Question
Q1 [10 marks in total] a) Describe, in detail, the actions you would take to ensure a fully compliant forensics process, from the moment you
Q1 [10 marks in total] a) Describe, in detail, the actions you would take to ensure a fully compliant forensics process, from the moment you are escorted to the vicinity of the computer room until you have completed your investigation. [4 marks]
b) Compare, using examples, two different theories of Computer Forensics and Digital Investigation and list areas in which they differ. [3 marks]
c) List, with examples, the information you would record when creating and maintaining a timeline for the investigation. [2 marks]
d) Describe the forensic importance, if any, of the items found in the boxes on the computer room floor. [1 mark]
Q2 [10 marks in total] a) Within the scope of a computer forensics investigation, describe with examples, how the Epidemic Threshold for malware propagation might influence the information gathering process. [2 marks]
b) Assume that the Systems Administrator of the seized servers attempts to use the Trojan Horse defence. List, with examples, at least four types of artefacts on a Windows Server that would possibly disprove the defence. [4 marks]
c) Describe, with examples, the forensically correct process for handling the disk drives scattered across the floor when seizing and onsite-gathering. [2 marks]
d) Describe, with examples, the process and commands required to make a forensically-sound copy of a hard drive. [2 marks]
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started