
recovered from C:\Users\Admin\
Documents\.
 Suspicious remote access from IP
192.168.1.100 detected.
Evidence Screenshots: Include
screenshots from forensic tools to support
findings.

🔹 1.7 Conclusion & Recommendations

 Summary of Findings (What was
discovered).
 Final Conclusion (Was there a security
breach? Who was responsible?).
 Recommendations for Prevention
(e.g., stronger access controls, log
monitoring).
Example:
"The investigation confirms that
unauthorized data was copied to an external
USB device. It is recommended to
implement USB device restrictions and
enable logging to track file transfers."

🔹 1.8 Appendix (Supporting Evidence)

 Raw Data Extracts (Log files, Registry
dumps).
 Additional Technical Details (File
hashes, full timelines).
  Glossary of Technical Terms (for non-
technical readers).
Example:
File Name SHA-256 Hash
A1B2C3D4E5F6G7H8I
disk_image.E01
9J0
memory_dump.r 9F8E7D6C5B4A3C2D1
aw E0F

2.4. 2. Best Practices for Forensic

Documentation
Maintain Original Evidence – Work on
forensic copies, not the original data.
Use Standardized Formats – Ensure
reports follow legal and forensic standards
(ISO 27037, NIST).
Record Every Step – If it's not
documented, it didn't happen in court.
Preserve Data Integrity – Use
cryptographic hashing (MD5, SHA-256).
Write Clearly – Avoid technical jargon if
reporting to non-technical audiences.
2.4. 3. Sample Forensic Report
Template

SAMPLE Digital Forensic Investigation

Report

1. Cover Page
 Case Title: [Enter Case Title]
 Case Number: [Enter Case Number]
 Date of Report: [Enter Date]
 Investigator Name(s): [Enter
Investigator Name(s)]
 Organization/Agency: [Enter
Organization Name]

2. Executive Summary
This report provides an analysis of digital
evidence collected in relation to [case
description]. The investigation utilized
forensic tools such as [list tools] to examine
[evidence type]. The findings indicate [brief
summary of findings].

3. Case Background & Objectives

 Case Description: [Describe the case
background and nature of the
investigation]
 Requesting Party: [Who requested the
forensic investigation]
 Scope of Investigation:
o Identify [specific goals, e.g.,
unauthorized access, data theft]
o Analyze [specific devices, logs, or
files]
o Preserve integrity of digital evidence

4. Tools & Methodologies Used

Tool Purpose
FTK Disk Imaging
Tool Purpose
Imager
Autopsy File Recovery
Volatility Memory Forensics
Wireshar Network Traffic
k Analysis
RegRippe Windows Registry
r Analysis

5. Evidence Collection & Chain of

Custody
 Evidence Acquisition Date: [Enter
Date]
 Hash Verification: [MD5/SHA-256 Hash
Values]
 Evidence Details:
Date
Evidenc Acquired Hash
Type &
e ID By Value
Time
Hard
[EVID- [Investigato
Drive [Date] [Hash]
001] r Name]
Image
[EVID- RAM [Investigato [Date] [Hash]
 Date
Evidenc Acquired Hash
Type &
e ID By Value
Time
002] Dump r Name]

6. Findings & Analysis

6.1 File System & Deleted Data
Analysis
 Recovered [number] deleted files from
[drive location]
 File metadata indicates last accessed on
[timestamp]
 No evidence of file tampering found /
Evidence of unauthorized modifications
detected
6.2 Memory Analysis
 Active processes detected: [List
suspicious processes]
 Signs of malware execution: [Yes/No]
 Extracted encryption keys: [Yes/No]
6.3 Windows Registry & User Activity
 USB devices connected:
o Device ID: [XYZ]
 o Connection Time: [Timestamp]
 Recent program execution:
o [Program Name] - [Timestamp]
 Login activity:
o User: [Username]
o Last Login: [Timestamp]
6.4 Network Traffic Analysis
 Suspicious IP connections detected:
o [List IPs and their destinations]
 Unauthorized data exfiltration: [Yes/No]
 Network protocols analyzed: [HTTP, FTP,
etc.]

7. Conclusion & Recommendations

7.1 Summary of Findings
 [Summarize key discoveries]
 [Indicate whether suspicious/malicious
activity was confirmed]
7.2 Final Conclusion
 Based on the evidence, it is concluded
that [Final verdict - e.g., "Unauthorized
access was confirmed"].
7.3 Recommendations
 Implement stronger access control
measures.
 Enable logging and monitoring for
[specific activities].
 Conduct regular forensic audits.

