Computer Forensics StudyGuide

The term "bit" is short for?

Binary digit

Hardware

Consists of the physical material that comprises a computer

Visible Data

Data from a computer that is openly visible and available to users

Temporary Files

Files temporarily written by an application to perform a function

What is not considered a software?

Floppy discs

The ultimate goal of obtaining an image of a hard disk drive is to?

Obtain information without altering the drive in any way

The first thing a crime scene investigator should do when enchanting computer forensic evidence is ?

Procure a warrant to search

Software

Programs and operations that are used by a computer

A cluster is a group of ______ in multiples of ______?

Sectors, two

Bit

Short for binary digit; takes the form of either a one or a zero, and is the smallest unit of information on a machine

One should not search for visible data in which of the following?

Temporary files

RAM Slack

The area beginning at the end of the logical file and terminating at the end of that sector; in some older operating systems, this area is padded with information in RAM

File Slack

The area that begins at the end of the last sector that contains logical data and terminates at the end of the cluster

Central Processing Unit

The central component of a computer where all of the data is processed

The primary form of data storage within a personnel computer is which of the following?

The hard disk drives

Hard Disk Drive

The location in a computer where data is stored and retrieved

Random Access Memory

The location in a computer where the operating system that is in use can be stored and retrieved for quick reference by the CPU

What is not considered a hardware device?

The operating system

Motherboard

The primary board that contains the circuitry for the computer

Partition

The process of dividing a hard disc drive into different independent sections

Sector

The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes

Operating System

The software that directs basic functions and operations within a computer

Unallocated Space

The space on a hard drive that contains available space; the space may also contain temporary and deleted files

Which of the following is one of the most common places to begin to look for evidential data?

The spreadsheet files

Which of the following is the best definition of latent data?

Those data that are hidden from view

Latent Data

Areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless

Internet

A computer network that provides information globally

Swap File

A file or defined space on the HDD to which data is written, or swapped, to free RAM for applications that are in use

Byte

A group of eight bits

Cluster

A group of sectors in multiples of two, typically the minimum space allocated in a file

Message Digest 5 Secure Hash Algorithm

A software algorithm used to "fingerprint" a file or contents of a disk; used to verify the integrity of data