Digital Evidence

Question 1

What is the hardware?

Answer 1

physical components of a computer we can see and touch

Question 2

What is the software?

Answer 2

applications and programs found on the hardware.

Question 3

Name the 3 commonly found software on a computer with examples.

Answer 3

Operating system (windows or mac)
Word-Processing (word)
Web-browsing (explorer or firefox)

Question 4

When someone buys Microsoft office on a CD, the CD contains the ____ which can be transferred to the ____ (___) on your computer.

Answer 4

software
hardware
HDD

Question 5

What is the ROM? What letters stand for and what role?

Answer 5

Read-Only memory

• stored firmware that starts boot sequence (starts computer)
• Contains the BIOS: basic input-output system

Question 6

What is the role of the BIOS?

Answer 6

starts booting process and communication with devices such as keyboard, monitor, printer, disk drives

Question 7

You should never boot a computer under investigation on the _______.

Answer 7

original HDD

Question 8

What CPU stands for and what is its role?

Answer 8

central processing unit
processor/brain of the computer.
All operations run through CPU.

Question 9

What does RAM stand for and what is its role?

Answer 9

Random-access memory 
Volatile memory (temporary) so that computer doesn't always have to go through CPU and HDD. 
Permanently lost if close computer

Question 10

What is stored on the Hard disk drive?

Answer 10

Operating system (Windows)
Programs (Word, Explorer)
Data files

Question 11

HDD gives a _____ record of the info, even when computer ____.

Answer 11

permanent

off

Question 12

What happens when turning on the computer? 7 steps

Answer 12

1- power from the motherboard goes through the power supply.
2- A POST (power-on self-test) is performed by the ROM.
3- The flash ROM tests the motherboard to make sure the hardware is there and that it follows a programmed boot order.
4- The HDD is sent control. It locates the first sector and determines its layout. + boots the operating system.
5- Now have the desktop
6- When click on the desktop: CPU locates Excel on the HDD and loads it into RAM (with system bus). Sends output to the monitor through the video controller of the motherboard.
7- Info you type is stored in the RAM

Question 13

What happens when printing documents?

Answer 13

data is taken from RAM, processed by CPU, put in printable format and sent through system bus to the external port (where printer is)

Question 14

What happens when saving documents?

Answer 14

from RAM, processed CPU passed to HDD through system bus and written on the HDD.

Question 15

One HDD could have __ (#) _____ making look like # disks. All ____ from one another.

Answer 15

5
partitions
5
independant

Question 16

The HDD is divided into 4: name each part

Answer 16

sectors
clusters
tracks
cylinders

Question 17

Each device will be ____ to view:
_____
______ to any other devices
_______

Answer 17

photographed
monitor(if running)/screen
connections
serial numbers if needed

Question 18

What are the 3 decisions that must be taken before the equipment is seized?

Answer 18

1- live acquisition of the data?
2- System shutdown?
3- pulldown the plug?

Question 19

What are the 2 scenarios for mobile devices?

Answer 19

1- turned off: cell tower location, call logs and remove battery
2- Faraday bag if cant turn it off.

Question 20

Wireless devices will first be examined in ______ or switched into the _____ and then in ____ mode.
The device switched on ___ mode (write blocking software) and ___ of the original storage on a new storage device.

Answer 20

isolation chamber
faraday bag
airplane

read-only
duplicate

Question 21

For a computer, the ___ will be removed and an image of it will be created.

Answer 21

HDD

Question 22

Analyst will look for ____ and ____ ____ files.

And 6 others:

Answer 22

deleted and partially deleted. 
data/work product files
swap files data
temporary files
slack space
unallocated space
defragmenting

Question 23

What are the 7 things look for on internet?

Answer 23

internet cache 
internet cookies
internet history
bookmark and favorite places
chat convo
instant messages
emails

Question 24

Emails can give us ______, which can lead to an address.

Answer 24

IP address

Question 25

What are the 3 main limitations of digital evidence?

Answer 25

encryption
proprietary systems
legal, privacy laws.