Digital forensics science - law reflections

Question 1

There are two different aspects to look at, which two?

Answer 1

1. Computers as tool for crime, or repositories for information to a crime.
2. Computers as targets of a crime

Question 2

There are 5 types of computer examinations and recovery, which?

Answer 2

1. Content : what type of data files are stored
2. Comparison : compare found data files and documents to known ones
3. Transaction : the time and sequence of the data files creation
4. Extraction : retrieving the files from the computer
5. Format conversion : one format might offer a better opportunity for interpretation than other

Question 3

Name 7 things to look for when examining a computer

Answer 3

1. Keyword searching, find a particular or all occurrences of a word or phrase
2. Passwords, recovered and decrypted
3. Limited or fragmented source code, for comparison and analysis
4. Storage media, used as a standalone accessory with some devices.
5. Network history, browser tracks, email, ftp trails
6. Graphics and multimedia, may be treated as a special file
7. Examples, of fraud, homicide, narcotics, hacking etc..

Question 4

Computer evidence need to be..

Answer 4

1. admissible
2. authentic
3. complete
4. reliable
5. believable

Question 5

There are 4 rules for examination of digital evidence, which?

Answer 5

1. Minimal handling of the original
2. Account for any change - nature, extent and reason
3. Comply with the rules of evidence
4. Do not exceed the individual knowledge and competence

Question 6

What is the CFSAP model? (Computer Forensic - Secure, Analyze , Present)

Answer 6

The main objectives are:

• The securing of potential evidence
• The analysis of secured data
• the presentation of the secured data

Question 7

What is the difference of civil and criminal law?

Answer 7

civil = person or company
Criminal = government