Chapter 18&19 Flashcards
What is the biggest difference between traditional evidence and computer evidence?
Computer evidence is often intangible, requiring specialized tools to access and interpret, while traditional evidence is typically physical and directly observable.
How is cyber-crime defined?
Any illegal activity involving computers, networks, or digital devices, either as a target or a tool.
Why are most computer crimes not reported?
Fear of reputational damage.
Lack of awareness of the crime.
Concerns over security vulnerabilities being exposed.
Where is digital evidence often found?
Computers and mobile devices.
Servers and cloud storage.
Email accounts and social media platforms.
External storage devices (e.g., USB drives, hard drives).
What does spoofing refer to?
The act of disguising communication (e.g., email, IP address) to appear as if it originates from a trusted source.
What does phishing refer to?
A technique used to deceive individuals into providing sensitive information, such as passwords or credit card numbers, often via fake websites or emails.
What are the important considerations for maintaining the integrity of evidence on a cell phone?
Preventing remote wiping by placing the phone in airplane mode or using a Faraday bag.
Avoiding tampering with the device.
Proper documentation and chain of custody
What type of material should be used when packaging electronic evidence, and why?
Anti-static packaging, such as Faraday bags, to prevent electrostatic discharge and shield devices from remote access or wiping.
Outline the common protocol for processing a crime scene involving electronic evidence.
Secure and isolate the scene.
Document all devices in their original locations.
Power down devices appropriately to avoid data corruption.
Use Faraday bags for mobile devices.
Collect all associated peripherals (e.g., chargers, cables).
Maintain a chain of custody.
What questions should investigators ask as part of the initial investigation?
What types of devices are present?
Who owns or has access to the devices?
What is the function of each device?
Are there passwords or encryption that need to be bypassed?
Are there network connections that need to be severed?
