Digital Forensics Exam 2

Ace your homework & exams now with Quizwiz!

IP Address

32 bit number that uniquely identifies a host on the internet using IPv4

Identity Theft

A criminal can use a variety of the online websites to determine someone's telephone number, address, and net worth by paying for an in-depth search. The criminal can view a person's residence (www.zillow.com ) and quickly decide on a plan to rob that house, if necessary, through the use of Google Earth

Cookies

A text file sent from a web server to a client computer for the purposes of identification and authentication. They can be used to track a user online

USB-Powered Hard Drive

Act as receptacles for evidence acquired from the suspect's hard disk drive

UltraBlock SATA/IDE WRITE-BLOCKER

Allows an individual to read data from a device, such as a hard drive, without writing to that device

All Writs Act

Authorizes federal courts to issue order necessary to aid jurisdictions and agents with professional duties under appropriate principles of law

Windows Registry

Can be used to determine what websites a user has visited

Forensic Tools

Cloud Analyzer, Magnet Internet Evidence Finder, X1 Social Discovery

Gorilla Mail

Disposable temporary email address

DriveSpy

Drive Info

Forensic disk image file formats

E01, DD, RAW

Virginia v Baust

Holding: 5th amendment case; thumbprint entry (physical) is okay, passcode entry is not (testimonial)

In re Boucher

Holding: CP images already seen; foregone conclusion doctrine applies and individual prosecuted

Federal Law Enforcement Access to Personal Information

Homeland Security Information Network & Data Network Director of National Intelligence - National Counterterrorism Center (NCTC) FBI - National Crime Information Center (NCIC) US Air Force - Threat and Local Observation Notice (TALON)

EnCase

Imaging and Analysis

FTK

Imaging and Analysis

X-Ways

Imaging and Filtering

List Databases Available to Law Enforcement to Profile a Suspect

Instant Messaging Evidence Groups Blogs Social Networking Websites

International Law Enforcement Access to Personal Information

Interpol - Fixed Interpol Network Database (FIND) Interpol - Mobile Interpol Network Database (MIND)

Blacklight

MAC OS imaging and analysis

Mac Marshal

MAC OS imaging and analysis

WinHex

Not forensically sound, ability to view edited files (deleted and damaged)

eDiscovery

Process of recovering electronically stored information (ESI) for the purpose of civil litigation

Fifth Amendment

Protection against self incrimination (nor shall be compelled in any criminal case to be a witness against himself)

SIM Card Reader

Reads SIM Cards off cell phones

Local Law Enforcement Access to Personal Information

Real Time Crime Center (RTCC) - NYPD database that stores large quantities of intelligence/information

Issuer Identification Number (IIN)

The first six digits of a credit card number

Electronic Medical Records

These contain a large amount of Personally Identifiable Information (PII). Cyberbullying Social Networking

Videos

Tools available include VideoTriage, Jing, Savevid.com, and Real Player

Credit Cards for Sale

Type the word "fullz" into any search engine, and you can see a list of websites that offer stolen credit card numbers for sale

Dictionary Attacks

Uses a predetermined list of words to decrypt data or authenticate a user

Screen Captures

Whether you use a personal computer or an Apple Mac, capturing what displays onscreen is relatively simple

ASCLD

a nonprofit organization that provides a set of guidelines and standards for forensic labs

preservation order

a request to a service provider to retain the records relating to a suspect

Extended Global Regular Expressions Print (EGREP)

allows for use of operators not found in basic GREP

The Link in the Chain

answers are incriminating if they "would in themselves support a conviction . . . [or] would furnish a link in the chain of evidence needed to prosecute" the defendant

Static IP Address

assigned by ISP for a fixed time period or permanently

Dynamic IP Address

assigned by Internet Service Provider every time a user connects to the internet

Linux

can be used to extract evidence from a device operating system is typically free

expert witness

can create an investigative report or review the findings of an investigative report and then interpret those findings based on specialized education, training, and knowledge

bootable OS tool/live system

capture the contents of a RAM. RAM can be a treasure trove of evidence, including user passwords, Internet activity, running processes, and other important evidence

Brute Force Attack

checks all possible keys to decrypt data

Virtual Machine

computer running software that allows for an instance of an operating system (s) without making any actual changes to the user's computer (VMware)

Anti-Static Bag

contain computing devices and prevent any type of evidence contamination due to the magnetic nature of hard drive platters A forensic disk image file format designed by Guardian Software- Eo1

Skimmer

electronic device used to capture the data from the magnetic stripe on a debit, credit, or prepaid card

TORR

free open source software and an open network originally developed by the US Navy, that enables a user to surf the Internet with anonymity

Fast Global Regular Expressions Print (FGREP)

interprets characters literally and is faster than GREP

Live Forensics

investigating a computer while it is turned on

Parasite

point-of-sale skimmer

File Carving

process of identifying a file by certain characteristics, such as file header or footer

EnScript

programming tool which allows examiners to develop or run their own analysis functions (ie. - carving for images & videos)

Firmware

programs that control electronic devices (works closely w/ OS & Hardware)

Acts of Production Doctrine / Foregone Conclusion

self-incrimination to the extent that the individual's act of production provides information not already in the hands of law enforcement personnel about the (1) existence; (2) custody; or (3) authenticity, of the documents or materials produced

Scientific Working Group on Digital Evidence (SWGDE)

sharing research and setting standards (Best Practices)

ASCLD/LAB

strives to maintain certain standards for forensics labs, including standards that govern the behavior and practices of lab employees and their managers

Lay Witness

testifies about the facts/cannot give an opinion about the case

Self-Incrimination

the constitutional right of a person to refuse to answer questions or otherwise give testimony against himself or herself a responsive answer to the question or an explanation of why it cannot be answered might be dangerous because injurious disclosure could result

ATM skimmer

used to capture data from the magnetic stripe on credit cards or ATM cards. The ATM has a false front to capture this data

Dictionary Attack

uses a predetermined list of words to decrypt data or authenticate a user

Global Regular Expressions Print (GREP)

utility used to extract data using pattern matching


Related study sets

CPTD: Emotional Intelligence & Decision Making Questions

View Set

Chapter 53: Assessment of Kidney and Urinary Function

View Set

Econ 202 Quiz questions: Chapters 9-15

View Set

World Civ II Chapters 16 - 21 Review

View Set

Business Chapter 3 Doing Business in Global Markets

View Set

Spontaneous and Induced Mutations

View Set