Scribd
Upload
11 views11 pages

Day 4 Quiz Task

The document outlines a Digital Detective Challenge quiz for a user named Shabbir Yamani, detailing various tasks related to computer diagnostics and system information retrieval. Each task includes the command used, method of execution, and explanations for the results obtained. The tasks cover aspects such as system hostname, original install date, memory usage, registry entries, modified files, network diagnostics, and startup applications.

Uploaded by

djsinging
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views11 pages

Day 4 Quiz Task

The document outlines a Digital Detective Challenge quiz for a user named Shabbir Yamani, detailing various tasks related to computer diagnostics and system information retrieval. Each task includes the command used, method of execution, and explanations for the results obtained. The tasks cover aspects such as system hostname, original install date, memory usage, registry entries, modified files, network diagnostics, and startup applications.

Uploaded by

djsinging
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

DAY 4 QUIZ TASK - Digital Detective Challenge [1st August 2025]

Name: Shabbir Yamani | +918088205427

-------------------------------------------------------------------------------------------------------
---

1. What is the hostname of your computer?

2. What is the original install date of your operating system?

3. Which running process is currently using the most memory?

4. In the Windows Registry, under HKEY_CURRENT_USER\Software\


Microsoft\Windows\CurrentVersion\Explorer\UserAssist, how many
entries are present inside the "Count" folder?

5. Find a system file or folder on your computer that was last modified
today. What was modified, and what do you think caused the
modification?

6. When you ping a website (for example, google.com), what is the


average response time?

7. On your system, identify one application that is enabled to launch at


startup but may not be necessary for everyday use.

8. Run a traceroute (or tracert) to google.com. How many hops does it


take to reach the destination?

9. Check which ports are currently listening on your machine. Identify one
unnecessary open port and which service is using it.

10. Find the MAC address of your machine and identify the first three
bytes (OUI). What manufacturer does it belong to?

Windows PowerShell or Command Prompt, following your requested


format:

✅ 1. What is the hostname of your computer?

 Command used: hostname

 Method (What you did): Opened Command Prompt and typed


hostname.

 Screenshot: Upload a clear screenshot showing the terminal, the


command, and the result.

 Explanation: “I used the hostname command to display the name of


my computer on the network.”

✅ 2. What is the original install date of your operating system? [note:


bonus list at the end]

 Command used: systeminfo | find "Original Install Date"

 Method (What you did): Opened Command Prompt and ran


systeminfo, filtered for install date.

 Screenshot: Upload a screenshot showing the install date.

 Explanation: “I used systeminfo output piped to ‘find’ out when


Windows was originally installed.”

✅ 3. Which running process is currently using the most memory?

 Command used: Get-Process | Sort-Object WorkingSet -Descending |


Select-Object -First 1

 Method (What you did): Opened PowerShell and listed processes


sorted by memory usage.

 Screenshot: Upload a screenshot showing the top memory-consuming


process.

 Explanation: “I used PowerShell to find the process using the most


RAM at the moment.” | I used the command to show the 1 st and all
processes to know names of the others for info.

Explanation of Each Column


Column Meaning
Number of object handles the process has open (files, threads, etc.). 0 here means it's not using
Handles
standard handles.
Non-paged memory in kilobytes. This is memory that cannot be swapped to disk. 0 means minimal
NPM(K)
kernel memory usage.
Paged memory in kilobytes. This is memory that can be written to disk if needed. 8156 KB is being
PM(K)
used.
Working Set in kilobytes. This is the amount of physical memory (RAM) the process is currently
WS(K)
using. 1793544 KB (~1.7 GB) is quite high.
Total processor time used by the process in seconds. It's blank here, possibly because the process is
CPU(s)
system-managed and doesn't report CPU time directly.
Id Process ID (PID). 3080 uniquely identifies this process.
SI Session ID. 0 means it's running in the system session, not tied to a user login.
Name of the process. Memory Compression is a system process that helps optimize RAM usage
ProcessName
by compressing unused memory pages.

✅ 4. Windows Registry: UserAssist Count folder entries [Anwer: 9]

 Command used: Open Windows Registry : Computer\


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\UserAssist

 Method (What you did): Opened Registry from Windows search or


[regedit from RUN] and navigated to the registry path to count entries.
 Screenshot: Upload a screenshot showing the number of entries.

 Explanation: “I checked the UserAssist registry key to see how many


programs have usage data stored.” I found 9 entries

 Importance:

o User Behavior Analysis: Helps reconstruct what the user


interacted with and when.

o Security Investigations: Can reveal if suspicious apps were


launched.

o System Usage Patterns: Useful for understanding which apps


are frequently used.

✅ 5. Find a system file or folder modified today

 Command used: Get-ChildItem -Recurse C:\Windows | Where-Object {


$_.LastWriteTime -gt (Get-Date).Date }

 Method (What you did): Used PowerShell to search for files modified
today in the Windows directory.

 Screenshot: Upload a screenshot showing the modified file(s).


 Explanation: “I searched for system files changed today. Likely


causes include updates or background services.”

 Windows Update Service: Downloads or installs updates.

 Scheduled Tasks: Background maintenance like disk cleanup or telemetry.

 Antivirus Scans: Writes logs or quarantine data.

 Application Launches: Prefetch files are updated when apps are opened.

