Forensic Science #7 Computer Forensics
Why would a forensic computer examiner run such an algorithm?
Typically used to verify that an acquired image of suspect data was not altered during the process of imaging
What is the purpose of a Message Digest 5 (MD5)/Secure Hash Algorithm (SHA)?
Used to verify the integrity of data
List the two main types of evidentiary computer data.
Visible and latent data
Because RAM is not permanent, and its contents are for- ever lost once power is taken away from the computer, what is it also referred to as?
Volatile memory
Where were the BTK killer murders located?
Wichita, Kansas
Who did the BTK killer target?
Women who lived alone in neighborhoods
Name two situations in which an investigator would not immediately unplug a computer at an electronic crime scene.
1.) if encryption is being used and pulling the plug will encrypt the data, rendering it unreadable without a password or key 2.) if data exists in RAM that has not been saved to the HDD, and will thus be lost if power to the system is discontinued.
What year did the first BTK killer murder occur?
1974
What is the smallest unit of information on a computer?
A bit
What do eight bits constitute?
A byte
What machine takes a picture of the hard drive?
A duplicator
What is a FAT and what purpose does it serve?
A file allocation table. It tracks the location of files and folders on the hard disk drive
What is swap space?
A file or defined space on the HDD to which data is written, or swapped, to free RAM for applications that are in use
What two things did the BTK killer send to a TV station?
A poem and a letter
What carries data from one hardware device to another?
A system bus
What aspects of a computer should be photographed close up at an electronic crime scene?
Any running computer monitor, all the connections to the main system unit, such as peripheral devices (keyboard, monitor, speakers, mouse, and so on), equipment serial numbers
What is slack space?
Empty space on a hard disk drive created be- cause of the way the HDD stores files
What is firmware?
Programs stored on ROM chips used to start the boot process and configure a computer's components
What type of memory stores software programs and instructions while the computer is turned on?
Random Access Memory (RAM)
What is another name for firmware?
BIOS/basic input-output system
Why is firmware important to forensic computer investigation?
Because it allows investigators to control the boot process to some degree
What does BTK stand for?
Bind-Torture-Kill
What vehicle did the BTK killer drive?
Black Jeep Cherokee
How are clusters and sectors related to one another?
Clusters are groups of sectors
What was the sentence for the BTK killer?
Consecutive life sentences/ 105 years
What effect does fragmentation have on a hard disk drive (HDD)?
Degrade the perfor- mance of a HDD, causing the read/write heads to have to traverse the plat- ters to locate the data
What is the BTK killer's full name?
Dennis Radar
What are CDs, DVDs, and other containers for programs that are loaded into the memory of a computer referred to as?
External Computer Media
What does ransomware allow?
For hackers to access everything on your electronic devices
What is the primary storage device on most computers?
Hard Disk Drive
What is the difference between hardware and software?
Hardware: The physical components of a computer: case, keyboard, monitor, motherboard, RAM, HDD, mouse, and so on Software: A set of instructions compiled into a program that performs a particular task
What did the BTK killer do to fulfill his desires when he wasn't committing a murder?
He hung himself, took photos, and then masturbated to those photos
What slip up caused the police to reveal the name of the BTK killer?
He sent a floppy disk to the police, which revealed the name of the person and location where the floppy disk was used.
What was the BTK killer's daily job?
Installing locks and security in homes
Why are hackers techniques different?
It differs because of their location
What is the role of the computer's operating system (OS)?
It provides the user with a working environment and facilitates interaction with the system's components.
Who was the head of the BTK killer case?
Lieutenant Landwer
Was the BTK killer a secreter or non-secreter?
Non-secreter
What are sectors and clusters?
Sectors: The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes. Clusters: A group of sectors in multiples of two; typically the minimum space allocated to a file.
In what condition were the corpses of the Otara family found?
Strangled and face down in bed Joesphine was hung
Who was the BTK killer's first kill?
The Otara Family
What part of a computer actually does the computing?
The central processing unit (CPU)
What is a computer's motherboard?
The main system board of a computer (and many other electronic devices) that delivers power, data, and instructions to the computer's components.
What is formatting?
The process of preparing a hard disk drive to store and retrieve data in its current form
Why must a hard disk drive be formatted?
To accept the data in it's current form
What is the primary goal in obtaining data from a HDD?
To do so without altering even one bit of data
Why would investigators want to copy blank or unused portions of the HDD?
To preserve latent data
What is malware?
software that is used for malicious intent
