Computer Forensics Chapter 1

Ace your homework & exams now with Quizwiz!

Digital Evidence Specialist

An expert who analyzes digital evidence and determines whether additional specialists are needed

Police in the United States must use procedures that adhere to which of the following?

Fouth Amendment

repeatable findings

beaing able to obtain the same resutls every time from a digital forensics examination

professional conduct

behaviro expected of an employee in the workplace or other professional setting

bit-stream copy

bit-by-bit duplicate of data on the origianl storage medium

3 Items that should be on an evidence custody form?

case number name of investigator assigned to the case nature of the case location where evidence was obtained description of the evidence

allegation

charge made against someone or something before proof has been found

attorney-client privilege (ACP)

communication between an attorney and client about legal matters is protected as confidential communications

netowrk intrustion detection and incident response

detecting attacks from intruders by using automated tools

computer technology investigator network (CTIN)

nonprofit group based in Seattle-Tacoma, WA composed of law enforcemetn members, private corporation security professionals, and other security professionals whose aim is to improve the quality of high-technology investigations in the Pacific Northwest

evidence bag

nonstatic bags, used to transport computer components and other digital devices

affidavit

notarized document, given under penalty of perjury, that investigators create to detail their findings

international association of computer investigative specialist (IACIS)

organization created to provide training and software for law enforcement in the digital forensics field

data recovery

retrieving files that were deleted accidentally or purposefully

fouth amendment

the fourth amendment to the US constitution in the bill or fights dictates that the government and its agnets must have probable cause for search and seizure

vulnerability/threat assessment and risk management

the group that determines the weakest points in a system

search and seizure

the legal act of acquiring evidence for an investigation

line of authority

the order in which people or positions are notified of a problem

digital investigations

the process of conducting forensics analysis of systems suspected of containing evidece related to an incident or a crime

interrogation

the process of trying to get a suspect to confess to a specific incident or crime

chain of custody

the route evidence takes from the time the investigator obtains it until the case is closed or goes to court

industrial espionage

theft of company sensitive or proprietary company information often to sell to a competitor

Why shoul dyoucritique your case after it's finished?

to improve your work

evidence custody form

A printed form indicating who has signed out o fbeen in physical possession of evidence

What are the necessary components of a search warrant?

A search warrant must specify who, what, when where, specifies on place, time, items being searched for Must be signed by an impartional judicial officer. Serach warrant can limit the scope of what can be seized

What is the purpose of an affidavit?

To provide facts in support of evidence of a crime to submit to a judge when requesting a search warant

forensic workstation

workstation set up to allow copying forensic evidence, whether it's on a hard drive, flash drive, or the cloud

What are some ways to determine the resources needed for an investiagation?

Determine the OS of the suspect computer and ist the software needed for the examination

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work produce rule.

FALSE

multi-evidence form

an evidence custody form used to list all items associated with a case

verdict

decision returned by a jury

Policies can address rules for which of the following?

Any of the above

What do you call alist of people who have had physical possession of the evidence?

Chain of custody

3 Items that should be in your case report.

Explanation of basic computer or network processes a Narrative of what steps Description ofo your finding Log Files generated from analysis tools

Digital forensics and data recovery refer to the same activities.

FALSE

Under normal circumstances, a private-sector investigator is considered an agent of law enorcement.

FALSE

You should always prove the allegations made by the person who hired you.

FALSE

List two types of digital investigations typically conducted in a business environment?

Fraud embezzlement, insider trading, espionage, and email harassment

What is a professional conduct, and why is it important?

Professional conduct includes ethics, morals, an dstandards of behavior. It affects your credibility

List two items that should appear on a warning banner.

Statements that the organization has the right to monitor what users do, that their email is not personal

For digital evidence, an evidence bag is typically made of antistatic material.

TRUE

What's the purpose of maintaining a network of digital forensics specialists?

To develop a list of colleagues who speacialize in areas different from your own specialities in case you need help on an investigation

Why shoul dyou do a standard risk assessment to prepare for an investiagation?

To list problems that might happen when conducting an investigation, which can help in planning your case

Why should evidence media be write-protected?

To make sure data isn't altered

The Triad of computing security includes which of the following?

Vulneraiblity/thread assessment, intrustion detection and incident response, and digitial investigation

interview

a conversation conducted to collect information from a witness or suspect about specific facts related to an investigation

hostile work envirnment

an environment in which employees cannot perform their asisgned duties because of the actions of others

digital forensics

applying investigative procedures for legal purpose

inculpatory evidence

evidence that indicates a suspect is guility of the crime with which he or she is charged

exculpatory evidence

evidence that indicates the suspect is innocent of the crime

exhibits

evidence used in court to prove a case

bit-stream image

file where the bit-stream coy is stored;

approved secure container

fireproof container locked by a key or combination

single-evidence form

form that dedicates a page for each item retrieved for a case

authorized requester

in a private-sector environment, the person who has the right to request an investigation, such as the chief security officer or chief intelligence officer

search warrants

legal documents that all law enforcemnt to search an office, home or other locale for evidence related to an alleged crime

Digital Evidence First Responder (DEFR)

professional who secures digital evidence at the scene an densure its viability while transporting it to the lab

warning banner

text displayed on computer screens when people log onto a company computer


Related study sets

General Behavioral Health Course Objectives, Diagnosis: Behavioral Health PA 604

View Set

Evolve: School-Age Childern (Lvl 3)

View Set

Principles of Microeconomics Exam1 Review Questions Ch 1-4

View Set

Fees billing collections and credit

View Set