Question

DIGITAL FORENSIC TOOKS:

1. USB FORENSIC

What value could this artifact have for investigation?

What kinds of information can you extract?

2. WINDOWS REGISTRY

What value could this artifact have for investigation?

What kinds of information can you extract?

What were they following originally designed for

What kind of forensic value could they provide in the in a digital investigation?

What are some of the limitations of each type of the artifact?

Link Files

Prefetch

ShimCache

Shellbags

Jump lists

VSS

Event Logs

Answer 1

USB Forensics:

USB Foensic have become very important in Investigation of Digital documents whioch involves fetching up of

erased of data from USB devices which may be suspicious for the crime scnene to happen or any type of

Fraudulent activity.

Informations which can be extractedfrom USB Forensics are as follows:

1. Image File

2, Video File

3, Documents

4, Softwares which may be suspicious in case of Conducting criminal activities etc

2. Window Registry

It basically contain Informatijon about recent files and significant action Information about user actions.

It is an very useful tool for Forensic Investigator.

The Information which can be tracked down from windows registry are as follows

1.Transaction logs

2. Deleted entries

3. backup system

4.System Restore

Limitations of each typeof artifacts are as follows:

1.Link files: In this links are created only among files includes in same system

2.Prefetch:Internode Interference

3.Shim cache: Low storage capacity

4.Event Log: Time consuming in retention of events occured.

5.Jump Lists: Creating long lists which may be difficult

6.VSS-: limit for volume