Top-Rated Free Essay
Preview

Lab 1

Satisfactory Essays
414 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Lab 1
Keith Brown
IS 4670

Lab 1
Perform a Byte-Level Computer Audit

1. What is the main purpose of a software tool like WinAudit in computer forensics?

Answer: WinAudit is a great free tool that will give you a comprehensive view of the components that make up your system, including hardware, software and BIOS.

2. Which items within WinAudit’s initial report would you consider to be of critical importance in a computer forensic investigation?

Answer: Computer Name, OS, Security Settings for Windows Firewall, Drives, Running Programs, and Installed Programs and Versions.

3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation?

Answer: Yes, WinAudit is a portable Application. Because if you’re conducting audits on several computers, having the app on a Flash Drive can make the process much easier and more time efficient.

4. Why would you use a tool like DevManView while performing a computer forensic investigation?

Answer: DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer.

5. Which item or items within DevManView’s list would you consider to be of critical importance in a computer forensic investigation?

Answer: Most likely the Hdrives and USB storage devices and/or any other computer hardware on the network.

6. What tool similar to DevMan View is already present in Microsoft Windows systems?
Answer: WinHEX is similar to DevMan.

7. Why would someone use a HEX editor during a forensic investigation?
Answer: To see if the files and data recovered from the hard drive are original and authentic.

8. What is the purpose of a software tool like WinHEX in computer forensics?
Answer: It’s a tool that can recovery important and sensitive data that has been deleted. This tool is also used for editing or whipping the info from the drive.

9. What was the proper extension of the file you analyzed using WinHEX? How did you find it?
Answer: ??

10. Why do you need to keep evidence untampered? In order to guarantee legal admissibility?
Answer: For legal reasons. So, the evidence can be used in Court. If the evidence is not authentic, it can be thrown out of court.

You May Also Find These Documents Helpful

  • Satisfactory Essays

    the results of each. FTP is a protocol that is used extensively in business and social…

    • 381 Words
    • 3 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Forensics2E Lab02 AW

    • 256 Words
    • 2 Pages

    1. Why is the unallocated space of a Windows system so important to a forensic…

    • 256 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Class characteristics pair a characteristic to a whole group, while individual characteristics pair a characteristic to a single person.…

    • 576 Words
    • 2 Pages
    Good Essays
  • Good Essays

    Lab 1

    • 822 Words
    • 4 Pages

    For security. Once a disk is divided into several partitions, directories and files of different categories may be stored in different partitions.…

    • 822 Words
    • 4 Pages
    Good Essays
  • Good Essays

    and identify the devices on the network and the operating systems and services running on them.…

    • 652 Words
    • 4 Pages
    Good Essays
  • Good Essays

    2. What three aspects does a forensic autopsy seek information about? Describe each of these aspects?…

    • 776 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Assignment5

    • 285 Words
    • 1 Page

    The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.…

    • 285 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    U5 9B

    • 316 Words
    • 1 Page

    6. Which new forensic technology discussed in the video do you think will have the greatest impact on forensic science? Why?…

    • 316 Words
    • 1 Page
    Satisfactory Essays
  • Good Essays

    Case Project 5-3 & 5-5

    • 865 Words
    • 4 Pages

    Under the silver platter doctrine, evidence obtained by state agents in an unreasonable search and seizure was admissible in a federal criminal trial, where no federal agent participated in a search and seizure and the state officers did not act solely on behalf of the United States (Hills, 1999). Simply put, federal officers cannot allow state police to do the dirty work, and then claim that they did not violate search and seizure rights. By analogy, no government agent can stand by, allow a private citizen to violate search and seizure strictures on the government 's behalf, and then claim innocence as to the violation (Hills, 1999).…

    • 865 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Unit Three Text Questions

    • 512 Words
    • 2 Pages

    2. Which type of evidence do you think is most useful in an investigation? Why? I believe that the most useful…

    • 512 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Unit Two

    • 579 Words
    • 2 Pages

    2. Describe three ways that a crime scene can be recorded. What is a benefit of…

    • 579 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Sometimes there can be a sudden requirement to perform hard drive forensic examination. The goals of your forensic examination can be related to virtually any subject, since any type of case/action can take place. Sometimes many instances you may not always perform a full-scale investigation or “fishing expedition” when reviewing the contents of media; in other words, your forensic examination of media may include criteria that focuses and narrows your examination.…

    • 140 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Death and Bones

    • 440 Words
    • 2 Pages

    2. What three aspects does a forensic autopsy seek information about? Describe each of these aspects?…

    • 440 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Mondule 2

    • 462 Words
    • 2 Pages

    2. Describe three ways that a crime scene can be recorded. What is a benefit of each?…

    • 462 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    Forensic Science 1

    • 353 Words
    • 2 Pages

    1. Why do you think it is so important to use proper methods when collecting evidence from a crime scene?…

    • 353 Words
    • 2 Pages
    Satisfactory Essays