Crowdly
Add to Chrome
CMP5372 Applied Cyber Forensics A S2 2025/6
Looking for CMP5372 Applied Cyber Forensics A S2 2025/6 test answers and solutions? Browse our comprehensive collection of verified answers for CMP5372 Applied Cyber Forensics A S2 2025/6 at moodle.bcu.ac.uk.
Get instant access to accurate answers and detailed explanations for your course questions. Our community-driven platform helps students succeed!
Using FTK Imager, examine the provided disk image ForeniscImage01.E01 and determine when the SYSTEM registry hive file was last accessed.
Examine the disk image and locate the file corresponding to MFT Record Number 1. What is the size of this file?
An 8-byte FILETIME timestamp has been encoded starting at hexadecimal offset CB868; locate this offset and determine the UTC time (Little endian Format).
Using the SAM registry hive from the ForensicImage01.E01 evidence file, which of the follwing users last login to the computer?
Using the SAM registry hive from the ForensicImage01.E01 evidence file, when was the last failed login attempt by user Granny?
Using the SAM registry hive from the ForensicImage01.E01 evidence file, which user account has been most frequently used to log in to this computer?
Using the SYSTEM registry hive from the ForensicImage01.E01 evidence file, what is the active time zone currently set on the computer?
Using the SYSTEM registry hive from the ForensicImage01.E01 evidence file, what was the last USB storage device connected to the computer?
Using the SYSTEM registry hive from the ForensicImage01.E01 evidence file, when was the last recorded shutdown time of the computer?
Using the SOFTWARE registry hive from the ForensicImage01.E01 evidence file, when was the software ‘Adobe AIR’ installed on the computer?