In this lesson, you explored the basic principles of computer forensics, and the processes that are a part of systems forensics, investigations, and response. You also learned that the ability to formulate a rationale, or reasoning, behind computer forensic activities that can be understood by lay persons in a court is a critical competency for computer forensic specialists.

In this lab, you will you will act as a forensic specialist assisting the lead forensics investigator at the Cyber Crimes Division (CCD) for the City of Fremont Police Department. You have been given a hard drive image taken from a seized computer suspected of containing stolen credit card numbers. You will review the search warrant and complete the chain of custody form that accompanies the evidence drive. Using a variety of forensic tools, you will prepare the contents of the seized hard drive image as evidence, in accordance with the Daubert standard. For example, you will use FTK Imager to create hashes for key evidence files. You will also validate the hash code using EnCase Imager and P2 Commander.

1. How do you generate a hash file in FTK Imager?

2. What was the MD5 hash value in 043458.csv, the deleted e-mail file?

3. What is the Daubert standard?

4. Why must a forensic investigator be familiar with emerging technologies?