CH 1 DF

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Lists each piece of evidence on a separate page

Single-evidence form

What usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will?

A warning banner

worn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence

Affidavit

Which term refers to an accusation or supposition of fact that a crime has been committed and is made by the complainant, based on the incident?

Allegation

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant

An affidavit

A person who has the power to initiate investigations in a corporate environment

Authorized requester

What term refers to the individual who has the power to conduct digital forensic investigations?

Authorized requester

What is the role of an authorized requester?

Businesses are advised to specify an authorized requester who has the power to initiate investigations. Executive management should define a policy to avoid conflicts from competing interests in organizations. In large organizations, competition for funding or management support can become so fierce that people might create false allegations of misconduct to prevent competing departments from delivering a proposal for the same source of funds. To avoid inappropriate investigations, executive management must also define and limit who's authorized to request a computer investigation and forensics analysis. Generally, the fewer groups with authority to request a computer investigation, the better.

Which Pacific Northwest agency meets to discuss problems that digital forensics examiners encounter?

CTIN

Allows legal counsel to use previous cases similar to the current one because the laws don't yet exist

Case law

Which entity was formed by the FBI in 1984 to handle the increasing number of cases involving digital evidence

Computer Analysis and Response Team

Which type of case involves charges such as burglary, murder, or molestation?

Criminal

A technician is trying to recover information on a computer that has been hidden or deleted on purpose in order to hide evidence of a crime. Which type of task is the technician performing

Data recovery

What are some examples of text for internal banner messages?

Depending on the type of organization, the following text can be used in internal warning banners: • Access to this system and network is restricted. • Use of this system and network is for official business only. • Systems and networks are subject to monitoring at any time by the owner .• Using this system implies consent to monitoring by the owner .• Unauthorized or illegal users of this system or network will be subject to discipline or prosecution. • Users of this system agree that they have no expectation of privacy relating to all activity performed on this system.

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data

Digital forensics

Which group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime?

Digital investigations

What term refers to a person using a computer to perform routine tasks other than systems administration?

End user

When an investigator seeks a search warrant, which of the following must be included in an affidavit to support the allegation of a crime

Exhibits

Computer investigations and forensics fall into the same category: public investigations

F

The law of search and seizure protects the rights of all people, excluding people suspected of crimes

F

When you work in the enterprise digital group, you test and verify the integrity of standalone workstations and network servers.

F

Which group often works as part of a team to secure an organization's computers and networks?

Forensics investigators

Which agency introduced training on software for forensics investigations by the early 1990s?

IACIS

What questions should an investigator ask to determine whether a computer crime was committed?

In a criminal case, a suspect is charged for a criminal offense, such as burglary, murder, molestation, or fraud. To determine whether there was a computer crime, an investigator asks questions such as the following: What was the tool used to commit the crime? Was it a simple trespass? Was it a theft, a burglary, or vandalism? Did the perpetrator infringe on someone else's rights by cyberstalking or e-mail harassment?

Briefly describe the main characteristics of public-sector investigations.

In general, public-sector investigations involve government agencies responsible for criminal investigations and prosecution. Government agencies range from municipal, county, and state or provincial police departments to federal law enforcement agencies. These organizations must observe legal guidelines of their jurisdictions, such as Article 8 in the Charter of Rights of Canada and the Fourth Amendment to the U.S. Constitution restricting government search and seizure.

Why is confidentiality critical in the private-sector environment?

In the private-sector environment, confidentiality is critical, especially when dealing with employees who have been terminated. The agreement between the company and the employee might have been to represent the termination as a layoff or resignation in exchange for no bad references. If you give case details and the employee's name to others, your company could be liable for breach of contract.

Involves selling sensitive or confidential company information to a competitor

Industrial espionage

The process of trying to get a suspect to confess to a specific incident or crime

Interrogation

Briefly describe the triad that makes up computer security.

