Chapter 1 Flashcards
What is the definition of forensics?
The use of science and technology to investigate and establish facts in criminal or civil courts of law
What is the subject of computer forensics?
The extraction of data in a consistent, scientific manner
What is latent evidence?
Evidence that can take many forms.
Laten = hidden such as fingerprints
What is the definition of computer forensics according to US-CERT?
Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts
What does computer forensics generally consider?
The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.
What is the objective of computer forensics?
To recover, analyze, and present computer-based material as evidence in a court of law
What devices can be the subject of computer forensics?
Both network servers, personal computers, laptops and smartphones, routers, tablets, printers, GPS devices
What is the goal of computer forensics?
To obtain evidence that can be used in some legal proceeding
What is the first step in computer forensics?
Understanding computer hardware
What is one issue with the current practice of forensics?
Too many individuals want to enter the field without adequate computer backgrounds
What is the basic knowledge required for mastering forensics?
Understanding of computer hardware
Understanding of the operating system
Understanding of computer networks
What is the assumption made while presenting the material in the book?
The reader has zero knowledge of computers
What is a key factor in becoming better at computer forensics?
Knowing more about computers and networks
What changes very slowly, if at all, in the field of computer forensics?
The various file systems and the role of volatile and non-volatile memory
What is the first step in computer forensics investigation?
Collecting the evidence
