Forensic Procedures Flashcards

1
Q

What ensures that personnel handle forensics properly, effectively, and in compliance with required regulations?

A

Forensic Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the four main area’s of forensic procedures?

A

Identification
Collection
Analysis
Reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What phase of forensic procedures ensures the scene is safe and secure to prevent evidence contamination, and identifies the scope of evidence to be collected?

A

Identification

Note: Imagine that you are the police arriving on scene, you have to make sure its safe before you can start investigating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In what phase must you obtain authorization to collect evidence, and then document and prove the integrity of the evidence as its collected?

A

COLLECTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In what phase must you create copies of evidence and use repeatable methods and tools?

A

ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In what phase do you create a report of the methods and tools used in the investigation, and present the detailed findings?

A

REPORTING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the first ethical principal of collecting forensic data?

A

The analysis must be performed without bias

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the second ethical principal of collecting forensic data?

A

Analysis methods must be repeatable by third parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the third ethical principal of collecting forensic data?

A

Evidence must not be changed or manipulated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When building a forensic timeline, what are 5 questions you need to answer?

A
How was access to the system obtained?
What tools have been installed?
What changes to files were made?
What data has been retrieved?
Was data exfiltrated?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly