Yep,
I agree that it is not a realistic one (well it is a theoretical question as I mentioned). I think it tries to confuse you in relation to the small file size, file type and the fact that the access time is not changed.
BTW Dear keydet89, your latest book is excellent and rated very high in our office.
Thanks
thank you on the clarification on ads.
Rusaus,
Thanks for your words about my book. It would be great to get some reviews, but I understand from one of your fellow Aussies that was on a Yahoo Group with me that some of your countrymen have an issue with saying anything that I might see, for fear that I might take it and benefit from it….
H
Where in 'real world' you would have hashed files on a runing system?
Whats wrong in hashing a file during an examination of a running system, with the correct tools ?
And if its a forensic image of a computer, then it would not be infected by a virus (or tather it is unlikely -)
As has been said why would an image (or more corrrectly the files in it) not be infected ?
The dollar has fallen again thats another $25 worth wink
Mark
Can I ask an 'interesting question', What on earth this has to do with 'real world' computer forensics. When the practical suggestion of hashing is 'not allowed' ? … what is this all about ?
Just my 2c worth to stimulate converstaion.
Mark
Where in 'real world' you would have hashed files on a runing system? And if its a forensic image of a computer, then it would not be infected by a virus (or tather it is unlikely -)
Foreniscs often performed on live sytems (such as Web servers that could not be shut down due to the impact on the business etc.
Here is my 50c to stimulate converstaion lol
I got to agree with BitHead on this one. Do you know how many viruses and other various types of malicious code there is out there? Tons! New computers are infected every day and many people are already infected and they do not even know about it. If you image a system, you're going to get the viruses with it. I also find them all the time.
Sorry guys,
I should have been clear when I said that files on a forensic image of a computer, would not be infected by a virus . We all know that very often you get to examine a machine full of bugs -) I should have said something like "After iuninfected file is imaged, it is unlikely to be infected inside this image" unless you boot up the forensic image with liveview or similar.
Again, it is a 'theoretical' question that I came across. It does not ask about forensic procedures or forensic imaging. It just testing students (college here in the land of OZ) on their general knowlege about computer security.
Thanks to all who reply )
To keydet86
Thanks for your words about my book. It would be great to get some reviews, but I understand from one of your fellow Aussies that was on a Yahoo Group with me that some of your countrymen have an issue with saying anything that I might see, for fear that I might take it and benefit from it….
Australia is a big country. It the Wold that is small.
Keep up the good work