top-rated free essay

Assignment unit 3

By davico19 Jun 14, 2015 664 Words

Assignment Unit 3
Part I Hands-On Steps
Part 1: Use WinAudit to inventory the vWorkstation
1. Figure 1 shows screen shot of system overview using WinAudit a. Figure 1

2. Figure 2 shows screen shot of Windows Firewall findings.
b. Figure 2

3. Figure 3 shows screen shot of user accounts findings.
c. Figure 3

4. Figure 4 shows screen shot of Drive C findings.
d. Figure 4

5. Figure 5 shows screen shot of Physical Disk.
e. Figure 5

Part 2: Use DenManView to identify system devices
1. Figure 1 show screen capture of CDROM and System CMOS/real time clock. . Figure 1

There are 89 devices identified by DenManView.
Part 3: Use Frhed to perform a byte-level file analysis
1. Figure 1 shows screen shot of Frhed view of
. Figure 1

2. Figure 2 shows screen shot of target.jpg file.
. Figure 2

3. Figure 3 shows screen shot of entire contents of the file properties dialog box. . Figure 3

Part II Lab Assessment Questions & Answers
1. What is the main purpose of a software tool like WinAudit in computer forensics? WinAudit is a GUI based tool that reports on a numerous aspects of running system, inclduign both volatile and non-volatile information, providing computer inventory and system configuration (Aquilina, J., & Casey, E., 2008). 2. Which item(s) generated by WinAudit would be of critical importance in a computer Forensic investigation? I will say that some of the most important items in a computer for a forensic investigation are: Drivers, running programs, installed programs, operating system, computer name, security setting and configurations, and firewall configurations. 3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation? Yes, we can run WinAudit from a flash drive. Its important during a computer forensic investigation because it would prevent alter any important evidence. 4. Why would you use a tool like DevManView while performing a computer forensic investigation? I would use DevManView because it displays the properties of all devices running in a computer that is using my network. 5. Which item(s) available from DevManView would be of critical importance in a computer forensic investigation? The item available form DevManView that are important in a computer forensic investigation are mostly hardware, and most likely they are Hardrive and USB devices that its been use within the network. 6. What tool similar to DevManView is already present in Microsoft Windows systems? Another tool similar to DevManView that is used in Microsoft Windows systems is WinHEX 7. Why would someone use a Hex editor during a forensic investigation? A forensic investigator need Hex editor for analyzing file structures allowing him to go beyond the application or file, and it will allows for the viewing of all the data contained within a file including remnant of old file or even deleted files (Marcella, A., & Guillossou, F., 2012). 8. What “clue” in the Frhed examination of led you to the correct extension for that file? The “clue” that led me to correct the Frhed examination of was the Target.jpeg. 9. Describe the contents of the target.jpg file, and the application in which it opens. The content of the target.jpg file is a picture of a fingerprint, which let us to view the hexadecimal file as an image. The application in which it opens was Windows Photo Viewer. 10. Why do you need to keep evidence unaltered?

It’s important that we kept evidence unaltered for admissible purposes. If the evidence it’s altered it could become inadmissible in a court, changing the path and result of a digital forensic case.

Aquilina, J., & Casey, E. (2008). Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System. In Malware forensics investigating and analyzing malicious code. Burlington, MA: Syngress Pub.

Marcella, A., & Guillossou, F. (2012). The Power of HEX. In Cyber forensics: From data to digital evidence. Hoboken, New Jersey: Wiley.

Cite This Document

Related Documents

  • Unit 59 Assignment 3

    ...Unit 59-Assignment 3 Task 1 The process of how the subroutine works within an operating environment is as follows. While the main part of the program is running, there will be a call command sent to the CPU to tell it to stop wherever the program is at, store the W, Z and status along with where in the main program the CPU is at in the stack. Th...

    Read More
  • unit 3 assignment 4

    ... Unit 3 Mica Shufflebotham Introduction to Marketing Assignment 4 Cadburys Dairy Milk chocolate- Information sheet 1 Customers and consumers A person that purchases for the product or service is a customer, whereas the consumer is the ultimate user of the product or service. A person can be both the customer and consumer. Thi...

    Read More
  • unit 3 assignment 3

    ...Chapter 3 Review 1. Which of the following is true about a TCP/IP network? A) The network uses only standards defined in TCP/IP RFCs. 2. Which of the following terms is not a common synonym for TCP/IP model? (Choose two answers.) D) TCP/IP mapping and C) Ethernet 3. Think generically about the idea of a networking standard, ignoring any...

    Read More
  • Unit 3 Assignment

    ...Unit 3 Homework - Template Problem 1: Suppose that the supply schedule of Belgium Cocoa beans is as follows: Price of cocoa beans(per pound) | Quantity of cocoa beans supplied(pounds) | $40 | 700 | $35 | 600 | $30 | 500 | $25 | 400 | $20 | 300 | Suppose that Belgium cocoa beans can be sold only in Europe. The European de...

    Read More
  • Unit 3 Task 3 Assignment

    ...Wendie Lunn Unit 3 Health and Safety and Security Task 3 Risk Assessments A risk assessment is something that will be written up before an outing, the assessment covers what the risks are, who can be put at risk, where the risk could take place, when the risk is most likely to happen and how the risks will harm the service users. A risk ass...

    Read More
  • Unit 3 Assignment resubmission

    ...Unit 3 Assignment: Supporting children- Resubmission E1 E2 A1- There are many legislations today linked with working settings for children. One of these is The Health and Safety at Work Act 1974. This legislation covers the health and safety for work throughout Great Britain. It states on that The Health and Safety at Wor...

    Read More
  • Mt435 Unit 3 Assignment a disadvantage. Another disadvantage that I noticed is that all of their produces are made in house which affect their cost as well. When it comes to shipping they only have two means which is shipping (larger freight ships) and truck shipping. Although there profit margin may at times be less than 35% we also have to think if they operating ...

    Read More
  • pa110 unit 3 assignment

    ...Tanya Buckmaster PA101 Unit 3 Kaplan University December 2, 2014 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF ILLINOIS JUSTIN WILLIAM KING, ) ) Plaintiff. ) ) ) v. ) ) ANHEUSER-BUSCH COMPANIES, INC. ) ) Defendant. ) ____________________________________) COMPLAINT ...

    Read More

Discover the Best Free Essays on StudyMode

Conquer writer's block once and for all.

High Quality Essays

Our library contains thousands of carefully selected free research papers and essays.

Popular Topics

No matter the topic you're researching, chances are we have it covered.