Cengage Chapter 1 - Understanding the Digital Forensics Profession and Operations Flashcards
A notarized document, given under penalty of perjury, that investigators create to detail their findings. This document is often used to justify issuing a warrant or to deal with abuse in a corporation. Also called a “declaration” when the document isn’t notarized.
affidavit
A charge made against someone or something before proof has been found.
allegation
A fireproof container locked by a key or combination.
approved secure container
Communication between an attorney and client about legal matters is protected as confidential communications. The purpose of having confidential communications is to promote honest and open dialogue between an attorney and client. This confidential information must not be shared with unauthorized people.
attorney-client privilege (ACP)
In a private-sector environment, the person who has the right to request an investigation, such as the chief security officer or chief intelligence officer.
authorized requester
A bit-by-bit duplicate of data on the original storage medium. This process is usually called “acquiring an image,” “making an image,” or “forensic copy.”
bit-stream copy
The file where the bitstream copy is stored; usually referred to as an “image,” “image save,” or “image file.”
bit-stream image
The route evidence takes from the time the investigator obtains it until the case is closed or goes to court.
chain of custody
A nonprofit group based in Seattle-Tacoma, WA, composed of law enforcement members, private corporation security professionals, and other security professionals whose aim is to improve the quality of high-technology investigations in the Pacific Northwest.
Computer Technology Investigators Network (CTIN)
Retrieving files that were deleted accidentally or purposefully.
data recovery
A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.
Digital Evidence First Responder (DEFR)
An expert who analyzes digital evidence and determines whether additional specialists are needed.
Digital Evidence Specialist (DES)
Applying investigative procedures for a legal purpose; involves the analysis of digital evidence as well as obtaining search warrants, maintaining a chain of custody, validating with mathematical hash functions, using validated tools, ensuring repeatability, reporting, and presenting evidence as an expert witness.
digital forensics
The process of conducting forensic analysis of systems suspected of containing evidence related to an incident or a crime.
digital investigations
Nonstatic bags used to transport computer components and other digital devices.
evidence bags
A printed form indicating who has signed out and been in physical possession of evidence.
evidence custody form
Evidence that indicates the suspect is innocent of the crime.
exculpatory evidence
Evidence used in court to prove a case.
exhibits
A workstation set up to allow copying forensic evidence, whether it’s on a hard drive, flash drive, or the cloud. It usually has software preloaded and ready to use.
forensic workstation
The ______________________ to the U.S. Constitution in the Bill of Rights dictates that the government and its agents must have probable cause for search and seizure.
Fourth Amendment
An environment in which employees can’t perform their assigned duties because of the actions of others. In the workplace, these actions include sending threatening or demeaning e-mail or a co-worker viewing pornographic or hate sites.
hostile work environment
Evidence that indicates a suspect is guilty of the crime he or she is charged with.
inculpatory evidence
Theft of company sensitive or proprietary company information often to sell to a competitor.
industrial espionage
An organization created to provide training and software for law enforcement in the digital forensics field.
International Association of Computer Investigative Specialists (IACIS)
The process of trying to get a suspect to confess to a specific incident or crime.
interrogation
A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation.
interview
The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take possession of evidence, and have access to evidence.
line of authority
An evidence custody form used to list all items associated with a case.
multi-evidence form
Detecting attacks from intruders by using automated tools; also includes the manual process of monitoring network firewall logs.
network intrusion detection and incident response
Behavior expected of an employee in the workplace or other professional setting.
professional conduct
Being able to obtain the same results every time from a digital forensics examination.
repeatable findings
The legal act of acquiring evidence for an investigation.
search and seizure
Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime.
search warrants
A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.
single-evidence form
The decision returned by a jury.
verdict
The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.
vulnerability/threat assessment and risk management
Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access.
warning banner
Financial crimes, including falsification of financial information, fraud, identify theft, intellectual property theft and piracy, embezzlement, and money laundering.
white-collar crimes
