Computer Forensics Flashcards

1
Q

Describe the following types of Digital Evidence:
1) Volatile Data
2) Non-volatile Data

A

1) Data that is lost as soon as the device is powered off; logged-in users, open files, etc.
2) Permanent data stored on the secondary storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe these Rules of Evidence:
1) Understandable
2) Admissable
3) Authentic
4) Reliable
5) Complete

A

1) Evidence must be clear and understandable to the judges.
2) Evidence must be related to the fact being proved.
3) Evidence must be real and related to the incident.
4) No doubt about the authenticity of the evidence.
5) Evidence must prove the attacker’s actions/innocence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Best Evidence?

A

The court only allows the original evidence of a document. A duplicate can be accepted for a valid reason.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe the following phases in the Forensics Investigation Process:
1) Pre-Investigation
2) Investigation Phase
3) Post-Investigation

A

1) Involves setting up the lab, workstations, team and getting approval.
2) Data acquisition, preservation analysis or evidentiary data.
3) Documenting all action and findings conducted during the investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly