Making use of the Daubert Standard to Forensic Evidence
Course Term and Amount: _____________________________________________________ College student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________
With this lab, you acted like a forensic expert assisting the lead forensics investigator on the Cyber Criminal offenses Division (CCD) for the Fremont Law enforcement officials Department. You were given a difficult drive image taken from a seized computer suspected of containing stolen credit card quantities. You analyzed the search warrant and completed the Chain of Custody form that accompanied the evidence travel. You prepared the articles of the grabbed hard drive by using a variety of forensic tools since evidence according to the Daubert standard. You used FTK Imager to develop hashes pertaining to key facts files. Afterward you validated the hash code using EnCase Imager and P2 Leader, two prevalent forensic analysis tools.
Lab Assessment Concerns & Answers
1 . Why is the unallocated space of the Windows system so important into a forensic examiner?
2 . Coming from where had been the badnotes1. txt and badnotes2. txt files recovered?
3. What is the INFO2 file used for?
4. How do you generate a hash file in FTK Imager?
Copyright laws В© 2014 by Williams & Bartlett Learning, LLC, an Conquer Learning Firm. All legal rights reserved.
Student Lab Manual
a few. What was the MD5 hash value in 043458. csv, the removed e-mail record?
6. Precisely what is the Daubert standard?
7. Why must a forensic investigator be familiar with emerging technologies?
Copyright В© 2014 simply by Jones & Bartlett Learning, LLC, a great Ascend Learning Company. Every rights set aside.
Pupil Lab Manual