Question
Background Youre a System Administrator at Company Y. It was reported to you that an employee, Ross, was seen viewing prohibited material on their work
Background You’re a System Administrator at Company Y. It was reported to you that an employee, Ross, was seen viewing prohibited material on their work laptop (Windows OS) during working hours. When Ross was confronted by a colleague, he reportedly deleted the image and denied any wrongdoing. It was reported to you that the image may not have only broken company policy, but it may be illegal as well. Based on the report, you recognise that you need to conduct a digital investigation of Ross’ computer that is robust enough to withstand legal scrutiny.
Task
The following should be addressed
-Before and after the acquisition of a Forensic image, hashes are taken. Do you agree with this practice? Explain.
- What are some major differences between Digital Forensic (DF) tools and ‘ordinary’ recovery software?
- Explain why it might be possible for a DF tool to recover deleted files.
- Choose one open-source DF Tool capable of recovering deleted files from Ross’ computer. Justify the selection of this tool.
- Give a brief overview (either via screenshots or a live demonstration) of how the tool is used.
Step by Step Solution
3.44 Rating (163 Votes )
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Document Format ( 2 attachments)
635fff14d4507_233153.pdf
180 KBs PDF File
635fff14d4507_233153.docx
120 KBs Word File
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Statistics For Engineers And Scientists
Authors: William Navidi
3rd Edition
73376345, 978-0077417581, 77417585, 73376337, 978-0073376332
