Lab 4 - Report file
docx
keyboard_arrow_up
School
Saint Leo University *
*We aren’t endorsed by this school
Course
452
Subject
Communications
Date
Apr 3, 2024
Type
docx
Pages
5
Uploaded by hnmathewson
Lab 4:
Creating a Forensic System Case File for Analyzing Forensic Evidence
Hannah Mathewson
Computer Forensics
COM-452-OL01
Professor James Jones
February 11, 2024
Section 1: Hands-On Demonstration
Part 1: Explore Paraben’s E3
16.) In the Lab Report file, briefly describe the contents of the Root folder.
Answer:
It shows the Documents and Settings, Program Files, Recycler, and Windows folder.
17.) Make a screen capture showing the contents of the Root folder and paste it into your Lab Report file.
Section 2: Applied Learning
Part 1: Explore Paraben’s E3
9.) In the Lab Report file, briefly describe the contents of the Root folder.
Answer:
It has the Recycler, Program Files, Windows folder, Documents, and Seettings.
10.) Make a screen capture showing the contents of the Root folder and paste it into your Lab Report file.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Section 3: Lab Challenge and Analysis
Part 1: Analysis and Discussion
1.) When creating a digital forensic case file, why might it be important to be as thorough as possible in filling out the Case Properties fields.
It is always important to be as thorough as possible when filling out the Case Properties fields because these fields help investigators locate and reference evidence that has been saved for a case.
Part 2: Tools and Commands
1.) Using E3, explore the evidence_drive.e01.E01 digital evidence file (C:\ISSA_TOOLS\
ForensicTools\evidence_drive.e01.E01) and identify the user accounts on the image. Make a screen capture showing all accounts.
Part 3: Challenge Exercise
Make a screen capture showing the evidence_drive.e01.E01 Root folder in the forensic tools available on the vWorkstation.
a. Use FTK Imager to load the digital evidence file (C:\ISSA_TOOLS\ForensicTools\
evidence_drive.e01.E01) and navigate to the Root drive. Make a screen capture showing the Root folder.
b. Use EnCase Imager to load the digital evidence file (C:\ISSA_TOOLS\ForensicTools\
evidence_drive.e01.E01) and navigate to the C drive. Make a screen capture showing the C drive.