I am trying to create experiment steps and identify independent & dependant variables for an experiment i want to do.
The experiment is that i want to know what artefacts does hotmail leave on my pc when i use the web based hotmail (not msn messenger).
I have identified some experiment steps and variable but was hoping if you could add to it as you may already have done something similar to this.
Experiment steps.
1. create a virtual machine with a copy of windows.
2. make a copy of that hardrive using encase (correct me if wrong)
3. use hotmail to send an e-mail to myself
4. take another copy using encase
5. compare the two images.
Please can you add to this or make it clearer.
many thanks for all your help
Are you just looking for files are are you also considering user registry entries? You can also do a RegShot comparison http//
is it possible you could explain if the experiment steps are correct. Mainly files. What would the Independant variable be?
seems fair enough, you will want to hash all the files in your first image, then you can ignore these files when you come to analyse your second image.
also of interest will be procmon from the sys internals suite.
So you are saying that get an MD5 hash?
What would be the independant variables?
So you are saying that get an MD5 hash?
What would be the independant variables?
of each file and build a hash set.
i would take a stab and say ur independent variables could be things like which browser you are using (and its appropriate settings), your operating system, the type of email you are viewing ie. things you can change that will depend on the artefacts you may or may not find. hth