MID 1 - Computer Forensics
Computer investigations and forensics fall into the same category: public investigations. (T/F)
F
The most common and flexible data-acquisition method is ____. Disk-to-image file copy Sparse data copy Disk-to-disk copy Disk-to-network copy
Disk-to-image file copy
The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence. Department of Defense Computer Forensics Laboratory (DCFL) Computer Analysis and Response Team (CART) DIBS Federal Rules of Evidence (FRE)
Computer Analysis and Response Team (CART)
To be a successful computer forensics investigator, you must be familiar with more than one computing platform. (t/f)
T
Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive. (T/F)
T
What are the advantages and disadvantages of using raw data acquisition format? (short answer)
Advantages - 1) Fast data transfers, 2) Ignores minor data read errors on source drive, and 3) Most computer forensics tools can read raw format (Universal);; Disadvantages- 1)Requires as much storage as original disk or data and 2) Tools might NOT collect marginal (bad) sectors
____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. Data recovery Network forensics Disaster recovery Computer forensics
Data recovery
If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available. (t/f)
F
The law of search and seizure protects the rights of all people, excluding people suspected of crimes. (T/F)
F
By the early 1990s, the ____ introduced training on software for forensics investigations. FLETC IACIS CERT DDBIA
IACIS
Linux ISO images that can be burned to a CD or DVD are referred to as ____. Forensic Linux Linux in a Box Linux Live CDs ISO CDs
Linux Live CDs
After a judge approves and signs a search warrant, it is ready to be executed, meaning you can collect evidence as defined by the warrant. (T/F)
T
By the 1970s, electronic crimes were increasing, especially in the financial sector. (T/F)
T
The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure. (T/F)
T
The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file. (t/f)
T
Briefly describe the triad that makes up computer security. (Short answer)
Triad - 1) Vulnerability/Threat assessment and risk management, 2) Intrusion detection and incident response, and 3) Digital investigations
What are some of the most common types of private-sector computer crime? (short answer)
Wrongful termination E-mail harassment Falsification of data Gender and age discrimination Embezzlement Sabotage Industrial espionage
In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____. exhibit report blotter litigation report affidavit
affidavit
Sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence (matching) affidavit case law digital forensics industrial espionage interrogation
affidavit
Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. allegation prosecution blotter litigation
allegation
In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. line of right authority of right authorized requester authority of line
authorized requester
Allows legal counsel to use previous cases similar to the current one because the laws don't yet exist (matching) affidavit case law digital forensics industrial espionage interrogation
case law
The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions. fdisk raw dd man
dd
The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data (matching) affidavit case law digital forensics industrial espionage interrogation
digital forensics
Involves selling sensitive or confidential company information to a competitor (matching) affidavit case law digital forensics industrial espionage interrogation
industrial espionage
The process of trying to get a suspect to confess to a specific incident or crime(matching) affidavit case law digital forensics industrial espionage interrogation
interrogation
Published company policies provide a(n) ____ for a business to conduct internal investigations. line of authority litigation path line of allegation allegation resource
line of authority
The ____ command displays pages from the online help manual for information on Linux commands and their options. hlp man inst cmd
man
The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. challenged recorded notarized examined
notarized
One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools. AFD proprietary raw AFF
proprietary
In general, a criminal case follows three stages: the complaint, the investigation, and the ____. litigation allegation blotter prosecution
prosecution
If your time is limited, consider using a logical acquisition or ____ acquisition data copy method. disk-to-image sparse lossless disk-to-disk
sparse
A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. line of authority right banner warning banner right of privacy
warning banner
Microsoft has added ____ with BitLocker to its newer operating systems, which makes performing static acquisitions more difficult. whole disk encryption backup utilities NTFS recovery wizards
whole disk encryption