Investigators often work as a team to make computers and networks secure in an organization. The computer investigations function is one of three in a triad that makes up computing security. In an enterprise network environment, the triad consists of the following parts: * Vulnerability assessment and risk management * Network intrusion detection and incident response * Computer investigations

What must be done, under oath, to verify that the information in the affidavit is true?

It must be notarized

Specifies who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence

Line of authority

What do published company policies provide for a business that enables them to conduct internal investigations?

Line of authority

What is most often the focus of digital investigations in the private sector?

Misuse of digital assets

Briefly describe hostile work environment.

Most digital investigations in the private sector involve misuse of digital assets. Typically, this misuse is referred to as "company rules violation." Digital abuse complaints often center on e-mail and Internet misuse by employees but could involve other digital resources, such as using company software to produce a product for personal profit. The scope of an e-mail investigation ranges from excessive use of a company's e-mail system for personal use to making threats or harassing others via e-mail. Some common e-mail abuses involve transmitting offensive messages. These types of messages can create a hostile work environment that can result in an employee's civil lawsuit against a company that does nothing to prevent or respond to it (in other words, implicitly condones the e-mail abuse).

Yields information about how attackers gain access to a network along with files they might have copied, examined, or tampered with

Network forensics

What are some of the most common types of private-sector computer crime?

Private-sector computer crimes can involve e-mail harassment; gender and age discrimination; white-collar crimes (defined by the FBI, www.fbi.gov/investigate/white-collar-crime), such as falsification of data, embezzlement, and sabotage; and industrial espionage, which involves selling sensitive or confidential company information to a competitor. Anyone with access to a computer can commit these crimes.

Briefly describe the main characteristics of private-sector investigations.

Private-sector investigations focus more on policy violations, such as not adhering to Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. However, criminal acts, such as corporate espionage, can also occur. So although private-sector investigations often start as civil cases, they can develop into criminal cases; likewise, a criminal case can have implications leading to a civil case. If you follow good forensics procedures, the evidence found in your examinations can make the transition between civil and criminal cases.

What investigator characteristic, which includes ethics, morals, and standards of behavior, determines the investigator's credibility?

Professional conduct

What is the third stage of a criminal case, after the complaint and the investigation?

Prosecution

Which doctrine, found to be unconstitutional, was used to allow a civilian or private-sector investigative agent to deliver evidence obtained in a manner that violated the Fourth Amendment to a law enforcement agency

Silver-platter

After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant

T

By the 1970s, electronic crimes were increasing, especially in the financial sector

T

Maintaining credibility means you must form and sustain unbiased opinions of your cases.

T

The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure

T

The definition of digital forensics has evolved over the years from simply involving securing and analyzing digital information stored on a computer for use as evidence in civil, criminal, or administrative cases

T

The police blotter provides a record of clues to crimes that have been committed previously

T

To be a successful computer forensics investigator, you must be familiar with more than one computing platform

T

Recognizes file types and retrieves lost or deleted files

Xtree Gold

How can you begin assessing a case?

You can begin assessing this case as follows: • Situation—Employee abuse of resources. • Nature of the case—Side business conducted on the company computer. • Specifics of the case—The employee is reportedly conducting a side business on his company computer that involves registering domain names for clients and setting up their Web sites at local ISPs. Co-workers have complained that he's been spending too much time on his own business and not performing his assigned work duties. Company policy states that all company-owned digital assets are subject to inspection by company management at any time. Employees have no expectation of privacy when operating company computer systems. • Type of evidence—Small-capacity USB drive connected to a company computer. • Known disk format—NTFS. • Location of evidence—One USB drive recovered from the employee's assigned computer.

Without a warning banner, what right might employees assume they have when using a company's computer systems and network accesses?

privacy


Kaugnay na mga set ng pag-aaral

The Awakening · Reading Assignment Answers

View Set

Chapter 69: Management of Patients With Neurologic Infections, Autoimmune Disorders, and Neuropathies

View Set

Chapter 15 - Managing Communication

View Set

Colorado Property - Certificate Exam

View Set

Nurs 107 Prep U Chapter 33 Assessment and Management of Patients with Allergic Disorders

View Set