Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Intro to Forensic Science > Digital Evidence > Flashcards

Digital Evidence Flashcards

You may prefer our related Brainscape-certified flashcards:
Biology 101 flashcards
1
Q
  1. What is digital evidence? Choose all that applies
    ● is any stored or transmitted data in binary format that may be useful in a criminal or civil investigation.
    ● The binary format is how computers store information and is rendered in bits (either 0s and 1s); binary is used in almost all modern computers and digital devices.
    ● can be found on hard drives, cell phones, mobile storage media, networks, and many other sources.
A

● is any stored or transmitted data in binary format that may be useful in a criminal or civil investigation.
● The binary format is how computers store information and is rendered in bits (either 0s and 1s); binary is used in almost all modern computers and digital devices.
● can be found on hard drives, cell phones, mobile storage media, networks, and many other sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Define metadata? Choose all that applies.
    ● The data about data - a set of data that describes and gives information about other data.
    ● aids in the classification of the intended information, providing identification, location, time, author, archiving, and contextual information about the file.
    ● Like a dictionary.
A

( (all of it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Define data carve. Choose all that applies.
    ● Used to reconstruct the files, their structure and content to be recovered if system metadata is lost or corrupted.
    ● also known as file carving, is the forensic technique of reassembling files from raw data fragments when no filesystem metadata is available. It is a common procedure when performing data recovery, after a storage device failure, for instance.
A

(all of it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Below are the components for a computer. Select the incorrect one.
●	Hardware & software
●	A case (circuit boards, storage media, interface connections)
●	Display device
●	Keyboard
●	Printer
●	Pointing device
A

● Printer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
5.	Below are examples of forensically valuable data, select the one that does not apply.
●	Applications
●	Pointing device
●	Documents
●	Emails
●	Databases
●	Browsing history
●	Maintenance, event logs.
A

Pointing device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
6.	Which type of storage device is this? …… are data storage devices that have an external logic board, connections to external sources of information and power, and some form of storage media.
●	Hard drives
●	Flash drives
●	Memory Cards
●	Sim Card
A

. Hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which type of storage device is this? ……. are small removable data storage devices with USB (universal serial bus) connections; their size makes them easy to transport and, therefore, conceal.
    ● Hard drives
    ● Flash drives
    ● Memory Cards
A

Flash drive/thumb drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which type of storage device is this? ……. are very small storage devices typically used in digital cameras, but can also be used with tablets, computers, cell phones, video game consoles, and other electronic devices.
    ● Hard drives
    ● Flash drives
    ● Memory Cards
    ● SIM Card (A type of memory card, Subscriber Identification Module.)
A

Memory Card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
9.	Electronic Control Units (ECUs) help to monitor and control systems and subsystems, like traction control and diagnostics for maintenance in motor vehicles. ECU stores information except one. 
●	Vehicle data
●	Passenger occupancy
●	Crash data called event data record.
●	Phone data
A

Phone data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. WHAT are the FIVE Steps/Phases on Processing Digital Evidence?
    I C T A R
A 
●	Identification
●	Collection/Acquisition
●	Transportation
●	Analysis/Examination
●	Report
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. TRUE or FALSE: Digital evidence is latent evidence.
A

True- the bits of data stored on the device or being transmitted through wires or the air cannot be immediately seen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Identification Phase:
    ● Key concept- 1st to identify
    ● 2nd identify the type of digital evidence that is stored on the physical evidence item and their relevance to the matter.
A

1st to identify the Types that contain evidence that may be of Probative nature.
2nd identify the type of digital evidence that is stored on the physical evidence item and their Relevance to the matter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. How do you prevent/secure cell phones from being tampered?
A

● Place the phone on aeroplane mode- to cut off wifi signals.
● Wrap three layers of foil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. TRUE or FALSE: When moving a digital device like a computer during collection the device should be hibernated or powered off first.
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. True or False: Leave cell phones in the power state (on or off) in which they were found.
A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Define Steganography

● is the practice of

A
  • hiding one message inside of another; digital media make this particularly difficult to detect and analyse.
    ● Eg. The image of the cat is hidden in the image of the tree by removing all, but the two least significant bits of each colour component and then normalising the image.
17
Q
  1. TRANSPORTATION of Digital evidence. TRUE or FALSE: is it good practice to place digital devices into antistatic bags and then place these into shock-resistant and water-resistant containers.
A

TRUE

18
Q
  1. ANALYSIS of digital evidence has Three basic steps.
    ● 1. Imaging the Media (with various approaches depending on system)
    ● 2. Making a ..
    ● 3. Exploring ..
A

● 1. Imaging the Media (with various approaches depending on system)
● 2. Making a forensic archive
● 3. exporting data related to the investigation.

