MID 1 - Computer Forensics

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Computer investigations and forensics fall into the same category: public investigations. (T/F)

F

The most common and flexible data-acquisition method is ____. Disk-to-image file copy Sparse data copy Disk-to-disk copy Disk-to-network copy

Disk-to-image file copy

The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence. Department of Defense Computer Forensics Laboratory (DCFL) Computer Analysis and Response Team (CART) DIBS Federal Rules of Evidence (FRE)

Computer Analysis and Response Team (CART)

To be a successful computer forensics investigator, you must be familiar with more than one computing platform. (t/f)

T

Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive. (T/F)

T

What are the advantages and disadvantages of using raw data acquisition format? (short answer)

Advantages - 1) Fast data transfers, 2) Ignores minor data read errors on source drive, and 3) Most computer forensics tools can read raw format (Universal);; Disadvantages- 1)Requires as much storage as original disk or data and 2) Tools might NOT collect marginal (bad) sectors

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. Data recovery Network forensics Disaster recovery Computer forensics

Data recovery

If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available. (t/f)

F

The law of search and seizure protects the rights of all people, excluding people suspected of crimes. (T/F)

F

By the early 1990s, the ____ introduced training on software for forensics investigations. FLETC IACIS CERT DDBIA

IACIS

Linux ISO images that can be burned to a CD or DVD are referred to as ____. Forensic Linux Linux in a Box Linux Live CDs ISO CDs

Linux Live CDs

After a judge approves and signs a search warrant, it is ready to be executed, meaning you can collect evidence as defined by the warrant. (T/F)

T

By the 1970s, electronic crimes were increasing, especially in the financial sector. (T/F)

T

The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure. (T/F)

T

The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file. (t/f)

T

Briefly describe the triad that makes up computer security. (Short answer)

Triad - 1) Vulnerability/Threat assessment and risk management, 2) Intrusion detection and incident response, and 3) Digital investigations

What are some of the most common types of private-sector computer crime? (short answer)

Wrongful termination E-mail harassment Falsification of data Gender and age discrimination Embezzlement Sabotage Industrial espionage

In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____. exhibit report blotter litigation report affidavit

affidavit

Sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence (matching) affidavit case law digital forensics industrial espionage interrogation

affidavit

Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. allegation prosecution blotter litigation

allegation

In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. line of right authority of right authorized requester authority of line

authorized requester

Allows legal counsel to use previous cases similar to the current one because the laws don't yet exist (matching) affidavit case law digital forensics industrial espionage interrogation

case law

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions. fdisk raw dd man

dd

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data (matching) affidavit case law digital forensics industrial espionage interrogation

digital forensics

Involves selling sensitive or confidential company information to a competitor (matching) affidavit case law digital forensics industrial espionage interrogation

industrial espionage

The process of trying to get a suspect to confess to a specific incident or crime(matching) affidavit case law digital forensics industrial espionage interrogation

interrogation

Published company policies provide a(n) ____ for a business to conduct internal investigations. line of authority litigation path line of allegation allegation resource

line of authority

The ____ command displays pages from the online help manual for information on Linux commands and their options. hlp man inst cmd

man

The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. challenged recorded notarized examined

notarized

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools. AFD proprietary raw AFF

proprietary

In general, a criminal case follows three stages: the complaint, the investigation, and the ____. litigation allegation blotter prosecution

prosecution

If your time is limited, consider using a logical acquisition or ____ acquisition data copy method. disk-to-image sparse lossless disk-to-disk

sparse

A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. line of authority right banner warning banner right of privacy

warning banner

Microsoft has added ____ with BitLocker to its newer operating systems, which makes performing static acquisitions more difficult. whole disk encryption backup utilities NTFS recovery wizards

whole disk encryption


Kaugnay na mga set ng pag-aaral

micro Ch 5: Consumers and Incentives

View Set

**Dependent Personality Disorder

View Set

What are the 4 Components of the Marketing Mix?

View Set

Research Methods: CITI Training questions

View Set

Science Multiple Choice Questions

View Set

今天几月几号?What's The Date Today? (PinYin)

View Set

Fortinet NSE 4 7.0 Lesson 3: Firewall Policies

View Set

DATA SYSTEMS ADMINISTRATION - D330 (All Questions from Chapter 8-10, 12-15, and 17)

View Set