Chapter 1 Flashcards
Digital forensics and data recover refer to the same activities.
False
Police in the United States must use procedures that adhere to which of the following amendments?
Fourth
The triad of computing security includes which of the following?
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.
What’s the purpose of maintaining a network of digital forensics specialists?
To allow you the ability to cultivate professional relationships with people who specialize in technical area different from your own specialty
Policies can address rules for which of the following? When you can log on to a company network from home, the internet sites you can or can’t access, the amount of personal e-mail you can send
All
List two items that should appear on a warning banner.
An organization has the right to monitor what end users do, and their e-mail is not personal and can be monitored
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.
False
List two types of digital investigations typically conducted in a business environment.
Espionage, and e-mail harassment
What is professional conduct, and why is it important?
It helps you remember what procedures were followed if the case ever goes to court. It can also be used as a reference if you need to remember how you solved a previous problem
What’s the purpose of an affidavit?
To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence
What are the necessary components of a search warrant?
The affidavit is a sworn statement of support of facts about or evidence of a crime which is submitted to a judge with the request for a search warrant before seizing evidence. This includes exhibits (evidence) that support the allegation to justify the warrant. The affidavit is then notarized under sworn oath to verify that the information in the affidavit is true. The affidavit, the warrant, and return of service are basically the order of the procedure
What are some ways to determine the resources needed for an investigation?
a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.
List three items that should be on an evidence custody form
Case number, name of the investigator assigned to the case, nature of the case, location where evidence was obtained, description of the evidence and so on.
Why should you do a standard risk assessment to prepare for an investigation?
It will help you prepare what materials and tools you will need in order to mitigate the risk of any failure to capture evidence. (To list problems that might happen when conducting your investigation.)
You should always prove the allegations made by the person who hired you. T or F?
F
For digital evidence, an evidence bag is typically made of anti static material. True or False?
T
Why should your evidence media be write-protected?
To ensure that data isn’t altered.
List three items that should be in your case report.
An explanation of basic computer and network processes, a narrative of what steps you took, a description of your findings, and log files generated from your analysis tools.
Why should you critique your case after it’s finished?
To improve your work
What do you call a list of people who have had physical possession of the evidence?
Chain of custody
Data collected before an attorney issues a memorandum for an attorney-client privilege case is protected under the confidential work product rule. True or False?
True
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.
Triad of computing security
To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence. What is the term?
affidavit
a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.
some ways to determine the resources needed for an investigation
allegation
a charge made against someone or something before proof has been found
a charge made against someone or something before proof has been found
allegation
approved secure container is
A fireproof container locked by a key or combination
A fireproof container locked by a key or combination
approved secure container
attorney-client privilege (ACP)
Communication between an attorney and client about legal matters is protected as confidential communications
Communication between an attorney and client about legal matters is protected as confidential communications
attorney-client privilege (ACP)
authorized requester
the person who has the right to request an investigation (Private-sector)
the person who has the right to request an investigation (Private-sector)
authorized requester
bit-stream copy
bit-by-bit duplicate of data on the original storage medium
bit-by-bit duplicate of data on the original storage medium
bit-stream copy
bit-stream image
the file where the bit-stream copy is stored
the file where the bit-stream copy is stored
bit-stream image
chain of custody
the route evidence takes from the time the investigator obtains it until the case is closed or goes to court