Computer Forensics Flashcards
Describe the following types of Digital Evidence:
1) Volatile Data
2) Non-volatile Data
1) Data that is lost as soon as the device is powered off; logged-in users, open files, etc.
2) Permanent data stored on the secondary storage.
Describe these Rules of Evidence:
1) Understandable
2) Admissable
3) Authentic
4) Reliable
5) Complete
1) Evidence must be clear and understandable to the judges.
2) Evidence must be related to the fact being proved.
3) Evidence must be real and related to the incident.
4) No doubt about the authenticity of the evidence.
5) Evidence must prove the attacker’s actions/innocence.
What is Best Evidence?
The court only allows the original evidence of a document. A duplicate can be accepted for a valid reason.
Describe the following phases in the Forensics Investigation Process:
1) Pre-Investigation
2) Investigation Phase
3) Post-Investigation
1) Involves setting up the lab, workstations, team and getting approval.
2) Data acquisition, preservation analysis or evidentiary data.
3) Documenting all action and findings conducted during the investigation.