1. What is the chief intent of a package tool like WinAudit in computing machine forensics?
Answer: WinAudit is a great free tool that will give you a comprehensive position of the constituents that make up your system. including hardware. package and BIOS.
2. Which points within WinAudit’s initial study would you see to be of critical importance in a computing machine forensic probe?
Answer: Computer Name. OS. Security Settings for Windows Firewall. Drives. Runing Programs. and Installed Programs and Versions.
3. Could you run WinAudit from a brassy thrust or any other external media? If so. why is this of import during a computing machine forensic probe?
Answer: Yes. WinAudit is a portable Application. Because if you’re carry oning audits on several computing machines. holding the app on a Flash Drive can do the procedure much easier and more clip efficient.
4. Why would you utilize a tool like DevManView while executing a computing machine forensic probe?
Answer: DevManView is an alternate to the standard Device Manager of Windows. which displays all devices and their belongingss in level tabular array. alternatively of tree spectator. In add-on to exposing the devices of your local computing machine. DevManView besides allows you view the devices list of another computing machine on your web. every bit long as you have administrator entree rights to this computing machine.
5. Which point or points within DevManView’s list would you see to be of critical importance in a computing machine forensic probe?
Answer: Most likely the Hdrives and USB storage devices and/or any other computing machine hardware on the web.
6. What tool similar to DevMan View is already present in Microsoft Windows systems? Answer: WinHEX is similar to DevMan.
7. Why would person utilize a HEX editor during a forensic probe? Answer: To see if the files and informations recovered from the difficult thrust are original and reliable.
8. What is the intent of a package tool like WinHEX in computing machine forensics? Answer: It’s a tool that can recovery of import and sensitive informations that has been deleted. This tool is besides used for redacting or floging the info from the thrust.
9. What was the proper extension of the file you analyzed utilizing WinHEX? How did you happen it? Answer: ? ?
10. Why do you necessitate to maintain grounds untampered? In order to vouch legal admissibility? Answer: For legal grounds. So. the grounds can be used in Court. If the grounds is non reliable. it can be thrown out of tribunal.