Chapter 1 Flashcards
What is the definition of forensics?
The use of science and technology to investigate and establish facts in criminal or civil courts of law
What is the subject of computer forensics?
The extraction of data in a consistent, scientific manner
What is latent evidence?
Evidence that can take many forms.
Laten = hidden such as fingerprints
What is the definition of computer forensics according to US-CERT?
Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts
What does computer forensics generally consider?
The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.
What is the objective of computer forensics?
To recover, analyze, and present computer-based material as evidence in a court of law
What devices can be the subject of computer forensics?
Both network servers, personal computers, laptops and smartphones, routers, tablets, printers, GPS devices
What is the goal of computer forensics?
To obtain evidence that can be used in some legal proceeding
What is the first step in computer forensics?
Understanding computer hardware
What is one issue with the current practice of forensics?
Too many individuals want to enter the field without adequate computer backgrounds
What is the basic knowledge required for mastering forensics?
Understanding of computer hardware
Understanding of the operating system
Understanding of computer networks
What is the assumption made while presenting the material in the book?
The reader has zero knowledge of computers
What is a key factor in becoming better at computer forensics?
Knowing more about computers and networks
What changes very slowly, if at all, in the field of computer forensics?
The various file systems and the role of volatile and non-volatile memory
What is the first step in computer forensics investigation?
Collecting the evidence
What determines if the evidence is admissible in court?
How you collect the evidence
What is the most time-consuming part of a forensic investigation?
Analyzing the data
What is the final step in a forensic investigation?
Presenting the evidence
What are the two most basic forms of presenting evidence in a forensic investigation?
Expert report and expert testimony
What is an expert report in the context of forensic investigation?
A document that lists the tests conducted, findings, and conclusions
What is included in an expert report along with the tests conducted, findings, and conclusions?
The expert’s curriculum vitae (CV)
What is the first step in creating an expert report?
Listing the expert’s qualifications
What is the purpose of an expert report in computer forensics?
To detail the analysis used and tools applied
What are the two scenarios in which an expert witness gives testimony?
Deposition and trial
What is U.S. Federal Rule 702 about?
Defining what an expert is and what expert testimony is
What does U.S. Federal Rule 703 state about an expert?
An expert may base an opinion on facts or data
What does U.S. Federal Rule 704 state about an expert’s opinion?
An expert’s opinion is not objectionable just because it embraces an ultimate issue
What does U.S. Federal Rule 705 state about an expert’s testimony?
An expert may state an opinion without first testifying to the underlying facts or data
What does U.S. Federal Rule 706 state about expert witnesses?
This rule covers the appointment of neutral experts used to advise the court
