Fill in order details

  • Submit your instructions
    to writers for free!

Chat with the writer

  • Chat with preferred expert writers
  • Request a preview of your paper
    from them for free

Editing

  • Project edited by the quality evaluation department

Download Your Completed Project

  • Download the completed project from your account or have it sent to your email address

Research slack space on the Windows NTFSv5 file system. Compared to other file systems, does slack space have a similar mechanism to handle file allocation?

Topic 3 DQ 1

Research slack space on the Windows NTFSv5 file system. Compared to other file systems, does slack space have a similar mechanism to handle file allocation? Discuss how slack space can be used to hide files from a digital forensic investigator. What tools are available to uncover hidden files?

Topic 3 DQ 2

Discuss the forensic process of submitting a USB drive as evidence. Where in the Windows operating system can this information be found? Discuss ways that this evidence can be modified by the suspect to obfuscate an investigation.

Perform a Forensic Memory Analysis

Live system forensics is an exacting task; if performed incorrectly, valuable evidence could be lost forever. Using industry-standard forensic recovery tools, you will perform a live system memory analysis. In a Microsoft Word document of a minimum of 500 words, document the process as you go so it can be replicated; use screen captures to prove the completion of each step. Take complete forensic lab notes, such that you could be called on to be an expert witness at a trial.

Include the following:

  1. Perform a host system memory capture: using your Windows 10 VM and AccessData FTK imager, acquire a live image of your system’s RAM.
  2. Using your SIFT VM and Volatility, perform an analysis of the captured memory image. When performing your analysis, focus on the operating system’s processes, registries, log files, HASHs, etc…
  3. Document the methodology that you used to perform your host memory capture and the findings of your investigation.
  4. As this is part of an investigation, you will need to provide your step-by-step process. Include only the facts, not recommendations or personal thoughts.

While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

You are not required to submit this assignment to LopesWrite.

Perform a Linux and Window’s File System Forensic Examination

There are hundreds of different file systems that are used with all the major operating systems, and as a forensic investigator, you need to be familiar with each of them. Many of these file systems have the ability to hide files. You will investigate one of the most common file systems and detect hidden data (e.g., steganography, slack space, alternate data streams, etc.). Digital Forensic tools such as Autopsy analyze the imaged drive using a method called file carving. In a Microsoft Word document of a minimum of 500 words, document the process as you go so it can be replicated; use screen captures to prove the completion of each step. Take complete forensic lab notes, such that you could be called on to be an expert witness at a trial.

Include the following:

  1. Using the GCU-Approved Virtualization Solution, download the SANS SIFT VM and install the virtual machine on your host.
  2. Using the GCU-Approved Virtualization Solution, download Windows 10 and install it as a virtual machine on your host.
  3. Using a USB flash drive and your Windows 10 VM and and AccessData FTK imager, create a physical image of the drive. Make sure there are files on the drive (e.g., various types of documents—.doc, .xls, .pdf—and lots of kitten .jpgs).
  4. Using a USB flash drive and your SANS SIFT VM and Linux DD, create a physical image of the drive. Make sure there are files on the drive (e.g., various types of documents—.doc, .xls, .pdf—and lots of kitten .jpgs).
  5. Analyze the files discovered on the drive using Autopsy and describe any hidden, surprise files or known file filters.
  6. In your report, explain the similarities and differences between capturing Windows verses a Linux system.
  7. Report the findings of the investigation. As this is part of an investigation, you will need to provide your step-by-step process. Include only the facts, not recommendations or personal thoughts.

While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

You are not required to submit this assignment to LopesWrite.

Place your order now on a similar assignment and get fast, cheap and best quality work written by our expert level  assignment writers.Research slack space on the Windows NTFSv5 file system. Compared to other file systems, does slack space have a similar mechanism to handle file allocation?

Solved Questions:

SOLVED! How do you think evidence from nursing journals

SOLVED!! Nursing C228: Task 1

SOLVED! Describe the difference between a nursing practice

SOLVED! Case C 38-year-old Native American pregnant

ANSWERED!! Assume you are a nurse manager on a unit

ANSWERED!! In a 4- to 5-page project proposal written to the

ANSWERED!! A 15-year-old male reports dull pain in both

ANSWERED!! Should government continue to take an

[ANSWERED] Mrs. Adams a 68-year-old widow who was

[ANSWERED] Compare and contrast the various ways you can

ANSWERED! Provide a summary of your learning style

What our customers say
_____

error: Content is protected !!