Computer Forensics Final

public private community hybrid

four types of cloud deployments

reconstruction

process of rebuilding data files

private

type of cloud deployment that can be accessed only by people who have the necessary credentials

hybrid

type of cloud deployment that enables a company to keep some information private and designate other files as public or private information

community

type of cloud deployment that is a way to bring people together for a specific purpose

public

type of cloud deployment that is accessible to anyone

MAC address

unique serial number assigned to each network adapted, making it possible to deliver data packets to a destination within a subnetwork

chain of custody

Route the evidence takes from the time you find it until the case is closed or goes to court

volatile storage

The entire contents of this type of memory are erased when you turn off the computer; like RAM

cloud computing

A computing storage system that provides on-demand network access for multiple users and can allocate storage to users to keep up with changes in their needs

static acquisition

A data acquisition method used when a suspect drive is write-protected and can't be altered. If disk evidence is preserved correctly, static acquisitions are repeatable.

search warrant

A written authorization from a court specifying the area to be searched and what the police are searching for.

BIOS

Basic Input/Output System; responsible for loading the OS

encrypted

Encoded; converted from one system of communication to another

IaaS

Infrastructure as a Service; customers can rent hardware and install whatever OSs and applications they need; the whole IT infrastructure goes into someone else's computer (in the cloud)

PaaS

Platform as a Service; an OS has been installed on a cloud server; doesn't live in your data center, lives in other people's computers

SaaS

Software as a Service; applications are delivered via the internet; google apps

Non-volatile storage

Storage which does not lose its contents when the power is removed

windows registry

a file that keeps track of all hardware and software configuration settings, network connections and user preferences

Steganography

a method of hiding data by using a host file to cover the contents of a secret message

cluster search

a search which looks for a keyword in all data, including unallocated data

disk partition

a section of a hard disk drive that is treated as a separate storage unit; logical drive

bitmap graphics

a series of pixels on a grid, and each dot/pixel have a particular color value in RGB sector; dependent on screen resolution for its image quality

validation and verification

a way to confirm that the tool is functioning as intended & the processes of proving that two sets of data are identical using hash

sparse data copy

acquisition method that captures only specific files of interest but also collects fragments of unallocated data

logical disk to disk

acquisition method that captures only specific files of interest to the case

disk to disk

acquisition method that copies the entire disk to a similar disk, creating two identical copies

disk to image

acquisition method that creates a bit for bit replication of the original drive

creating the contents of a file

application program's responsibilities

reporting

bookmarking and tagging, log reports, timelines, report generators

metafile graphics

combination of bitmap and graphic; picture taken with a camera is bitmap graphic and then putting it in a program like adobe illustrator which can do vector graphics

metadata

data about data

live acquisition

data acquisition method used when a suspect computer can't be shut down to perform acquisition; captured data might be altered because it is not write-protected; not repeatable because data is continually being changed because machine is on

file system

determines the way an operating system stores files on a disk

application program

does not write files to the disk but is responsible for making those files

Insertion Steganography

hidden data is not displayed when viewing the host file in its associated program

steganography

hides information inside image files

mac OS

hierarchical file system, data fork and resource fork; HFS and HFS+ came before this

unix OS

multi-user multi-thread secure OS; four components: boot block, super block, inode block, data block

HFS+

newest file system for apple

Plain View Doctrine

objects in plain sight where the officer has the right to be in the position are admissible in court

organizing and saving files to the disk

operating system's responsibilities

NTFS

proprietary file system developed by microsoft

RAID

redundant array of independent disks; a computer configuration involving two or more physical disks

substitution steganography

replaces bits of the host file with other bits of data

computer forensic science

science used to discover evidence for the court of law in a criminal or civil case

operating system

software that controls the operation of a computer and directs the processing of programs

OS

starts with power, responsible for talking to devices, managing the devices, managing the file system, memory management

computer forensics

the application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence

acquisition

the process of creating and duplicating an image of the data

extraction

the process of pulling relevant data from an image and recovering data fragments

SaaS PaaS IaaS

three main service levels of the cloud

virtual machine

used extensively in organizations and are a common part of forensic investigations . Investigators must be familiar with file extensions that indicate the existence of them; they help offset the hardware costs for companies and are handy when you want to run legacy or uncommon OS's or software

vector graphics

uses lines and it uses mathematical formulas to calculate the lines; can be resized without looking pixelated