In this lesson, you explored the nature of computer crime and the effect it can have on forensic investigations. You also learned that spyware, other forms of malware, and attacks can require a forensic specialist to have more advanced computing knowledge.

In this lab, you will perform a forensic analysis of a virtual machine running Windows 2012 using three commonly available tools: WinAudit, DevManView, and Frhed. You will review the forensic capabilities of each tool, using the sample files provided, to determine any clandestine threats and vulnerabilities such as viruses and malicious software. You also will recover a file that was altered to hide its native file format, and document your findings in a forensics report

1.Which item(s) available from DevManView would be of critical importance in a computer forensic investigation?

2.What tool similar to DevManView is already present in Microsoft Windows systems?

3.Why would someone use a Hex editor during a forensic investigation?

4.What clue in the Frhed examination of challenge.123 led you to the correct extension for that file?