Digital Evidence Flashcards
What is the hardware?
physical components of a computer we can see and touch
What is the software?
applications and programs found on the hardware.
Name the 3 commonly found software on a computer with examples.
Operating system (windows or mac)
Word-Processing (word)
Web-browsing (explorer or firefox)
When someone buys Microsoft office on a CD, the CD contains the ____ which can be transferred to the ____ (___) on your computer.
software
hardware
HDD
What is the ROM? What letters stand for and what role?
Read-Only memory
- stored firmware that starts boot sequence (starts computer)
- Contains the BIOS: basic input-output system
What is the role of the BIOS?
starts booting process and communication with devices such as keyboard, monitor, printer, disk drives
You should never boot a computer under investigation on the _______.
original HDD
What CPU stands for and what is its role?
central processing unit
processor/brain of the computer.
All operations run through CPU.
What does RAM stand for and what is its role?
Random-access memory Volatile memory (temporary) so that computer doesn't always have to go through CPU and HDD. Permanently lost if close computer
What is stored on the Hard disk drive?
Operating system (Windows)
Programs (Word, Explorer)
Data files
HDD gives a _____ record of the info, even when computer ____.
permanent
off
What happens when turning on the computer? 7 steps
1- power from the motherboard goes through the power supply.
2- A POST (power-on self-test) is performed by the ROM.
3- The flash ROM tests the motherboard to make sure the hardware is there and that it follows a programmed boot order.
4- The HDD is sent control. It locates the first sector and determines its layout. + boots the operating system.
5- Now have the desktop
6- When click on the desktop: CPU locates Excel on the HDD and loads it into RAM (with system bus). Sends output to the monitor through the video controller of the motherboard.
7- Info you type is stored in the RAM
What happens when printing documents?
data is taken from RAM, processed by CPU, put in printable format and sent through system bus to the external port (where printer is)
What happens when saving documents?
from RAM, processed CPU passed to HDD through system bus and written on the HDD.
One HDD could have __ (#) _____ making look like # disks. All ____ from one another.
5
partitions
5
independant
The HDD is divided into 4: name each part
sectors
clusters
tracks
cylinders
Each device will be ____ to view:
_____
______ to any other devices
_______
photographed
monitor(if running)/screen
connections
serial numbers if needed
What are the 3 decisions that must be taken before the equipment is seized?
1- live acquisition of the data?
2- System shutdown?
3- pulldown the plug?
What are the 2 scenarios for mobile devices?
1- turned off: cell tower location, call logs and remove battery
2- Faraday bag if cant turn it off.
Wireless devices will first be examined in ______ or switched into the _____ and then in ____ mode.
The device switched on ___ mode (write blocking software) and ___ of the original storage on a new storage device.
isolation chamber
faraday bag
airplane
read-only
duplicate
For a computer, the ___ will be removed and an image of it will be created.
HDD
Analyst will look for ____ and ____ ____ files.
And 6 others:
deleted and partially deleted. data/work product files swap files data temporary files slack space unallocated space defragmenting
What are the 7 things look for on internet?
internet cache internet cookies internet history bookmark and favorite places chat convo instant messages emails
Emails can give us ______, which can lead to an address.
IP address
