Computer Forensics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

6-step casey model

1.identification/assessment 2.collection/acquisition 3. preservation 4. examination 5. analysis 6. reporting

An affidavit

A written report is often submitted as what type of document?

inode

A(n) ________ is the smallest disk allocation unit in a UNIX filesystem.

logical

Acquiring iCloud backups is considered a(n) _________________ method of acquisition.

Phishing

An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information

Discovery

Anything an investigator writes down as part of examination for a report in a civil litigation case is subject to which action from the opposing attorney?

MAC address

Every network device has a uniquely identifiable address across networks supplied by the manufacturer called a(n)______________ .

Google Apps

Examples of software as a service (Saas) might be:

Clusters

In Microsoft file structures, sectors are grouped to form ________, which are storage allocation units of one or more sectors.

volume

In a Macintosh file system, a _________ is any storage medium used to store files.

True

In a UNIX or LINUX operating system, if a file contains information, it always occupies at least one allocation block.

Software as a service

In which cloud service level are applications delivered via the Internet?

True

Network logs record traffic in and out of a network.

CCFE

One of the most popular certification exams for the computer forensic profession is_________.

capture and analyze network communication

Packet analyzer tools, like WireShark, tcpdump and snoop can be used to accomplish which network forensic tasks?

dictionary file

Password cracking utilities generally use a(n) ______________ as a major source of passwords.

carving

Recovering file fragments is called ___________, also known as salvaging outside North America.

Pharming

Reroutes requests for legitimate websites to false websites

True

The CLOUD Act creates a modern legal framework for how law enforcement agencies can access data across borders.

fragments

The TCP/IP protocol breaks up large packets of data into ____________ in order to transmit them more reliably.

registry

The _____ is a database in Windows that stores hardware and software configuration information, network connections, user preferences (including usernames and passwords), and setup information.

encryption

The encoding of data into another form requiring unique information to read is called ________.

recovery certificate

The purpose of the __________ is to provide a mechanism for recovering encrypted files under EFS if there's a problem with the user's original private key.

False

Type 1 hypervisors are usually the ones you find loaded on a suspect machine.

True

Unlike a computer with platter based storage, images and artifacts deleted by a cell phone user are usually permanently deleted over time.

Devices or software placed on a network to monitor traffic

What are packet analyzers?

An affidavit

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant?

Live

What type of acquisition is done if the computer has an encrypted drive and the password or passphrase is available?

A hypothetical question based on available factual evidence

What type of question should an attorney ask to allow an investigator to offer an opinion?

Ext2

What was the early standard Linux file system?

Layered network defense

Which type of strategy hides the most valuable data at the innermost part of the network?

Snapshots

With cloud systems running in a virtual environment, what can be used to give the investigator valuable information before, during, and after an incident?

bad block inode

________ is where Linux stores information on bad sectors on a hard drive.

Geometry

________ refers to a disk's structure of platters, tracks, and sectors.

Patriot Act

allows interception of voice communications in computer hacking cases

plain view exception

apparent evidence in plain view can be seized without a warrant lawful arrest

3 c's of evidence

case, control, and chain of custody

active data

data intentionally remaining on the computer; hidden in plain sight

latent data

data unintentionally remaining on the computer; recoverable by forensic methods

chain of custody

full record of how the evidence was handled and who had access

computer forensics

involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis

aquisition

making a copy of a hard drive(two types: physical and logical)

Spoofing

misrepresenting oneself online

5th amendment

prevents self incrimination and being deprived of life, liberty, or property without due process of the law

4th amendment

protection against search & seizure

14th amendment

reinforces due process of the law

affidavit

sworn statement that explains the basis for the affiant's belief that the search is justified by probable cause

types of evidence

testimony of a witness, physical evidence, & electronic evidence

probable cause

the reasonable belief that a crime has been, is being, or is about to be committed - information written in an affidavit

Forensic Linguistics

where language and law intersect


Ensembles d'études connexes

Interpersonal Communication Chapter 9 (Managing Conflict in Relationships)

View Set

Project Management MINDTAP Assignment Questions

View Set

Health Policy Provisions, Clauses, and Riders

View Set

Assessment & Management of Patients w/ Eye & Vision Disorders

View Set

Med Surg 3 (EXAM 4) - Orthopedics

View Set

Cognitive Neuroscience Quizzes 5-8

View Set