Forensics v03 lab03 aw 2

Lab #3 - Assessment Worksheet
Uncovering New Digital Evidence Using Bootable Forensic Utilities
Course Name and Number: CYBER 470
Student Name:
Instructor Name:
Lab Due Date: Week 2
Lab Assessment Questions
1. What is the main advantage of a bootable forensic suite like Helix?
Bootable forensic suites like Helix allow for ease of access within the imaged, virtualized,
or write-blocked copy of the original system without compromising the workstation or
user profiles.
2. Describe five Process Explorer (ProcExp) features that can be used in computer
forensics as part of an investigation.
It can be used to monitor and track actual executables and applications loaded and
running in your computer, including viruses, spyware, malicious software, and keyboard
loggers. Process Explorer can also help build a baseline definition for standard
workstations and servers to be used for comparison purposes during forensic
investigations. This allows an investigator or troubleshooter to locate compromised
system files.
3. Which forensics tool would you use to reveal recent pages viewed via the
Internet Explorer browser?
The tool you would use is MyLastSearch
4. How would IECacheView help a forensic investigator?
IECacheView allows an investigator to see what internet pages were viewed by users of
the machine.

