Computer Forensics
Disaster Recovery
involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.
Data recovery
involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
check fraud.
The most common computer-related crime is
physical
Courts consider evidence data in a computer as x evidence
business
Generally, computer records are considered admissible if they qualify as a x record.
hearsay
Most federal courts have interpreted computer records as x evidence.
clusters
In Microsoft file structures, sectors are grouped to form x, which are storage allocation units of one or more sectors.
line of authority
Published company policies provide a(n) for a business to conduct internal investigations.
TIF
The image format XIF is derived from the more common x file format.
investigation plan.
You begin any computer forensics case by creating a(n) x
graphics editors
You use x to create, modify, and save bitmap, vector, and metafile graphics files.
F
Computer investigations and forensics fall into the same category: public investigations.
hazardous materials (HAZMAT)
Some computer cases involve dangerous settings. For these types of investigations, you must rely on the skills of x teams to recover evidence from the scene.
data acquisition
For computer forensics, is the task of collecting digital evidence from electronic media.
warrant
For most law-enforcement-related computing investigations, the investigator is limited to working with data defined in the search x.
T
For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.
F
ISPs can investigate computer abuse committed by their customers.
expectation of privacy
If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have a(n) x
1960's
The FOIA (Freedom of Information Act) was originally enacted in the
literary works
Under copyright laws, computer programs may be registered as x
pictoral, graphic, and sculptural.
Under copyright laws, maps and architectural plans may be registered as x
creating a disk-to-image file.
____ 68. The most common and flexible data-acquisition method is c
bookmarks
FTK and other computer forensics programs use x to tag and document digital evidence.
live
FTK provides two options for searching for keywords: indexed search and x search.
file
Drive slack includes RAM slack (found primarily in older Microsoft OSs) and x slack.
Windows 9x
During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older x or MS-DOS system.
preliminary
During the x design or approach to the case, you outline the general steps you need to follow to investigate the case.
reasonable suspicion
Every business or organization must have a well defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a x that a law or policy is being violated.
T
Bitmap images are collections of dots, or pixels, that form an image.
Master Boot Record (MBR)
On Windows and DOS computer systems, the x stores information about partitions on a disk and their locations, size, and other important items.
Partition Boot Sector,
On an NTFS disk, the first data set is the x which starts at sector [0] of the disk.
internet
The x is the best source for learning more about file formats and their associated extensions
initial-response field kit
With a(n) x you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.
carving or salvaging.
Recovering pieces of a file is called x
Steganography
x has also been used to protect copyrighted material by inserting digital watermarks into a file.
Computer Forensics
x involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases.
The Expert Witness format
x is the default format for acquisitions for Guidance Software EnCase.
Indexed
x search catalogs all words on the evidence disk so that FTK can find them quickly.
safety
Environmental and x issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.
curiosity
Evidence is commonly lost or corrupted through professional x, which involves police officers and other professionals who aren't part of the crime scene processing team.
full-featured hexadecimal editor, computer forensics tool
Getting a hash value with a x is much faster and easier than with a(n) x
repeatable findings.
In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as
supinas
In civil and criminal cases, the scope is often defined by search warrants or x, which specify what data you can recover.
prosecution.
In general, a criminal case follows three stages: the complaint, the investigation, and the
whole disk encryption
Microsoft has recently added (x) in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.
T
One way to examine a partition's physical level is to use a disk editor, such as Norton DiskEdit, WinHex, or Hex Workshop.
government agencies
Private-sector organizations include businesses and x that aren't involved in law enforcement.
sniffing
Real-time surveillance requires x data transmissions between a suspect's computer and a network server.
chain of custody
The basic plan for your investigation includes gathering the evidence, establishing the , and performing the forensic analysis.
bitshifting
The data-hiding technique x changes data from readable code to data that looks like binary executable code.
standard risk assessment.
The list of problems you normally expect in the type of case you are handling is known as the
Exchangable Image File (EXIF)
The majority of digital cameras use the x format to store digital pictures.
T
The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.
hexadecimal
The simplest way to access a file header is to use a(n) x editor
FBI Computer Analysis and Response Team (CART)
The was formed in 1984 to handle the increasing number of cases involving digital evidence.
live
There are two types of acquisitions: static acquisitions and x acquisitions.
T
To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
bit stream image
To create an exact image of an evidence disk, copying the to a target work disk that's identical to the evidence disk is preferable.
bookmark
To generate reports with the FTK ReportWizard, first you need to x files during an examination.
Email abuse
investigations typically include spam, inappropriate and offensive message content, and harassment or threats.
Bitmap
x images store graphics information as grids of individual pixels.
Insertion
x steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.
Substitution
x steganography replaces bits of the host file with other bits of data.
forensics copy.
A bit-stream image is also known as a(n)
T
Chain of custody is also known as chain of evidence.
metafile
A graphics program creates and saves one of three types of image files: bitmap, vector, or x.
bit-stream copy
A is a bit-by-bit copy of the original storage medium.
F
A nonsteganographic graphics file has a different size than an identical steganographic graphics file.
virtual machine
A x allows you to create a representation of another computer on an existing physical computer.
cylinder
A x is a column of tracks on two or more disk platters.
metadata
Records in the MFT are referred to as x.
police blotter
The x provides a record of clues to crimes that have been committed previously.
Fourth Amendment
The x to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.
Data compression
x is the process of coding of data from a larger form to a smaller form.
Geometry
x refers to a disk's structure of platters, tracks, and sectors.
sparse
If your time is limited, consider using a logical acquisition or (x) acquisition data copy method.
T
After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.
critique the case.
After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and
much easier than
Investigating and controlling computer incident scenes in the corporate environment is x in the criminal environment.
end user
A(n) is a person using a computer to perform routine tasks other than systems administration.
extensive-response field kit
A(n) x kid should include all the tools you can afford to take to the field.
exhibits
It's the investigator's responsibility to write the affidavit, which must include (evidence) that support the allegation to justify the warrant.
allegation
Based on the incident or crime, the complainant makes a(n), an accusation or supposition of fact that a crime has been committed.
T
By the 1970s, electronic crimes were increasing, especially in the financial sector.
T
If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.
live
If the computer has an encrypted drive, a (x) acquisition is done if the password or passphrase is available.
criminal
In a case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation.
affidavit.
In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n)
notarized
The affidavit must be under sworn oath to verify that the information in the affidavit is true.
data runs
The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are referred to as x
computer investigations
The group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.
F
The law of search and seizure protects the rights of all people, excluding people suspected of crimes.
limiting phrase
When an investigator finds a mix of information, judges often issue a(n) x to the warrant, which allows the police to separate innocent information from evidence.
U.S. Department of Justice (DOJ) Homeland Security Patriot Act Department of Defense
When seizing computer evidence in criminal investigations, follow the x standards for seizing digital data.
copyright
When working with image files, computer investigators also need to be aware of x laws to guard against copyright violations.
password -cracking software
When you are dealing with password protected files, you might need to acquire x or find an expert who can help you crack the passwords.
assessment and risk management
When you work in the vulnerability x group, you test and verify the integrity of standalone workstations and network servers.
Vector graphics
x are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.
Digital evidence
x can be any information stored or transmitted in digital form.
