Question

Lab Assessment Questions & Answers 1. What is the main advantage of a bootable forensic suite like Helix? 2. Describe five Process Explorer (ProcExp) features that can be used in computer forensics as part of an investigation. 3. Which forensics tool would you use to reveal recent pages viewed via the Internet Explorer browser? 4. How would IECacheView help a forensic investigator? Copyright 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual

Answer 1

Answer)

1) Some of the main activity is as mentioned below:

To fetch the system's information, to frame the system image for analysis, browsing as well as scanning the local machine files as well as pictures and to give authentication to users for accessing document and incident record with details.

They also analyze the live host and volatile memory.

2) The 5 process explorer feature which could be used in the computer forensics as the investigation is as mentioned below:

To check as to what file, or object process or the registry key is left open while which DLLs would have been loaded and who would own the process, or program that would contain some file or directory to be open for process explorer to display the information regarding the one's that are handled and the DLLs process that are left open, loaded or tracked down DLL problems with versions, or those which handle the leaks and in turn give information in a means to the application work and Windows.

So they monitor, track the applications which are loaded and now are running along with executable, they build in the baseline definition for specific workstation as well as servers meant for comparison purpose while any forensic activity and show the information of the active processes.

3) The tool one can use is the MyLastSearch

This is a utility-based scanner that can scan the cache as well as the history file in the web browser which could locate the search queries made via search engines.

4) The IECache View is helping with the forensic investigator as it helps those to view the internet pages which were accessed earlier. Such information could be used for building a determination about that of the intent for any users and help in the analysis of the data.

Please comment if you need any other inputs.
Share a like if you find the answer helpful. This would help us learn and share our learning better.
Thank you.