Lab #5 - Assessment Worksheet
Analyzing Images to Identify Suspicious or Modified Files
Confiscating and identifying the websites and images in the suspect’s computer is helpful in establishing concrete evidence against the suspect.
The P2 Commander Image Analyzer scans the images and it looks pornographic contents.
By changing the search sensitivity.
There are 15 different categories and they include emails, documents, graphics, spreadsheets, databases, multimedia, compressed, executable, text, encrypted, xml, and chats amongst others.
Under the executables
They are found in the compressed categories
Under the graphic and Recover from Unallocated Space.
It is of importance in instances where the program may not have recognized the image as a threat.
An investigator can keep the suspect’s images and websites so as to establish concrete evidence. The P2 Commander Image Analyzer scans images and looks for pornographic content. The amount of false positives in the Highly Suspect can be decreased by changing the sensitivity. There are 15 different categories of P2 Commander’s Sorted Files including encrypted, xml, and chats amongst others. There are 3022 Sorted Files in evidence drive. The rogue application, malicious spyware application, or keyboard logger application on the target evidence drive are identified under the executables. ZIP files and compressed files are found under compressed categories. The possible image files on the evidence drive can be looked under the graphic and Recover from Unallocated Space. If an image is not recognized as threat, it can be looked under the Graphics folder.