Select one or more steps that may be easier on a virtual machine when performing forensics and explain why you selected this (those) step(s). Select one or more steps that may be harder on a virtual machine when performing forensics and explain why you selected this (those) step(s). Discuss the pros and cons of performing digital forensics on a virtual machine.
Added by Sean W.
Step 1
This allows forensic investigators to capture the state of the system at a specific point in time without needing to shut down the machine. Snapshots can be reverted to, enabling easy experimentation without altering the original state. - **Isolation of Show more…
Show all steps
Your feedback will help us improve your experience
Haricharan Gupta and 73 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Discuss some advantages and disadvantages of mobile forensic workstations implemented using laptop PCs.
Haricharan G.
Lab Questions: ANSWERS MUST BE IN COMPLETE SENTENCES FOR FULL CREDIT. 1. What is a forensic image? Record your MD5 and SHA hashes. Include a screenshot from your overview tab showing the breakdown of evidence types. 2. What indicates a file has been deleted in FTK? (Besides showing up in the "deleted files" section of the overview tab.) Record your MD5 and SHA hashes. 3. What is the difference (if any) between the computed hash and the report hash calculated in your lab? (Were the hashes in Question 2 and Question 5 the same? What does this indicate?) 4. What information did you learn about the practice case.001 dd image you downloaded from Blackboard? What kind of file system and operating system was used to create this disk? (Hint: If you can identify the file system, look up the associated operating system.) Why is it important to run WinHex or other forensic tools in Write Protect mode? 5. Why is it important to securely wipe (erase) a disk before saving evidence to it? 6. What is Safe Mode and how do you get into it? Where would you go to find out which device the machine is set to boot from? 7. What is the System Restore tool used for? How do you set a system restore point? Why is the System Restore tool of interest to a forensic examiner?
Akash M.
Consider a data center heavily built on Hyper-V, and the ability to clone virtual machines from template VMs or from other existing VMs. In the case of such a highly virtualized data center, how does this change the deployment options available for traditional data centers? Is there any benefit or need associated with the use of some traditional deployment options? What are some drawbacks of using VMs, if any?
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD