INFOSYS 727 Lab 03 - Computer Forensics

An image thus includes all the unused space of the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: s contents. An ‘image’ thus includes all the unused space of the drive. c. One of the first things that a forensic expert would do is to acquire the image of the hard drive and calculate is Hash, in order to protect its integrity during the investigation process. INFOSYS 727 DEPARTMENT OF INFORMATION SYSTEMS AND OPERATIONS MANAGEMENT Advanced Information Security 2. Analysis Once the Image is acquired it is analyzed using special tools such as FTK. The software indexes contents (used + unused space) of the image in a flexible and easy to access manner. The Forensic expert looks for specific evidence as informed by the stakeholders in the case. 3. Report After the analysis is done, the forensics expert formulates the report and sends it for judicial review. In this lab you will only deal with Step 2 – “Analysis” process using FTK toolkit. Instructions 1. Download the image “Precious Encase.01” from CECIL and save it to your Desktop. 2. To present the case in the court, you need to calculate the hash of the image before starting...
View Full Document

Ask a homework question - tutors are online