In the scenario activity Operating Systems and Forensics, which forensic tools w
ID: 3840017 • Letter: I
Question
In the scenario activity Operating Systems and Forensics, which forensic tools would you utilize to recover and process evidence found on the hard drive and what is the objective of recovering data from the USB drive that was found? Consider the hard drive was formatted.
What software forensic tool could be used to determine the date and time of formatting?
Please, nothing handwritten due to poor eyesight. also please for the love of all that's holy please check spelling and grammar. If no one can read or understand the answer then it defeats the purpose.
Explanation / Answer
Date forgery analysis is the frequent way to digital forensics investigation tasks we encounter.
For instance, the suspect will back dates the document and tries to pass it when it is an older one(document).
In this process,we usually makes a mistake overlooks the metadata or surrounding evidence that could be used by the computer forensics expert to reveal that what was happened.
The Master File Table in NTFS stores the “MFT altered time” field in the $STANDARD_INFORMATION
attribute as well as the “File time creation”, “File modification time”, “MFT modification time” and “File access time” fields in the $FILE_NAME attribute.
Besides legitimate updates performed by the operating system if the files are copied, edited etc.