Share
Explore BrainMass

A Guide to Computer Forensics and Investigations

Discussion Questions from the book "A Guide to Computer Forensics and Investigations" 3rd Edition

1. Discuss some of the various backup tools available in the market. What are the differences among the computer forensic tools?

2. Analyze and discuss a case where Company A claims its network was compromised by a connection from Company B network. How should both companies proceed? Who should be involved?

3. Discuss the advantages and disadvantages of using ISO standards for testing and validation purposes. The discussion should be oriented but not limited to ISO standards. Any other standard definition can be used.

4. Is it easier to perform a computer forensic investigation if the suspectâ??s computer is a Linux or UNIX system instead of Windows? Does the OS affect the process at all? Consider all flavors of Linux/UNIX and Windows.

5. Debate the legal validity of honeynets. Do you think it is legal or illegal and why?

6. Discuss the advantages and disadvantages of using reports generated by forensics tools to create your final investigation report.

Solution Preview

Hi, please take a look at this and tell me where you require clarification. The questions were somewhat ambiguous. I hope to work with you again. Get back to me asap so I can make changes before the due date. I hope to work with you again.

Discussion Questions from the book "A Guide to Computer Forensics and Investigations" 3rd Edition

1. Discuss some of the various backup tools available in the market. What are the differences among the computer forensic tools?
Tape Backup-Most Popular, inexpensive and portable. Disadvantage is that there are many different incompatible standards available for tape backup and many legacy systems out there. These legacy systems may not be supportable because the company has gone out of business and/or spare parts can no longer be acquired.
There are a number of other different types of backup systems on the market. Most of them are capable of backing up Windows, OS X and Linux. They are written in C and Perl Language as well as Java, C++ and VB net and Python.
There are different types of backups.
Unstructured-This simply backups selected data manually. There is little organization and it is poor fodder for forensics.

Full System Backup-This is typically done on a monthly or bi weekly basis. It is highly recoverable.
Incremental-First a full system backup is performed. This establishes a baseline. Then future backups are only performed when the data has changed. Incremental systems are harder to recover than full system backup systems.
Differential backup-Similar to incremental. However, in Differential backup systems the changes are recorded. It takes longer, but it is easier to recover. You only need 2 files, the initial full backup and the recorded changes.
Multi-leveled or multi-tiered ...

Solution Summary

A guide to computer forensics and investigations are examined.

$2.19