Chapter 1: The Need for Computer Forensics Flashcards
Defining computer forensics, Understanding corporate forensic needs and law enforcement forensic, being a tryhard narc
Name some examples of electronic discovery items.
Electronic documents for litigation. Examples of such are e-mail، word-processing documents، plaintext files، database files، spreadsheets، digital art، photos، and presentations.
Who works under more restrictive rules، law enforcement officials or corporate employees?
“Law enforcement officials work under more restrictive rules than corporate agents or employees.”
Why is social engineering hard to prevent and detect?
“Because employers have very little influence over lack of common sense or ignorance on the part of employees. That said، employee education is the best counter against ignorance. Most business environments are fast-paced and service-oriented.”
Why aren’t incidents reported in many corporate environments?
Often due to the issue of legal liability. The “Let’s just quietly fix it” approach to security incidents is common in the corporate world.
What law was passed to avoid future accounting scandals such as those involving Enron and WorldCom?
The Sarbanes-Oxley Act، named for the two Congressmen who sponsored it، was passed to restore the public’s confidence in corporate governance by requiring chief executives of publicly traded companies to personally validate financial statements and other information.
Name some factors that help to determine which criminal cases get priority.
The Amount of Harm Inflicted، Crime Jurisdiction، Success of Investigation، Availability and Training of Personnel، Frequency
Name a good resource for computer forensic training for law enforcement.
The National Center for Missing and Exploited Children (NCMEC)،
To become a narc: Certified Computer Examiner (CCE)، The SANS Institute، International Association of Computer Investigative Specialists (IACIS)
In looking at the major concepts behind computer forensics، the main emphasis is on data recovery. To do that you must:
- Identify meaningful evidence
- Determine how to preserve the evidence
- Extract، process، and interpret the evidence
- Ensure that the evidence is acceptable in a court of law
What does computer forensic review entail?
Computer forensic review involves the application of investigative and analytical techniques to acquire and protect potential legal evidence; therefore، a professional within this field needs to have a detailed understanding of the local، regional، national، and sometimes even international laws affecting the process of evidence collection and retention.
Who is/was Alberto Gonzalez and what is he most famous for?
Alberto Gonzalez، 28، led a hacking and identity theft ring that compromised record-breaking numbers of credit cards. Gonzalez received the longest sentence imposed for criminal hacking to date. In March 2010، in separate cases، U.S. District Court judges sentenced Gonzalez to two 20-year prison terms for hacking into several retail networks and a major payment processor. The second prison sentence، 20 years and one day، was for two counts of conspiracy for assisting others in breaching the networks of card processor Heartland Payment Systems، supermarket chain، Hannaford Brothers Co. Inc.، and nationwide convenience store chain، 7-Eleven.
What would happen in a complex case if the jury، prosecutor، and judge did not understand computer-related evidence?
More likely than not، the defendant would end up getting away with the crime.
What is the hardest environment to control?
The hardest environment to control is the end user’s environment. Training and education are vital to any organization with computer users and Internet access.
Who is/was Mikalai Mardakhayeu and what is he most famous for?
In June 2010، Mikalai Mardakhayeu was arrested and charged for his alleged role in an online phishing scam. The international scam was designed to steal U.S. taxpayer income tax refunds. Mardakhayeu is a Belarusian national living in Massachusetts. He was charged with conspiracy and wire fraud.
Who is/was Robert Matthew Bentley and what is he most famous for?
In June 2008، a federal judge sentenced 21-year-old Robert Matthew Bentley to 41 months in prison and payment of $65،000 in restitution for conspiracy and computer fraud. Bentley and others (who are still being investigated) infected hundreds of computers in Europe with adware. The cost to detect and neutralize the adware was tens of thousands of dollars. Bentley and his co-conspirators were paid for installing the adware through a Western European-based operation called “Dollar Revenue.”
What is the difference between monitoring and checking logs?
The textbook doesn’t state this، but I thought it should be included in my own words. Monitoring is the process of observing in real time while checking logs is the process of looking at data retrospectivley.
