Guide to Computers Forensics and Investigations Fifth Edition, Chapter 2
The manager of a digital forensics lab is responsible for which of the following (check all that apply)? A. Making necessary changes in lab procedures and s/w B. Ensuring that staff members have enuff training to do the job. C. Knowing the lab objectives D. None of the above
A. Making necessary changes in lab procedures and s/w B. Ensuring that staff members have enuff training to do the job. C. Knowing the lab objectives.
The ASCLD mandates the procedures established for a digital forensics lab. True or False?
False
Typically, a(n) ____ lab has a separate storage area or room for evidence.
regional
Which organization has guidelines on how to operate a digital forensics lab?
ASCLD
A national society that sets the standards, management, and audit procedures for labs used in crime analysis, including digital forensics labs used by the police, FBI, and similar organizations.
American Society of Crime Laboratory Directors (ASCLD)
A plan you can use to sell your services to management or clients. In this plan, you justify acquiring newer and better resources to investigate digital forensics cases.
Business plan
A certification from the International Society of Forensic Computer Examiners.
Certified Computer Examiner (CCE)
A certification from ISC2 for completing the education and work experience and passing the exam.
Certified Cyber Forensics Professional (CCFP)
A certificate awarded by IACIS at completion of all portions of the exam.
Certified Forensic Computer Examiner (CFCE)
Building a business case can involve which of the following: A. Procedures for gathering evidence B. Testing software C. Protecting trade secrets D. All of the above.
D. All of the Above
A forensic workstation should always have a direct broadband connection to the Internet. True or False?
False
Digital forensics facilities always have windows. True or false?
False
Evidence storage containers should have several master keys. True or false?
False
If a visitor to your digital forensics lab is a personal friend, it's not necessary to have him or her sign the visitor's log. True or False?
False
A national organization that provides certification for computer crime investigators and digital forensics technicians.
High Tech Crime Network (HTCN)
List two popular certification systems for digital forensics.
IACIS, HTCN, EnCE, ISFCE
ISO standard for ASCLD lab requirements
ISO/IEC 17025:2005
Which org provides good info on safe storage containers?
NISPOM
What three items should you research before enlisting in a certification program?
Requirements, cost, and acceptability in your chosen area of employment.
A term referring to facilities that have been hardened so that electric signals from digital devices, computer networks, and telephones systems can't be monitored or accessed easily by someone outside the facility.
TEMPEST
What name refers to labs constructed to shield EMR emissions?
TEMPEST
Why is physical security so critical for digital forensics labs?
To maintain the chain of custody and prevent data from being lost, corrupted, or stolen
An employer can be held liable for e-mail harassment. True or False?
True
Your lab facility must be physically secure so that evidence is not lost, corrupted, or destroyed. True or False?
True
Large digital forensics labs should have at least ___ exits.
Two
Info collected at the federal, state, and local levels to determine the types and frequencies of crimes committed.
Uniform Crime Report
The first two sources of info you could use to determine the types of OSs needed in your lab are:
Uniform Crime Report statistics for your area and a list of cases handled in our area or at your company.
A document that provides justification to upper management or a lender for purchasing new equipment, software, or other tools when upgrading your facility. In many instances, a business case shows how upgrades will benefit the company.
business case
The process of keeping track of all upgrades and patches you apply to your computer's OS and applications.
configuration management
A ____________ is where you conduct investigations, store evidence, and do most of your work. You use the lab to house your instruments, current and legacy s/w, and forensic workstations. In general, you need a variety of digital forensics h/w and s/w.
digital forensics lab
A lab dedicated to digital investigations , typically, it has a variety of computers, OSs, and forensics software.
digital forensics lab
List 3 things a forensic workstation needs to have to deal with the common types of cases that come through your lab.
memory, storage, and ports
The process of determining how much risk is acceptable for any process or operation, such as replacing equipment.
risk management
A facility that can be locked and allows limited access to the room's contents.
secure facility