 System Logging: Event logs and diagnostic logs are constantly updated.

o We can see files modified such as:

o C:\Windows\System32\LogFiles\...

o C:\Windows\Temp\...

o C:\Windows\SoftwareDistribution\...

o C:\Windows\Prefetch\...

o I used the Get-ChildItem command with a filter on LastWriteTime


to find files in the Windows directory that were modified today.
The results showed log files and temporary files, which were
likely updated due to system maintenance tasks, Windows
updates, or background services like antivirus scans.

✅ 6. Ping a website and get average response time

 Command used: ping google.com


 Method (What you did): Opened Command Prompt and pinged
Google.

 Screenshot: Upload a screenshot showing the ping results.

 Explanation: “I used ping to measure how long it takes to reach


Google. The average time is shown in the summary.”

o Average Response time: 38ms

✅ 7. Identify one startup application that may be unnecessary

 Command used: Get-CimInstance -ClassName


Win32_StartupCommand

 Method (What you did): Used PowerShell to list startup applications.

 Screenshot: Upload a screenshot showing the list.

 Explanation: “I reviewed startup apps and found one (e.g., Skype or


OneDrive) that isn’t essential for daily use.”

 Found unnecessary: {"C:\Users\shabb\AppData\Roaming\uTorrent


Web\utweb.exe" /MINIMIZED}

o  Not essential for system performance or productivity.


o  Consumes memory and bandwidth even when minimized.
o  Can slow down boot time and increase background network activity.
o  Potential security risk if not regularly updated or used responsibly.
 ACTIONS TAKEN:

 Press Ctrl + Shift + Esc

 Go to the Startup tab


 Right-click uTorrent Web

 Select Disable

✅ 8. Run a traceroute to google.com

 Command used: tracert google.com

 Method (What you did): Opened Command Prompt and ran tracert.

 Screenshot: Upload a screenshot showing the full traceroute.

 Explanation: “I used tracert to see how many network hops it takes to


reach Google.” Each hop represents a router or gateway that your
data passes through on its way to the destination

o The destination IP is: 142.251.37.238

o It was reached at hop 11

o ✅ Answer: 11 hops

✅ 9. Check listening ports and identify one unnecessary open port

 Command used: netstat -ano | find ":<port>" (Use without <port> to


list all)
 netstat -ano | findstr LISTENING
 Method (What you did): Used netstat to list open ports and matched
them with running services.
 Screenshot: Upload a screenshot showing the open ports. [cropped
full port numbers for security]

 Explanation: “I found port 135 open, used by RPC. It’s often


unnecessary and can be disabled for security.”

✅ 10. Find MAC address and identify manufacturer

 Command used: getmac

 Method (What you did): Opened Command Prompt and typed


getmac.

 Screenshot: Upload a screenshot showing the MAC address.

 Explanation: “I used getmac to find my MAC address. The first three


bytes (OUI) identify the manufacturer, which I looked up online.”
o ✅ 1. MAC Address: [14-75-5B-XX-XX-XX]

o OUI (First 3 bytes): 14-75-5B

o Manufacturer: Intel Corporation

o Details: Intel registered this MAC prefix on December 30, 2021. It


belongs to a large block (MA-L) of ~16 million addresses.

 ✅ 2. MAC Address: 08-8F-C3-CB-53-CA (Media disconnected) [physical


lan port]

o OUI (First 3 bytes): 08-8F-C3

o Manufacturer: COMPAL INFORMATION (KUNSHAN) CO., LTD.

o Details: Registered on March 10, 2023. Compal is a major OEM


manufacturer, often producing hardware for brands like Dell, HP,
and Lenovo.

BONUS FOR GENERAL KNOWLEDGE:

Here are several useful combinations of the systeminfo command with find
or findstr that you can use in Command Prompt or PowerShell to extract
specific system details:

✅ Common systeminfo | find / findstr Combinations

Comman
Purpose
d

Original Install Date `systeminf find "Original Install Date"`


Comman
Purpose
d

`systeminf
System Boot Time find "System Boot Time"`
o

`systeminf
OS Name find "OS Name"`
o

`systeminf
OS Version find "OS Version"`
o

`systeminf
System Manufacturer find "System Manufacturer"`
o

`systeminf
System Model find "System Model"`
o

`systeminf
System Type find "System Type"`
o

`systeminf
Processor Info find "Processor"`
o

`systeminf
BIOS Version find "BIOS Version"`
o

Total Physical `systeminf


find "Total Physical Memory"`
Memory o

Available Physical `systeminf find "Available Physical


Memory o Memory"`

Virtual Memory Max `systeminf find "Virtual Memory: Max


Size o Size"`

`systeminf
Domain find "Domain"`
o

`systeminf
Hotfixes Installed find "Hotfix(s)"`
o
Comman
Purpose
d

`systeminf
Time Zone find "Time Zone"`
o

`systeminf
Windows Directory find "Windows Directory"`
o

`systeminf
System Locale find "System Locale"`
o

`systeminf
Input Locale find "Input Locale"`
o

Took Help from CoPilot to format and give more details and explanation for
better understanding:
PROMPT USED:
answer the following questions in this format: [example]

• ✅ 1. Command used: whoami

• ✅ 2. Method (What you did): Opened terminal and typed whoami.

• ✅ 3. Screenshot: Upload a clear screenshot showing the terminal, the


command, and the result.

• ✅ 4. Explanation (in your own words): “I used the ‘whoami’ command in


the terminal to check which user account is currently logged in.”

Questions: [put list of questions]

You might also like