In this lesson, you explored the nature of computer crime and the effect it can have on forensic investigations. You also learned that spyware, other forms of malware, and attacks can require a forensic specialist to have more advanced computing knowledge.

In this lab, you will perform a forensic analysis of a virtual machine running Windows 2012 using three commonly available tools: WinAudit, DevManView, and Frhed. You will review the forensic capabilities of each tool, using the sample files provided, to determine any clandestine threats and vulnerabilities such as viruses and malicious software. You also will recover a file that was altered to hide its native file format, and document your findings in a forensics report

1.What is the main purpose of a software tool like WinAudit in computer forensics?

2.Which item(s) generated by WinAudit would be of critical importance in a computer forensic investigation?

3.Could you run WinAuditfrom a flash drive or any other external media? If so, why is this important during a computer forensic investigation?

4.Why would you use a tool like DevManView while performing a computer forensic investigation?