Unit 3 Assignment 1: Potential Sources of Data Modification
IS4670 – Cybercrime Forensics
ITT Technical Institute
Lab #3 Assessment Questions & Answers
1. What are the main questions that a forensic laboratory is bound to discover?
The Forensic Laboratory's aim at discovering the "who, what, when, where, why, and how” of forensic evidence.
2. Could the regular IT 'build center' lab be used also as a forensic laboratory?
No, the Forensic Laboratory should be a place on its own. It must be separated from the normal workplace to securely perform the forensic analyses without the possibility of alterations and to securely track and store evidence.
3. When should you start the “Chain of Custody” process?
From the time that evidence is collected until it is presented in a court of law, it is crucial that the court mandated requirements for “Chain of Custody” of evidence are met.
4. What requirements are necessary to house evidence?
The forensic lab must accommodate a means of continuous document tracking, as well as provide an accepted secure means of housing evidence at proper environmental conditions at all times. If a defense attorney can prove that a continuous chain of custody of evidence has been broken, that evidence will be inadmissible in court.
5. Is Paraben P2 Commander a multithreaded application?
P2 Commander is multi-threaded application which allows for HW maximization and efficiency.
6. Name one open source and one commercial source that could be used to perform similar forensics to Paraben P2 Commander.
Access Data, FTK, or Encase for commercial and Autopsy for open source
7. What is a “dd” file?
A unix program designed to copy and convert raw data. Used in computer forensics to copy data from a hard drive to another location to be used for computer forensic investigations.
8. Does Paraben’s P2 Commander allow you investigate a laptop with a 64 bit operating system?
Yes, a 64 bit operating...