Unit 1 Lab 1 – Perform a Byte-Level Computer Audit
1. What is the main purpose of a software tool like WinAudit in computer forensics?
a. WinAudit is an inventory program for computers. Its function is to make a full report of a computer's configuration, software, and hardware.
2. Which item(s) within WinAudit’s initial report would you consider to be of critical importance in computer forensic investigation?
a. Open Ports. For each open port, a table of information will display the following data: Protocol, Address, Name, Connection State, Process Name, Manufacture, etc.
b. Computer Name, OS, Security Settings for Windows Firewall, Drives, Running Programs, and Installed Programs and Versions.
3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation?
a. Yes you can run WinAudit from a flash drive or any other external media. This important because you are not installing anything on the hard drive that would alter the state of the drive.
4. Why would you use a tool like DevManView while performing a computer forensic investigation?
a. It allows you to see all of the items that are installed on the system. From the operating system to the drivers and what the BIOS version is.
b. Determining times and dates, what flash/jump drives might be plugged in, and any CDs, DVDs, or Blu-Ray disks are in the disk drives.
5. Which item(s) within DevManView’s list would you consider to be critical importance in a computer forensic investigation?
a. Optical Drive(s), USB Mass Storage Devices
6. What tool similar to DevManView is already present in Microsoft Windows systems?
a. WinHEX is not present in Windows systems. Device Manager
7. Why would someone use a HEX editor during a forensic investigation?
a. To determine deliberately mislabeled files that someone is attempting to hide.
8. What is the...