Lab #2: Documenting a Workstation Configuration Using
Common Forensic Tools
Assessment Questions

1. What is the main purpose of a software tool like WinAudit in computer forensics?

It cllects all the pertinernt information on the computer and displays the complete comprehensive in the applicable groups and provides the computer forensics specialist a background on the computer and helps the specialist selcet the proper course of action.

2. Which item(s) generated by WinAudit would be of critical importance in a computer forensic investigation?

The items that would be of critical importance would be Security Log, Security settings, Share permissions, User Privileges, Error Logs and Windows Firewall.

3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation?

Yes you can ran WinAudit from a flash drive or any other exturnal media. This is important because you are not installing anything on the hard drive that would alter the state of the drive.

4. Why would you use a tool like DevManView while performing a computer forensic investigation?

It allows you to see all of the items that are installed on the system. From the Operating system to the drivers and what the BIOS version is.

5. Which item(s) available from DevManView would be of critical importance in a computer forensic investigation?

Optical Drive(s), USB Mass Storage Devices

6. What tool similar to DevManView is already present in Microsoft Windows systems?

WinHEX is not Present in Windows systems Device Manager

7. Why would someone use a Hex editor during a forensic investigation?

To determine deliberately mislabeled flies that somone is attemping to hide

8. What “clue” in the Frhed examination of led you to the correct extension for that file?

9. Describe the contents of the target.jpg file, and the application in which it opens.