Computer Forensics Chapter 2
Certified Forensic Computer Examiner (CFCE)
A certificate awarded by IACIS at completion of all portions of the exam
Certified cyber forensics professional (CCFP)
A certification form the ISC for completing the education and work experience and passing the exam
Which organization has guidelines on how to operate a digital forensics lab?
ASCLD
Building a business case can involve which of the following
All of the above
List two populare certification systems for digital forensics
IACIS HTCN EnCE ISFCE
Document with justification to management/lender for facility upgrades
Business Case
Certification from ISFCE
Certified Computer Examiner.
What certification program, sponsored by ISC2, requires knowledge of digital forensics, malware analysis, incident response, e-discovery, and other disciplines related to cyber investigations?
Certified Cyber Forensics Professional
Certificate awarded by IACIS
Certified Forensic Computer Examiner (CFCE)
Candidates who complete the IACIS test successfully are designated as a _______.
Certified Forensic Computer Examiner (CFCE)
Process of tracking of all upgrades and patches applied to computer's OS and applications
Configuration Mangement
Which tool below is not recommended for use in a forensics lab?
Degausser
How often should hardware be replaced within a forensics lab?
Every 12 to 18 months
A forensic workstation should always have a direct broadband connection to the Internet
FALSE
Digital forensics facilities always have windows
FALSE
Evidence storage containers should have several master keys.
FALSE
If a visitor ot your digital forensics lab is a personal friend, it's not necessary to have him or her sign the visitor's log?
FALSE
The ASCLD mandates the procedures established for a digital forensics lab
FALSE
Which file system below is utilized by the Xbox gaming system?
FATX
A Faraday Cage acts as an evidence locker or safe to preserve the integrity of evieence.
False
Because they are outdated, ribbon cables should not be considered for use within a forensics lab.
False
The shielding of sensitive computing systems and prevention of electronic eavesdropping of any computer emissions is known as FAUST by the US Department of Defense
False
Universal Crime Records are generated as the federal, state and local levels to show the types and frequency of crimes commited.
False
Provides certification for computer crime investigators and digital forensics technicians.
High Tech Crime Network (HTCN)
_______ is a specialized viewer software program.
Irfan View
The manager of a digital fornesics lab is responsible for which of the following?
Making necessary changes in lab procedures and software Ensuring that staff members have enough training to do the job Knowing the lab objectives
Which organization provides goo dinformation on safe storage containers?
NISPOM
_______ describes the characteristics of a safe storage container.
NISPOM
_______ can be used to restore backup files directly to a workstation.
Norton Ghost
What items should your business plan include?
Physical security items, such as evidence lockers how many machines are needed what OS your lab commonly examines why you need certain software
What three items should you research before enlisting in a certification program?
Requirements cost acceptaility in your chosen area of employment
Which option below is not a recommendation for securing storage containers?
Rooms with evidence containers should have a secured wireless network.
What name refers to labs constructed to shield EMR emissions
TEMPEST
An employer can be help liable for email harassment
TRUE
Why is physical security so critical for digital forensics labs?
To maintain the chain of custody and prevent data from being lost, corrupted, or stolen
A business case is a plan that can be used to sell your services to management or clients, in which a justification is made for acquiring newer and better resources to investigate digital forensics cases.
True
A disaster recovery plan ensures that workstations and file servers can be restored to their original condition in the event of a catastrophe.
True
As part of a business case, acquisition planning requires researching differnect products to determine which one is the best and most cost effective.
True
Linux Live CDs and WinFE disks do not automatically mount hard drives, but can be used to view file systmes.
True
The American Society of Crime Laboratry Directors (ASCLD) provides guidleines to members for managing a forensics lab and acquiring crime and forensics lab accreditation.
True
The recording of all updates made to a workstation or machine is referred to as configuration management.
True
Large digital forensics labs should have at least ______ exits?
Two
To determine the types of operating systems needed in your lab, list two sources of information you could use.
Uniform Crime Report statistics for your area and a list of cases handled in your area or at your company
Certified Computer Examiner (CCE)
a certification from the Interantional Society of Forensic Computer Examiners
business case
a document that provides justification to upper management or a lender for purchasing new equipment, software, or other tools when upgrading your facility.
secure facility
a facility that can be locked and allows limited access to the room's contents
digital forensics lab
a lab dedicated to digital investigations
High Tech Crime Network (HTCN)
a national organization that provides certification for computer crime investigators and digital forensics technicians
American Society of Crime Laboratory directors (ASCLD)
a national society that sets the standards, management, and autdit procedures for las used in crime analysis, including digital forensics labs used by the police, FBI and simiar organizations
TEMPEST
a term referring to facilities that have been hardened so that electrical signals form digital devices, computer network, sand telephone systems can't be monitored or accessed easily by someone outside the facility
Uniform Crime Report
information collected at the federal, state and local levels to determine the types of frequencies of crimes commited
Typically a _________ lab has a separate storage area or room for evidence
regional
risk management
the process of determining how much risk is acceptable for any process or operation, such as replacing equipment
configuration management
the process of keeping track of all upgrades and patches you apply to your computer's OS and applications
In order to qualify for the Advanced Certified Computer Forensic Technician certification, a candidate must have _______ years of hands-on experience in computer forensics investigations.
five