Assessment Questions
1. What is the main purpose of a software tool like WinAudit in computer forensics?
A – It collects all the pertinent information on the computer and displays the complete comprehensive in the applicable groups and provides the computer forensics specialist a background on the computer and helps the specialist select the proper course of action.
2. Which item(s) WinAudit’s initial report would you consider to be of critical importance in a computer forensic investigation?
A – The items that would be of critical importance would be Security Log, Security Settings, Share Permissions, User Privileges, Error Logs, and lastly Windows Firewall.
3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation?
A – Yes, because the original hard drive of the computer being investigated cannot be altered during the investigation, so by running WinAudit from a flash drive or other external media means you do not tamper with the hard drive of the computer.
4. Why would you use a tool like DevManView While performing a computer forensic investigation?
A – Because it displays all devices and their properties in a flat table instead of a viewer tree and it also allows you to view the device list of another computer on your network.
5. Which item(s) within DevManView’s list would your consider to be of critical importance in a computer forensic investigation?
A – Optical drive, system clock and USB Mass Storage Device, Hard drives
6. What tool similar to DevManView is already present in Microsoft Windows systems?
A – Device Manager
7. Why would some use a HEX editor during a forensic investigation?
A – By using a hex editor, a user can see or edit the raw and exact contents of a file, as opposed to the interpretation of the same content that other, higher level application software may associate with the file format.
8. What is the purpose of a...