To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

Gill is a computer forensics investigator who has been called upon to examine a seized computer.
This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer's log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies' domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?

A digital forensic investigator examines a Windows system to identify suspicious activity related to a recent cyber incident. She has collected volatile and non-volatile registry hives for analysis. The investigator has noticed modifications in a user's profile settings, including changes in desktop wallpaper and screen colors. Which hive and component cells in the registry should she examine more closely for further evidence of user-specific activity?

What is the size value of a nibble?

Depending upon the Jurisdictional areas, different laws apply to different incidents.
Which of the following law is related to fraud and related activity in connection with computers?