1. What is the main purpose of a software tool like WinAudit in computer forensics?
Answer: WinAudit is a great free tool that will give you a comprehensive view of the components that make up your system, including hardware, software and BIOS.
2. Which items within WinAudit’s initial report would you consider to be of critical importance in a computer forensic investigation?
Answer: Computer Name, OS, Security Settings for Windows Firewall, Drives, Running Programs, and Installed Programs and Versions.
3. Could you run WinAudit from a flash drive or any other external media? If so, why is this important during a computer forensic investigation?
Answer: Yes, WinAudit is a portable Application. Because if you’re conducting audits on several computers, having the app on a Flash Drive can make the process much easier and more time efficient.
4. Why would you use a tool like DevManView while performing a computer forensic investigation?
Answer: DevManView is an alternative to the standard Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of another computer on your network, as long as you have administrator access rights to this computer.
5. Which item or items within DevManView’s list would you consider to be of critical importance in a computer forensic investigation?
Answer: Most likely the Hdrives and USB storage devices and/or any other computer hardware on the network.
6. What tool similar to DevMan View is already present in Microsoft Windows systems? Answer: WinHEX is similar to DevMan.
7. Why would someone use a HEX editor during a forensic investigation? Answer: To see if the files and data recovered from the hard drive are original and authentic.
8. What is the purpose of a software tool like WinHEX in computer forensics? Answer: It’s a tool that can recovery important and sensitive data that has been deleted. This tool is also used for editing or whipping the info from the drive.
9. What was the proper extension of the file you analyzed using WinHEX? How did you find it? Answer: ??
10. Why do you need to keep evidence untampered? In order to guarantee legal admissibility? Answer: For legal reasons. So, the evidence can be used in Court. If the evidence is not authentic, it can be thrown out of court.