In this lesson, you explored methodologies and formal approaches used in forensic investigations, documentation of methodologies and findings, and evidence-handling tasks.

In this lab, you will use a variety of forensic tools that are independent executables that run locally on a workstation or server under investigation. Although the tools are designed to run in Windows or Linux, they give you experience working with bootable utilities in general, acquiring skills you can use regardless of the operating system under examination. To begin, you will use Helix, a forensic tool that enables you to review the system information of a targeted machine in the virtual lab environment. You will also explore the features and functions of the following forensic utilities: Process Explorer, FavoritesView, IECacheView, IECookiesView, BrowsingHistoryView, and MyLastSearch:

please answer this question:

1.What is the main advantage of a bootable forensic suite like Helix?

2.Describe five Process Explorer (ProcExp) features that can be used in computer forensics as part of an investigation?

3.Which forensics tool would you use to reveal recent pages viewed via the Internet Explorer browser?

4.How would IECacheView help a forensic investigator?

5.All of the tools used in this lab are intended to analyze data. What is the difference between data and evidence?