Perform a Byte-Level Computer Audit Essay

1. What is the main purpose of a softw atomic number 18 fauna like WinAudit in computer forensics?Answer WinAudit is a great disengage tool that will give you a comprehensive view of the components that move over up your system, including hardware, software and BIOS.2. Which items within WinAudits initial report would you image to be of critical importance in a computer forensic probe?Answer Computer Name, OS, Security Settings for Windows Firewall, Drives, Running Programs, and Installed Programs and Versions.3. Could you run WinAudit from a flash drive or both other external media? If so, why is this important during a computer forensic investigation?Answer Yes, WinAudit is a portable Application. Because if youre conducting audits on several computers, having the app on a flashgun Drive can make the process much easier and more season efficient.4. Why would you use a tool like DevMan gather in while acting a computer forensic investigation?Answer DevManView is an alternat ive to the type Device Manager of Windows, which displays all devices and their properties in flat table, instead of tree diagram viewer. In addition to displaying the devices of your local computer, DevManView also allows you view the devices list of some other computer on your network, as long as you have executive director access rights to this computer.5. Which item or items within DevManViews list would you bring to be of critical importance in a computer forensic investigation?Answer Most likely the Hdrives and USB storage devices and/or any other computer hardware on the network.6. What tool similar to DevMan View is already present in Microsoft Windows systems? Answer WinHEX is similar to DevMan.7. Why would individual use a HEX editor during a forensic investigation? Answer To see if the files and data recovered from the hard drive are original and authentic.8. What is the purpose of a software tool like WinHEX in computer forensics? Answer Its a tool that can convale scence important and sensitive data that has been deleted. This tool is also used for editing or whipping the info from the drive.9. What was the proper extension of the file you examine using WinHEX? How did you find it? Answer 10. Why do you need to alimentation evidence untampered? In order to guarantee intelligent admissibility? Answer For legal reasons. So, the evidence can be used in Court. If the evidence is non authentic, it can be thrown out of court.