IS471 Computer Forensics Course


IS471 Written Assignment Computer Forensics Evidence Rules


Written Assignment: Computer Forensics Evidence Rules

·  Describe how to make a self-evaluation of your work by answering the following questions:

a. How could you improve your performance in the case?

b. Did you expect the results you found? Did the case develop in ways you did not expect?

c. Was the documentation as thorough as it could have been?

d. What feedback has been received from the requesting source?

e. Did you discover any new problems? If so, what are they?

f. Did you use new techniques during the case or during research?

Your report should include:


Table of contents

Body of report



IS471 Written Assignment Definition of Computer Forensics Part A


1. Why should your evidence media be write protected?

2. Why does the ASCLD mandate that there should be procedures established for a computer forensics lab?

3. List 2 popular certification systems for computer forensics.


IS471 Written Assignment Definition of Computer Forensics Part B


IS471 Written Assignment Definition of Computer Forensics Part

Describe how to conduct an investigation


IS471 Written Assignment E-mail


1.  What is the main piece of information you look for in an email message you are investigating?

2.  Please list 2 formatting standards for email.

3.  When you access your email what type of computer architecture are you using?

4.  Explain the role of email in investigations.

5.  Describe client and server roles in email.

6.  Explain the use of Email server logs.

IS471 Written Assignment Forensic Report


Final Project:  Forensics Report

1. Submit the Final Report for you Forensics Project here.

2. Your Final Report should be an MS Word document, at least six pages in length.

1.Your forensics report should be about a fictitious company going through any of the scenarios learned in this class.

Use hypothetical questions to guide and support your opinion. Hypothetical questions are based on factual evidence and should include only those facts supporting your opinion or conclusion. Remember that hypothetical questions can be abused and made so complex that the finder of fact (expert) might not be able to evaluate the answer.

IS471 Written Assignment Learning about Operating Systems


)  How do you mount a .dmg file on a Mac OS X?

2)  What are the four components of the Unix file system?

3)  For what legal and illegal purposes can you use steganography?

4) Explain Macintosh file structures and the boot process.

5) Explain UNIX and LINUX disk structures and boot processes.


IS471 Written Assignment Recovering Data


1.  In Fat 32 a 123 KB file uses how many sectors?

2.  List 2 features NTFS has the FAT does not.

3.  Describe a virtual cluster.

4.  Explain the purpose and structure of file systems.

5.   Describe Microsoft file structures.

6.   Explain the structure of New Technology File System (NTFS) disks.

7.  List some options for decrypting drives encrypted with whole disk encryption.


IS471 Written Assignment Writting reports


1.  Which rules does an expert have to follow to prepare and submit a report?

2.  What is destroying a report before the final resolution of a case called?

3.  When writing a report what is the most important aspect of formatting?

4.  Describe the guidelines for writing reports.

5.  Explain how to use forensics tools to generate reports.

6. Explain the importance of a report.


IS471 Final Questions


1.  Describe what purpose making your own recording during a deposition serves

2.  Describe a situation where you would have to apply your ethical obligations. Please

give an example.

3.  Describe at least 3 reasons for offering a differing opinion from one you testified to in

a previous case.

4.  Describe 3 obvious ethical errors.

5.  Describe an unethical technique opposing council might use during a deposition