8. Appendix (Supporting Evidence &

Screenshots)
 Screenshots of findings from forensic
tools
 Hash verification results
 Extracted registry entries or log file
contents

Prepared by: [Investigator Name]

Date: [Date]
End of Report

2.5 OpenVAS: Vulnerability Assessment

and Management
What is OpenVAS?
OpenVAS (Open Vulnerability Assessment
System) is an open-source tool for
vulnerability scanning and
management. It helps identify security
weaknesses in systems, applications, and
network infrastructure.
Key Features:
 Comprehensive Vulnerability
Scanning (Supports over 50,000+
vulnerability tests)
 Regularly Updated Database (Feeds
from the Greenbone Community)
 Automation & Scheduling (Run scans
periodically)
 Web-based Dashboard (User-friendly
interface)
 Customizable Scan Policies

1. Installing OpenVAS
OpenVAS is part of Greenbone
Vulnerability Management (GVM) and
can be installed on Linux.
Installation on Kali Linux
1️Update system packages:
sudo apt update && sudo apt upgrade -y
2️Install OpenVAS:
sudo apt install openvas -y
3️Initialize OpenVAS:
sudo gvm-setup
4️Start the services:
sudo gvm-start
5️Get the admin password:
sudo gvm-admin-pass
6️Access the Web UI at:
https://127.0.0.1:9392

2. Running a Vulnerability Scan

Step 1: Logging into OpenVAS
 Open your browser and go to
https://127.0.0.1:9392
 Enter the admin credentials generated
earlier
Step 2: Creating a Scan Task
1️Navigate to Scans → Tasks → New Task
2️Enter Target Details (IP, hostname)
3️Choose a Scan Configuration (Full and
Fast recommended)
4️Click Start Scan
Step 3: Viewing Scan Results
 Go to Scans → Reports
 Click on the scan to view detected
vulnerabilities
 Each vulnerability has a CVSS Score
(Severity level)

3. Interpreting Scan Results

🔹 Understanding CVSS Scores
Severi CVSS
Risk Level
ty Score
Low 0.1 - 3.9 Minimal Risk
Mediu
4.0 - 6.9 Moderate Risk
m
High 7.0 - 8.9 Critical Concern
Immediate Action
Critical 9.0 - 10.0
Required
Example Vulnerabilities Found:
 CVE-2023-XXXX: Outdated Apache
server version (High Risk)
  CVE-2022-YYYY: Weak SSH
authentication settings (Medium Risk)

4. Mitigation & Security

Recommendations
Patch & Update Systems (Apply latest
security patches)
Enforce Strong Authentication (Use MFA,
disable weak protocols)
Network Segmentation (Restrict access to
critical assets)
Monitor & Re-scan Regularly (Schedule
periodic scans)

Conclusion
OpenVAS is a powerful vulnerability
scanner for organizations to identify and
mitigate security risks. Regular scanning
helps in proactive cybersecurity defense.

2.6 OPENVAS:- SCANNING & REPORTING

Create a Target to Scan
1. Login to Greenbone Security
Assistant (GSA) via the web interface.
 2. Go to Configuration > Targets and
click New Target.
3. Enter:
o Name: (Any meaningful name)
o Host(s): IP address or domain
o Port List: All IANA assigned TCP
(default)
4. Click Save.

3. Create and Run a Scan Task

1. Navigate to Scans > Tasks > New
Task.
2. Configure:
o Name: (Custom name for the task)
o Scan Targets: Select the previously
created target
o Scan Config: Choose one, e.g., Full
and Fast
3. Click Save, then Start the scan.

4. Monitor Scan Progress

Go to Scans > Tasks to see scan status.
  Queued: Waiting to start
 Running: Scan in progress
 Done: Scan completed

5. Generate Reports
1. After completion, go to Scans >
Reports.
2. Click on the report of your completed
scan.
3. Choose an export format:
o PDF: Formal report
o HTML: View in browser
o XML/CSV: Data analysis

6. Interpreting Results
 Vulnerability Score: Higher score =
higher risk
 CVE References: Links to known
vulnerabilities
 Fix Recommendations: Steps to
remediate security issues