19
Q
  1. TRUE OR FALSE: Imaging the Media w LIVE System (1st approach) the device or system is powered on and will stay that way.
A

TRUE

20
Q
  1. TRUE OR FALSE: Imaging the Media w DEAD System (2nd approach) the easiest to deal with.
A

True- Communications are not possible, batteries last longer, and transportation is easier.

21
Q
  1. With Imaging the Media, which approach is the preferred way?
A

2nd w Dead Syst. Collecting evidence from a live system is complicated. The evidence is ACTIVE can change on its own or by remote activity. with live system need to make a copy of data.

22
Q
  1. With a dead system a copy of the drive is made, called?
    ● A Forensic image
    ● Forensic copying
    ● Hashing
A

A Forensic image

23
Q

● What are the Have Major problems when analyzing digital data?

A

i. Need to determine what data is relevant to the case. ‘Quantity problem’
ii. ‘Complexity problem’ Informative data on digital devices occurs at the lowest and most raw formats, requiring skill and translation tools to find, translate, and comprehend it.
1. The Analysis is broken down into the following analysis categories: Physical media, Media management, File system, Application, Network, & Memory.

24
Q

which Analysis category is this? …..the analysis of the storage media itself through a standard interface; the recovery of overwritten or deleted data is an example.

  • physical media
  • media management
  • file system
A
  • physical media
25
Q

which Analysis category is this? …..The analysis of the organization of the storage media; determining the file structure or subsections of a storage device.

  • physical media
  • media management
  • file system
A
  • media management
26
Q

which Analysis category is this? …..The analysis of the infrastructure of files (folders, directories) and recovering deleted files.

  • physical media
  • media management
  • file system
A

-file system

27
Q

which Analysis category is this? ….. The analysis of applications and their files, like documents, images, logs, configurations, and others.

  • Applications
  • Network
  • Memory
A
  • Applications
28
Q

which Analysis category is this? ….. The analysis of information systems, networks, connections, and traffic on them.

  • Applications
  • Network
  • Memory
A
  • Network
29
Q

Which Analysis category is this?……The analysis of system memory media, like RAM, and system data.

  • Application
  • Network
  • Memory
A

-Memory

30
Q
  1. List five types of crimes where digital evidence can play a key role?
A 
●	• Child exploitation material
●	• Computer intrusion
●	• Counterfeiting
●	• Domestic violence, threats, and extortion
●	• E-mail threats, harassment, and stalking
●	• Gambling
●	• Identity and intellectual property theft
●	• Narcotics
●	• Online or economic fraud
●	• Prostitution
●	• Telecommunication fraud
●	• Terrorism
31
Q
  1. List five types of forensically useful digital data.
A 
●	Suspects email,
●	Phone,
●	hard drives
●	mobile storage media, 
●	networks
32
Q

What is an SID?

A

● In a phone- the system identification code (SID),
● a five-digit code is assigned by the Federal Communications Commission to each different telecommunications company.
● When powered on, a cell phone finds the nearest cell tower and records the SID that is being transmitted from it; likewise, the phone identifies itself to the tower registering its location.
● A single-cell tower cannot provide all the necessary information to determine location and at least three towers are needed to triangulate a location.

33
Q
  1. What is an ECU? What is an EDR?
A

● Electronic Computer Unit - help to monitor and control systems and subsystems, like traction control and diagnostics for maintenance.
● Event Data recorder - like a black box on a car. Stores information about the crash that can be accessed for forensic investigation purposes.

34
Q

What is the Digital Evidence Processes?

I C T A R

A 
Identify
Collect/Aquisition
Transport
Analyse/Examin
Report

Intro to Forensic Science (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions