COMPUTER FORENSICS

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

HOW DATA IS STORED

Generally speaking, an HDD needs to have its space defined before it is ready for use. Partitioning the HDD is the first step. When partitioned, HDDs are mapped (formatted) and have a defined layout.

RAM

Referred to as volatile memory because it is not permanent; its contents undergo constant change and are forever lost once power is taken away from the computer.

Motherboard

The main circuit board contained within a computer. The computer, aware that it may need certain data at a moments notice, stores the data in RAM.

FORENSIC IMAGE ACQUISITION 2

Because booting an HDD to its operating system changes many files and could potentially destroy evidentiary data, obtaining data is generally accomplished by removing the HDD from the system and placing it in a laboratory forensic computer so that a forensic image can be created.

Hardware

Comprises the physical components of the computer.

Software

Conversely, is a set of instructions compiled into a program that performs particular tasks on the hardware.

LATENT DATA

Data of which the operating system is unaware. The constant shuffling of data through deletion, defragmentation, swapping, and so on is one of the ways that data is orphaned in latent areas. Finally, when a user deletes files, the data typically remains behind.

Hard Disk Drive 2 (HDD)

Examiners must be familiar with the file system that they are examining. Evidence exists in many locations and in numerous forms on an HDD. The type of evidence can be grouped under two major sub-headings: visible and latent data.

THE BASICS

Hardware vs. software

IP ADDRESSES

IP addresses provide the means by which data can be routed to the appropriate location, and they also provide the means by which most Internet investigations are conducted. IP addresses take the form ###.###.###.###, in which, generally speaking, ### can be any number between 0 and 255.

TEMPORARY FILES AND SWAP SPACE

Temporary files, created by programs as a sort of "back-up on the fly," can also prove valuable as evidence. Finally, data in the swap space (utilized to conserve valuable RAM within the computer system) can yield evidentiary data.

VISIBLE DATA

The data of which the operating system is aware. Consequently, this data is easily accessible to the user.

INTRODUCTION

The use of computers and other electronic data storage devices leaves the footprints and data trails of their users. Computer forensics involves the preservation, acquisition, extraction, and interpretation of computer data.

FORENSIC IMAGE ACQUISITION

Throughout the entire process, the computer forensic examiner must adopt the method that is least intrusive. The goal of obtaining data from an HDD is to do so without altering even one bit of data.

Hard Disk Drive (HDD)

Typically the primary location of data storage within the computer. Different operating systems map out (partition) HDDs in different manners.


Ensembles d'études connexes

Overview of TCP/IP applications

View Set

Midterm: ATI Mental Health Unit 4 (Ch. 21-26) and Chapter 31 Practice Questions

View Set

Exam 3 Chapter 10 Warehousing Management (True/False)

View Set

COGS1000 - Introduction to Neuroscience 1

View Set

Preguntas de educacion civica del Examen de Naturalizacion

View Set

Geography - earthquakes and volcanoes - Y11

View Set

Intermediate Accounting Chapter 5

View Set