1. A supervisor has brought to your office a confiscated computer that was alleg

Question

1.   A supervisor has brought to your office a confiscated computer that was allegedly used to view inappropriate material. He has asked you to look for evidence to support this allegation. Because you work for a small company, you do not have an extra computer you can dedicate to your analysis. How would you boot the system and begin forensic analysis? Provide a reason for your method.
2.   Explain why you should always search the free space and slack space if you suspect a person has deliberately deleted files or information on a workstation that you are analyzing.
3.   You have been asked by management to secure the laptop computer of an individual who was just dismissed from the company under unfavorable circumstances. Pretend that your own computer is the laptop that has been secured. Make the first entry in your log book and describe how you would start this incident off correctly by properly protecting and securing the evidence.

4.   You are being hired as the director of IT for a small firm that does retail trade business, and you will be the source of knowledge for all things IT, including security and legal regulations. Outline the legal elements you would want to have policy covering, and include how you would disseminate this information.
5.   You have just been hired as a system administrator for a small college. The college’s servers are used for database storage and a website that serves the college community. Describe the laws that will potentially impact your job with respect to computer security. What actions will you take to ensure compliance with laws and regulations?

Explanation / Answer

As , it is the chegg policy to answer one question per answer. I have answered one question. You will be required to post rest of the question and you'll be definitely provided with the answers. Thankyou.

Explain why you should always search the free space and slack space if you suspect a person has deliberately deleted files or information on a workstation that you are analyzing.

As we all know the definition of file stands between the free space and the slack space. If the user has been deleting the file than it is possible that the deleted file is still in the slack space.

Slack Space:

To understand the above written lines it is very important that you understand what does this slack space means. It goes like this that when the file is been edited or deleted with the information it is not directly deleted or been altered but it is been saved in the slack space through which it will be ready for the reallocation process.

There are possiblities that we may find something juicy that will take our investigation further as we can find many things in the slack and free spaces in the victim PC's.It is found that most of the important things are recovered from the slack space in the computer and acquiring things from the slack space is very important as they can give us more than imagined good things that can work as clue or solve the whole problem.

Hence, this is the reason that we must always check the free space and slack space if we suspect of any fishy things going on.

Rate an upvote...Thankyou

Hope this helps....

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.