Final 165
Jurors typically average just over ____ years of education and an eighth-grade reading level.
12
When cases go to trial, you as a forensics examiner can play one of ____ roles.
2
If your CV is more than ____ old, you probably need to update it to reflect new cases and additional training.
3 months
If a microphone is present during your testimony, place it ____ to eight inches from you.
6
People who want to hide data can also use advanced encryption programs, such as PGP or ____.
BestCrypt
____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.
Brute-force
For forensics examiner, keeping the ____ updated and complete is crucial to supporting your role as an expert and showing that you're constantly enhancing your skills through training, teaching, and experience.
CV
____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity.
Digital forensics tools, hexadecimal editors
Marking bad clusters data-hiding technique is more common with ____ file systems.
FAT
AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.
KFF
Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values.
MD5
To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes.
NSRL
A password recovery program available from AccessData
PRTK
____ recovery is becoming more common in digital forensic analysis.
Password
____ from both the plaintiff's and defense's attorneys is an optional phase of the trial. Generally, it's allowed to cover an issue raised during cross-examination of a witness.
Rebuttal
WinHex provides several hashing algorithms, such as MD5 and ____.
SHA-1
____ alters hash values, which makes cracking passwords more difficult.
Salting passwords
Discuss any potential problems with your attorney ____ a deposition.
before
The data-hiding technique ____ changes data from readable code to data that looks like binary executable code.
bit-shifting
Statements that organize the evidence and state the applicable law.
closing argument
Sometimes opposing attorneys ask several questions inside one question; this practice is called a ____ question.
compound
The practice of opposing attorneys trying to prevent you from testifying by claiming you have discussed the case with them and, therefore, have a conflict of interest.
conflicting out
____ is an attempt by opposing attorneys to prevent you from serving on an important case
conflicting out
Limit a civil investigation
court orders for discovery
The original file with no hidden message
cover media
An extensive outline of your professional history that includes education, training, work, and what cases you have worked o as well as training you have conducted or contributed to.
curriculum Vitae (CV)
A ____ differs from a trial testimony because there is no jury or judge.
deposition
Give the opposing counsel a chance to preview your testimony before trial.
deposition
Program used to clean all data from the target drive you plan to use
digital intelligence PDWipe
You provide ____ testimony when you answer questions from the attorney who hired you.
direct
The ____ is the most important part of testimony at a trial.
direct examination
There are two types of depositions: ____ and testimony preservation.
discovery
The opposing attorney sets the deposition and often conducts the equivalent of both direct and cross-examination. A discovery deposition is considered part of the discovery process.
discovery deposition
One way to hide partitions is with the Windows disk partition utility, ____.
diskpart
____ evidence is evidence that exonerates or diminishes the defendant's liability.
exculpatory
This type of testimony reports opinions based on experience and facts gathered during an investigation.
expert witness
This type of testimony reports only the facts (findings of an investigation); no opinion is given in court.
fact witness
Validate your tools and verify your evidence with ____ to ensure its integrity.
hash algorithms
Data ____ involves changing or manipulating a file to conceal information.
hiding
Defines the investigation's goal and scope, the materials needed, and the tasks to perform
investigation plan
You begin a digital forensics case by creating a(n) ____.
investigation plan
Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
key escrow
A pretrial motion to exclude or limit the use of certain evidence because its potential to prejudice the jury would exceed its probative value.
motion in limine
____ is a written list of objections to certain testimony or exhibits.
motion in limine
Generally, the best approach your attorney can take in direct examination is to ask you ____ questions and let you give your testimony.
open ended
Progressing to make any current encryption schemes obsolete
quantum computing
A file containing the hash values for every possible password that can be generated from a computer's keyboard
rainbow table
Designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure
salting passwords
____ increases the time and resources needed to extract, analyze, and present evidence.
scope creep
Leading questions such as "Isn't it true that forensics experts always destroy their handwritten notes?" are referred to as ____ questions.
set up
The converted cover-media file that stores the hidden message
stage-media
The term ____ comes from the Greek word for "hidden writing."
steganography
____ is defined as hiding messages in such a way that only the intended recipient knows the message is there.
steganography
Regarding a trial, the term ____ means rejecting potential jurors.
strikes
In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover.
subpoenas
When you give ____ testimony, you present this evidence and explain what it is and how it was obtained.
technical/scientific
A deposition held to preserve your testimony in case of schedule conflicts or health problems; it's usually video recorded in addition to the written transcript.
testimony preservation deposition
One of the most critical aspects of computer forensics
validating digital evidence
In this qualification phase of testimony, your attorney asks you questions to elicit the qualifications that make you an expert witness.
voir dire
Criminal investigations are limited to finding data defined in the search ____.
warrant
