Question

HELP ASAP

Tasks of Forensic Tools
This activity will help you meet these educational goals:

- Content Standards—You will learn about the tasks performed by forensic analysis tools.
- Inquiry—You will conduct online research, in which you will collect information and communicate your results in written form.
- 21st Century Skills—You will employ online tools for research and communicate effectively.
Directions:
Read the instructions for this self-checked activity. Type in your response to each question, and check your answers. At the end of the activity, write a brief evaluation of your work.

Activity
Research and describe the tasks performed by forensic analysis tools.

Answer 1

Here are the tasks performed by forensic analysis tools:

Acquisition: This is the first step an analysis tool employs. The procedure involves capturing the data that the digital forensics expert needs to assess. The forensic expert creates a copy of the data, which prevents the original data from corrupting. There are two methods of acquisition: physical acquisition and logical partition. During physical acquisition, the experts copy the entire storage and analyze it. During logical partition, the experts create virtual partitions of the storage. Each partition has an individual operating system in it.

Validation and discrimination: Validation helps in verifying whether the copied data is correct or not. Discrimination is the next step, where the forensic experts sort suspicious and non-suspicious data. Validation and discrimination can be done in three ways: hashing, filtering, or analyzing file headers. Hashing converts characters into smaller values, making them easier to find. Filtering helps sort out suspicious files. Analyzing file headers helps the experts check whether a particular file has an incorrect file extension.

Extraction: Extraction is the next step, in which forensic experts recover the data. The experts employ different data-viewing techniques so they can view various file and folders. They also perform a keyword search, which helps them arrive at the target file that contains the needed information. Extraction also involves decompressing any compressed files so that the experts can view the data in detail. Experts also carry out carving, where they salvage and reconstruct partially deleted files and folders. Then, they try to decrypt any encrypted files using possible passwords. Once the experts find evidence, they bookmark it to use it for later reference.

Reconstruction: After finding evidence, the experts reconstruct another copy that contains the evidence. They can duplicate a file from one disk to another disk or one image to another disk. Similarly, they can create a copy by duplicating one partition to another partition or an image to another partition.

Reporting: Once the evidence is reconstructed, the experts create a detailed report of their findings. They create reports using HTML or web pages. Some experts use PDF formats to produce the reports.

Step-by-step explanation:

Sample Answer from Edmentum/Plato bestie!! <3