Monday, May 20, 2019
Perform a Byte-Level Computer Audit Essay
1. What is the main purpose of a software animate being like WinAudit in computer forensics? dissolver WinAudit is a great free tool that will slip away you a comprehensive view of the components that make up your system, including hardware, software and BIOS.2. Which positions within WinAudits initial delineate would you consider to be of critical importance in a computer forensic investigation? manage Computer Name, OS, Security Settings for Windows Firew all, Drives, Running Programs, and Installed Programs and Versions.3. Could you run WinAudit from a flash drive or any opposite external media? If so, why is this important during a computer forensic investigation?Answer Yes, WinAudit is a take come on Application. Because if youre conducting audits on several computers, having the app on a Flash Drive rout out make the summons much easier and more time efficient.4. Why would you use a tool like DevManView while performing a computer forensic investigation?Answer DevManVi ew is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices diagnose of another computer on your network, as long as you have administrator access rights to this computer.5. Which item or items within DevManViews list would you consider to be of critical importance in a computer forensic investigation?Answer Most likely the Hdrives and USB storage devices and/or any other computer hardware on the network.6. What tool similar to DevMan View is already present in Microsoft Windows systems? Answer WinHEX is similar to DevMan.7. Why would someone use a HEX editor during a forensic investigation? Answer To see if the files and data recovered from the hard drive are original and authentic.8. What is the purpose of a software tool like WinHEX in computer forensics? Answer Its a tool that can rec overy important and sensitive data that has been deleted. This tool is also used for editing or lather the info from the drive.9. What was the proper extension of the file you analyzed using WinHEX? How did you find it? Answer 10. Why do you need to keep prove untampered? In order to guarantee legal admissibility? Answer For legal reasons. So, the evidence can be used in Court. If the evidence is not authentic, it can be thrown out of court.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.