Overview
In this lab, you acted as a forensic specialist assisting the lead forensics investigator at the Cyber Crimes Division (CCD) for the Fremont Police Department. You were given a hard drive image taken from a seized computer suspected of containing stolen credit card numbers. You reviewed the search warrant and completed the Chain of Custody form that accompanied the evidence drive. You prepared the contents of the seized hard drive using a variety of forensic tools as evidence in accordance with the Daubert standard. You used FTK Imager to create hashes for key evidence files. You then validated the hash code using EnCase Imager and P2 Commander, two common forensic analysis tools.
Lab Assessment Questions & Answers
1. Why is the unallocated space of a Windows system so important to a forensic investigator?
2. From where were the badnotes1.txt and badnotes2.txt files recovered?
3. What is the INFO2 file used for?
4. How do you generate a hash file in FTK Imager?
5. What was the MD5 hash value in 043458.csv, the deleted e-mail file?
6. What is the Daubert standard?
7. Why must a forensic investigator be familiar with emerging technologies?
The Essay on Forensics as a Crime Scene Investigator
Thesis Statement Forensic is a field of that deals with psychology and the law. Forensic is defined as the intersection of psychology and the law. Forensics is the application of science to questions which are of interest to the legal system. For example, forensic pathology is the study of the human body to determine cause and manner of death. Introductory Paragraph Forensics will be my area of ...
