Digital Forensics Exam 2
IP Address
32 bit number that uniquely identifies a host on the internet using IPv4
Identity Theft
A criminal can use a variety of the online websites to determine someone's telephone number, address, and net worth by paying for an in-depth search. The criminal can view a person's residence (www.zillow.com ) and quickly decide on a plan to rob that house, if necessary, through the use of Google Earth
Cookies
A text file sent from a web server to a client computer for the purposes of identification and authentication. They can be used to track a user online
USB-Powered Hard Drive
Act as receptacles for evidence acquired from the suspect's hard disk drive
UltraBlock SATA/IDE WRITE-BLOCKER
Allows an individual to read data from a device, such as a hard drive, without writing to that device
All Writs Act
Authorizes federal courts to issue order necessary to aid jurisdictions and agents with professional duties under appropriate principles of law
Windows Registry
Can be used to determine what websites a user has visited
Forensic Tools
Cloud Analyzer, Magnet Internet Evidence Finder, X1 Social Discovery
Gorilla Mail
Disposable temporary email address
DriveSpy
Drive Info
Forensic disk image file formats
E01, DD, RAW
Virginia v Baust
Holding: 5th amendment case; thumbprint entry (physical) is okay, passcode entry is not (testimonial)
In re Boucher
Holding: CP images already seen; foregone conclusion doctrine applies and individual prosecuted
Federal Law Enforcement Access to Personal Information
Homeland Security Information Network & Data Network Director of National Intelligence - National Counterterrorism Center (NCTC) FBI - National Crime Information Center (NCIC) US Air Force - Threat and Local Observation Notice (TALON)
EnCase
Imaging and Analysis
FTK
Imaging and Analysis
X-Ways
Imaging and Filtering
List Databases Available to Law Enforcement to Profile a Suspect
Instant Messaging Evidence Groups Blogs Social Networking Websites
International Law Enforcement Access to Personal Information
Interpol - Fixed Interpol Network Database (FIND) Interpol - Mobile Interpol Network Database (MIND)
Blacklight
MAC OS imaging and analysis
Mac Marshal
MAC OS imaging and analysis
WinHex
Not forensically sound, ability to view edited files (deleted and damaged)
eDiscovery
Process of recovering electronically stored information (ESI) for the purpose of civil litigation
Fifth Amendment
Protection against self incrimination (nor shall be compelled in any criminal case to be a witness against himself)
SIM Card Reader
Reads SIM Cards off cell phones
Local Law Enforcement Access to Personal Information
Real Time Crime Center (RTCC) - NYPD database that stores large quantities of intelligence/information
Issuer Identification Number (IIN)
The first six digits of a credit card number
Electronic Medical Records
These contain a large amount of Personally Identifiable Information (PII). Cyberbullying Social Networking
Videos
Tools available include VideoTriage, Jing, Savevid.com, and Real Player
Credit Cards for Sale
Type the word "fullz" into any search engine, and you can see a list of websites that offer stolen credit card numbers for sale
Dictionary Attacks
Uses a predetermined list of words to decrypt data or authenticate a user
Screen Captures
Whether you use a personal computer or an Apple Mac, capturing what displays onscreen is relatively simple
ASCLD
a nonprofit organization that provides a set of guidelines and standards for forensic labs
preservation order
a request to a service provider to retain the records relating to a suspect
Extended Global Regular Expressions Print (EGREP)
allows for use of operators not found in basic GREP
The Link in the Chain
answers are incriminating if they "would in themselves support a conviction . . . [or] would furnish a link in the chain of evidence needed to prosecute" the defendant
Static IP Address
assigned by ISP for a fixed time period or permanently
Dynamic IP Address
assigned by Internet Service Provider every time a user connects to the internet
Linux
can be used to extract evidence from a device operating system is typically free
expert witness
can create an investigative report or review the findings of an investigative report and then interpret those findings based on specialized education, training, and knowledge
bootable OS tool/live system
capture the contents of a RAM. RAM can be a treasure trove of evidence, including user passwords, Internet activity, running processes, and other important evidence
Brute Force Attack
checks all possible keys to decrypt data
Virtual Machine
computer running software that allows for an instance of an operating system (s) without making any actual changes to the user's computer (VMware)
Anti-Static Bag
contain computing devices and prevent any type of evidence contamination due to the magnetic nature of hard drive platters A forensic disk image file format designed by Guardian Software- Eo1
Skimmer
electronic device used to capture the data from the magnetic stripe on a debit, credit, or prepaid card
TORR
free open source software and an open network originally developed by the US Navy, that enables a user to surf the Internet with anonymity
Fast Global Regular Expressions Print (FGREP)
interprets characters literally and is faster than GREP
Live Forensics
investigating a computer while it is turned on
Parasite
point-of-sale skimmer
File Carving
process of identifying a file by certain characteristics, such as file header or footer
EnScript
programming tool which allows examiners to develop or run their own analysis functions (ie. - carving for images & videos)
Firmware
programs that control electronic devices (works closely w/ OS & Hardware)
Acts of Production Doctrine / Foregone Conclusion
self-incrimination to the extent that the individual's act of production provides information not already in the hands of law enforcement personnel about the (1) existence; (2) custody; or (3) authenticity, of the documents or materials produced
Scientific Working Group on Digital Evidence (SWGDE)
sharing research and setting standards (Best Practices)
ASCLD/LAB
strives to maintain certain standards for forensics labs, including standards that govern the behavior and practices of lab employees and their managers
Lay Witness
testifies about the facts/cannot give an opinion about the case
Self-Incrimination
the constitutional right of a person to refuse to answer questions or otherwise give testimony against himself or herself a responsive answer to the question or an explanation of why it cannot be answered might be dangerous because injurious disclosure could result
ATM skimmer
used to capture data from the magnetic stripe on credit cards or ATM cards. The ATM has a false front to capture this data
Dictionary Attack
uses a predetermined list of words to decrypt data or authenticate a user
Global Regular Expressions Print (GREP)
utility used to extract data using pattern matching