![prodiscover basic vs autopsy prodiscover basic vs autopsy](https://samsclass.info/121/proj/pdi3.png)
- Prodiscover basic vs autopsy install#
- Prodiscover basic vs autopsy zip#
- Prodiscover basic vs autopsy windows#
If you have an image capture that includes the system.dat and user.dat files form the windows folder on a c: drive, you can examine the registry in that image.
Prodiscover basic vs autopsy zip#
Add the inChp02.eve image file extracted from InChp02.exe self-extracting zip file.An image file has been captured for us by a 3rd party. We are looking for evidence that will show whether they had an ongoing business relationship or not. In this investigation, there is an allegation that Laura Roper and George Montgomery worked together. Using Prodiscover for identifying evidence of transactions between George Montgomery and Laura Roper Include the report in your submission for this lab. Open the report by clicking on the file link and review it taking note of what the report contains, and what you would need to add to make it a complete forensic report.When you have examined all the pictures and tagged all the photos with Clint Eastwood in them, click Generate Report.If you find any, check the box next to the file with Clint Eastwood, and tag them as notable items. Use that ability to see if there are any pictures there of Clint Eastwood. Clicking on a file in the file listing allows you to view a file.Use the evidence tree to view the filesystems found in the image, and explore them to see what files are in the image.Add the wholedrive image file from lab 1.
Prodiscover basic vs autopsy install#
Download Autopsy and install it, then run it.We are attempting to ascertain whether he used the computer to get images of Clint Eastwood from the internet. In this investigation, we are continuing with our investigtion of Donald. Autopsy as a tool for identifying whether pictures of Clint Eastwood are on a suspect drive The purpose of this lab is to try using Windows tools to examine Microsoft filesystem images to see what you can recover. NETS1032 Lab 2 Examining Microsoft Filesystems