Forensics Ch 1

You are investigating a breach of a file server that resulted in several stolen files. Which federal law is most likely to apply?

18 USC 1030, Fraud and related activity in connection with computers

In a computer forensics investigation, describe the route that evidence takes from the time you find it until the case is closed or goes to court.

Chain of custody

Evidence need not be locked if it is at a police station.

False

Your roommate can give consent to search your computer.

False

Using "science and technology to investigate and establish facts in criminal or civil courts of law"

Forensics

Why should you note all cable connections for a computer you want to seize as evidence?

In case other devices were connected

Digital forensics is a more encompassing term

Includes forensics of cell phones, routers, global positioning system (GPS) devices, tablets, and many other devices

When cataloging digital evidence, the primary goal is to do what?

Preserve evidence integrity

If the computer is turned on when you arrive, what does the Secret Service recommend you do?

Shut down according to recommended Secret Service procedure

Which of the following is important to the investigator regarding logging?

The logging methods Log retention Location of stored logs

What is the essence of the Daubert standard?

The only tools or techniques that have been accepted by the scientific community are admissible in trial