Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics > Digital Forensics 3 > Flashcards

Digital Forensics 3 Flashcards

1
Q

Each time touching digital info there is a chance to alter it, the investigator should handle the info. Locard’s Principle of Transference he stated that you cannot interact in an environment without leaving some trace.

Rules of evidence govern whether, when, how, and why proof of a legal case can be placed before a judge or jury.

Avoid Exceeding your skill set and transfer that job to someone of that skillset.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Before you begin any forensic examination, you should have an analysis plan. This plan is a guide for your work. How will you gather evidence? Are there concerns about evidence being changed or destroyed? What tools are most appropriate for this specific investigation? Is this a federal or state case? Will this affect admissibility rules? You should address all of these issues in your data analysis plan. It is advisable to have a standard data analysis plan that you simply customize for specific situations.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

how long info is valid (volatility), consider the life span of info for ex: RAM and HDD. Collect info quickly, collect bit-level info.

A

Life Span

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

is also involved in criminal law enforcement forensics and counterintelligence. It assists in criminal, counterintelligence, counterterrorism, and fraud investigations. In addition, it supports safety investigations, commander-directed inquiries, and inspector-general investigations.

A

DC3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

provides computer investigation training. It trains forensic examiners, investigators, system administrators, and others. It also ensures that defense information systems are secure from unauthorized use, criminal and fraudulent activities, and foreign intelligence service exploitation. DC3 partners with government, academic, and private industry computer security officials.

A

DC3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

identification, preservation, collection, examination, analysis, and presentation.

A

DFRWS Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

collect, preserve, examine, transfer. That final step means any sort of transfer. This includes moving evidence from the lab to a court, or even returning evidence when no longer needed.

A

SWGDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A system forensics specialist should have a good understanding of how computer hard disks and compact discs (CDs) are structured. A specialist should also know how to find data hidden in obscure places on CDs and hard disk drives.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This unused space between the logical end of file and the physical end of file is known as file slack or slack space. This residual information in file slack is not necessarily overwritten when you create a new file. File slack is therefore a source of potential security leaks involving passwords, network logons, email, database entries, images, and word processing documents.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Evidence-Handling : Find Evidence, Preserve Evidence, Prepare Evidence.

Evidence Gathering Measures : Avoid Chaining the Evidence, Determine when the evidence was created, trust only physical evidence, search throughout a device, present evidence well.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Digital Forensics (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions