21.1 Introduction to Digital Forensics

Question 1

Digital forensics professionals must have a thorough understanding of:

Answer 1

• Hardware
• Operating systems
• Computer networks

Question 2

________ is a field dedicated to identifying, extracting, preserving, and reporting on information obtained from computer and network systems.

Answer 2

Digital forensics is a field dedicated to identifying, extracting, preserving, and reporting on information obtained from computer and network systems.

Question 3

What does Computer forensics investigators do?

Answer 3

Gather digital information for computer system investigations, producing criminal evidence that can be used in a court of law.

• Legal cases involve data theft, espionage, and cyberwarfare.
• This career field involves analyzing data found on hard drives, network communications, and cloud-based data communication systems, as well as the production of reports and possible testimony in a court of law.

Question 4

What do Computer forensics technicians do?

Answer 4

Digital detectives who work with law enforcement or government entities, or as private investigators.

• Use investigative and computer analysis techniques to acquire, analyze, and preserve digitized evidence to be used for legal purposes.
• Inspect storage media and retrieve corrupted and deleted files from computing storage media, such as hard drives, removable flash media, and mobile devices. This material is used in legal proceedings.

Question 5

What do Forensic computer analysts do?

Answer 5

Specialize in the recovery of deleted emails or other data that has been encrypted or deleted. This material is used in legal cases involving computer crimes.

• Evidence produced by forensic computer analysts is used by law enforcement to assist with ongoing investigations.
• Evidence may also be used in a court of law to help convict criminals involved in computer crimes with cases related to child pornography, drug sales, or corporate espionage, among others.

Question 6

A _________ is a documentation of the possession of evidence.

Answer 6

A **chain of custody** is a documentation of the possession of evidence.

Question 7

What is the Digital Forensic Process and what are all the steps?

Answer 7

1. Collection
2. Examination
3. Analysis
4. Reporting

Question 8

Explain the first step in the digital foresnsic process:

Answer 8

We must first collect the data before we can examine and analyze it. The collection phase is the springboard to the digital forensics process which includes identifying, labeling, recording, and acquiring data from sources while following procedures to preserve the integrity of the data.

Question 9

Explain the second step in the digital forensic process:

Answer 9

**Examination:** After we’ve collected the evidence, we begin the examination phase, which ensures that all data collected is relevant to the case. This includes forensically processing collected data and assessing and extracting data of interest while preserving the integrity of the data. This usually means working from a copy, rather than the original.