All part of one question: a. What are metadata? What are volatile data? Why are
ID: 3855930 • Letter: A
Question
All part of one question:
a. What are metadata? What are volatile data? Why are metadata and volatile data important in an investigation?
b. What is encryption? how can encryped files affect an investigation? How do you actually encrypt files? Is there software involved? List examples.
c. In the field of computer forensics, what is imaging? What is a write blocker? What is the difference between software and hardware write blockers? List at least 2 examples (brands) of either type (software/hardware) and give estimated costs.
d. How can an investigator validate that an exact copy of a hard drive was made? List at least two different examples (brands) of tools that can be used to make an exact copy of a hard drive and give estimated costs.
e. List the top 5 or so computer forensics tools widely used in the United States.
Explanation / Answer
A)Metadata:- Metadata a data or a small description infomation about a given data.In the internet avery move a click or sending and recieving mails produce a large amount of invisible traces.these traces can revel our behavioral pattern ,location contacts, habits or more intemite interest.These traces are hidden in the metadata.A tiny peice of information stored in ip packet .It is important in an investigation because we can track the person who are doing social crime.
Volatile Data:-volatile data is the data which id removed when the power is off of your computer. If you turn off your pc anything contained on the ram is lost.It is important in an investigation because we can recover the volatile means if your pc is connected to any other device. volatile data that could be lost upon removal of a device from disconnecting power could be important data in some cases, olatile data that could be lost upon removal of a device from disconnecting power could be important data in some cases, if the computer was connected directly to a removable storage device for example. This information may possibly help towards detection of possible company data theft that you suspect may be happening within your organisation so volatile data is use to gather information for evidence.
B )Encryption :- It is a process of converting one form of data to another form of data.
encription means hidden data from other only visible to the person to whome you sending the information.there are different types of encryption technique:-
Example of encryption:
suppose if you have to send a message hello
so you convet the world adding 2 alphabet means for h:h+2=j then for e and so on till i so the message hello is encrypted in ignnq. encryotion affect on investigation because all the hecker are hack by decrypt the server security and read anyone message.
there are many software of encryotion like encrypt decrypt file utility, ransoware,truecrypt etc.
E) there there are different types of computer forensics tools which are use in the united states
Thank you