Instructions for Assignment: Your report must include: 1. Evidence description. 2. Standard procedure (example: collection steps, imaging, chain of custody, etc) 3. Examination of NTFS file structure...

ASSIGNMENT
The gallery view of the software application shows the document that has been overwritten after it had been destroyed. It is only rational for him to concede the possibility that the There is a problem with the entry's modified timestamp in one way or another. The process of extracting a document from an archive is done on a computer that is running Windows XP. The Entry Modified time stamps will always be xx:xx: xx, even if the archive was fetched to the record device at yy:yy: yy. Even during the process of generating a file on a computer, the file will normally take over the date of the device just like its Date Created time stamp. This is because the date is stored in the file's header. Zip files do not behave in any way remotely similar to this at all. In the realm of international cyber forensics, the storied time stamp called as Entry Modified has shown to be an invaluable asset in the resolution of a significant number of cases. Customers are never privy to this hidden timestamp, and very few individuals have even a basic comprehension of what it may or may not signify. As a consequence of this, they are not able to make any changes to it. People are seldom made aware of the fact that now the EntryModified timestamp has a very restricted range of validity, which is an important detail to note. It must be earlier than the date that is shown in the Date Created column; it cannot be later. (Windows Vista does not include this functionality in its operating system.) The time stamps for "Date Created" & "Date Modified" end up being identical whenever a zipper report is created. Examiner 1, who is a person who gives computer help but does not have expertise in forensics, studies the harsh force, applies document restoration software to a harsh electricity, so recovers a significant amount of data that was previously deleted. Examiner 1 does not have any prior experience in the field of forensics. Then, in his report, he adds that he was unable to view any of the recovered papers since the laptop had such a record-wiping software application linked to the machine. This is something that he acknowledges in his report. This information has been recorded as part of his file. In addition to that, when he is at the customer's location for the inspection, he utilizes the customer's computer. Examiner 1 states his view, which is recorded in his report, that owner of the computer used the most recent usage of the report-wiping software application a few days after the courtroom were attentive. Examiner 1's statement is supported by the documentation in his report. In addition to this, he asserts that the software program for deleting files deletes everything from the hard disc of a computer. Last but not least, he asserts that due to the truth, the software that erases records was upgraded to run days after the court made mention, and as a consequence, he was not able to read any of the documents that he obtained as a result of this.
Expert 2, a trained forensics examiner, also investigates the client's computer in order to evaluate the client's administrative authority. However, before making a forensic replication, Examiner 2 first eliminates the troublesome pressure and ensures that the laptop is not turned on. After that, he investigates the challenging pressure forensic duplication. He retrieves a large number of erased files and makes the observation that the only evidence of a document-wiping utility is an empty listing in the location where the document-wiping program was updated into installation. Inside of that folder, he makes the observation that the most important document that was only a device report, which has a date that is many days after the court heard about the order to renovate. After that, he finds a copy of the same model of the document-wiping program and downloads it onto a clean computer.
In order to figure out how the software...