Chapter 1: Foundations of Digital Forensics

Question 1

Mujahiden Secrets 2

Answer 1

A tool developed by Islamist extremist to avoid detection and apprehension

Question 2

Positive aspect of increasing use of technologies by crminals

Answer 2

Abundance of digital evidence can be obtained to apprehend and prosecute criminal.

Question 3

Threat to life and limb

Answer 3

A provision in the USA patriot Act which enables Internet Service Provider to provide law enforcement with information quickly, without waiting for search warrant.

Question 4

Digital evidence

Answer 4

Any data stored or transmitted using a computer that support or refute a theory of how an offense occurred or that address critical elements of the offense such as intent or alibi.

Question 5

What can digital evidence reveal

Answer 5

How a crime was committed, provide investigative leads, disprove or support witness statements, and identify likely suspects.

Question 6

Three group of computer systems

Answer 6

1- Open computer systems : Systems comprised of hard drives, keyboard, and monitors, and servers that obey standards.

2-Communication systems : Traditional telephone systems, wireless telecommunication systems, internet, network

3- Embedded computer systems: Mobile devices, smart card, navigation system,

Question 7

What organizations anticipate by properly processing digital evidence

Answer 7

Protecting themselves against liabilities such as invasion of privacy and unfair dismissal claim.

Question 8

Term Forensic

Answer 8

Characteristic of evidence that satisfies its suitability for admission as fact and its ability to persuade based upon proof .

Question 9

Forensic Science

Answer 9

The application of science to investigation and prosecution of crime to the just resolution of conflict.

Question 10

What else forensic science provide in addition to scientific techniques and theories

Answer 10

Help reconstruct crimes and generate leads.

Question 11

Main goal in any ivestigation

Answer 11

To follow the trails that offenders leave during the commission of a crime and to tie perpetrators to the victims and crime scenes.

Question 12

Locard;s Exchange principle

Answer 12

Contact between two items will result in an exchange.

Question 13

Trace evidence

Answer 13

Is the evidence that is produced during the exchange between individual and crime scene.

Question 14

Categories of trait evidence

Answer 14

1- class characteristics : common traits in similar items
2- Individual characteristics: More unique, can be linked to a specific person or activity with greater certainty.

Question 15

Forensic Soundness

Answer 15

In order to be useful in an investigation, digital evidence must be preserved and examined in a forensically sound manner.

Question 16

Key to forensic soundness

Answer 16

Documentation

Question 17

Autentification

Answer 17

The process of ensuring that the recovered evidence is the same as the originally seized data,.

Question 18

How many steps are involved in autentification

Answer 18

Two steps :
1- Examination of the evidence to determine that it is what its proponent claims.
2- closer analysis to determine its probative value.

Question 19

Most important aspects of authentification

Answer 19

Maintaining and documenting the chain of custody.

Question 20

Potential consequences of breaking chain of custody includes:

Answer 20

Misidentification of evidence, contamination of evidence, lost of evidence or pertinent elements

Question 21

Purpose of integrity check

Answer 21

To show that evidence has not been altered from the time it was collected, thus supporting the authentication process.

Question 22

How integrity of evidence is checked in digital forensics

Answer 22

A comparison of the digital fingerprint for that evidence taken at the time of collection with the digital fingerprint of the evidence in its currents state.

Question 23

Message digest algorithm

Answer 23

Can be thought of a black box that accepts a digital object (file, program, or disk) and produces a number.

A message digest algorithm always produce the same number for a given input.

Also, a good message digest algorithm will produce a different number for different inputs.

Question 24

MD5 Alogorith

Answer 24

Takes as input a message arbitrary length and produce as output a 128-bit ‘fingerprint - unique characteristic” or “message digest”.

MD5 algorithm do not indicate that the associated evidence is reliable, as someone could have modified the evidence before the hash value was calculated..

Question 25

Objectivity in forensic analysis

Answer 25

Interpretation and presentation of evidence should be free from bias to provide decision makers the clearest view of the facts.

Question 26

Most effective approach to objectivity

Answer 26

1- Let the evidence speaks for it self as much as possible

2-Peer review process that assesses a forensic analyst’s finding from bias or any weakness.

Question 27

Evidence dynamics

Answer 27

Any influence that changes, relocates, obscures, or obliterates evidence regardless of intent between the time evidence is transferred and the time the case is resolved.