cybersecurity and digital forensics

Using the Lab facilities and videos for Encase investigations (Version 20), detail the recognised procedures which should be completed by a forensic analyst prior to commencing a formal examination of a computer image One of the first steps in most examinations is to account for the entire disk being examined. If the examiner is working with an evidence file from a disk of particular size and the single partition is smaller, then the remaining area is not accounted for. If this space contained a partition that had been deleted, and the examiner was able to recover this partition, a wealth of data would potentially be available. Detail how you would ensure all partitions are recognised (Live and Delete). Prior to commencing any examination with Encase it is important to prepare the data using recognised processes. The steps used will maintain the integrity of any results. Complete recognized processes document the procedure you use within Encase and explain the significance of these. During an examination potential material of evidential value can exist within the operating system. Detail the files available and how they can assist an investigation Encase allows the user to sort using the 'file extension' tab, this provides a quick means to access particular files that may be of interest. Prepare a list of files that