Introduction to Cyber Forensics Flashcards

1
Q

Affidavit

A

A written statement made under oath or affirmation, used as evidence in a court of law.
Example: An individual providing a sworn statement of what they witnessed in a criminal case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Allegation

A

A claim or assertion that someone has done something wrong or illegal, often made without proof.
Example: An employee accusing their supervisor of harassment in the workplace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Approved Secure Container

A

A storage device that meets specific security requirements for the storage of sensitive or classified information.
Example: A safe or cabinet used to store classified government documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

attorney-client privilege (ACP)

A

The legal protection that allows communications between an attorney and their client to remain confidential and not be disclosed without the client’s permission.
Example: A lawyer and their client discussing the details of a legal case without fear of the conversation being used against them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

authorized requester

A

A person or entity that has the legal right to request access to specific information or evidence.
Example: A police department requesting access to a suspect’s phone records with a valid search warrant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

bit-stream copy

A

A forensic copy of a digital storage device or file that captures every bit of data, including deleted and hidden files.
Example: A digital forensics investigator creating a forensic copy of a hard drive for analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

bit-stream image

A

A forensic image of a digital storage device or file that captures a bit-for-bit copy of the data, including deleted and hidden files.
Example: A digital forensics investigator creating a forensic image of a USB drive for analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

chain of custody

A

The documented history of the custody, control, transfer, analysis, and disposition of physical or digital evidence, ensuring that the integrity of the evidence is maintained.
Example: A police officer documenting who collected evidence at a crime scene, who had possession of the evidence, and when and where it was transferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Computer Technology Investigators Network (CTIN)

A

A nonprofit organization that provides training, resources, and networking opportunities for digital forensics and cybercrime investigators.
Example: A digital forensics investigator attending a CTIN training seminar to stay up-to-date on the latest forensic techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

data recovery

A

The process of retrieving lost, damaged, or deleted data from digital storage devices.
Example: A person recovering deleted photos from their phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Digital Evidence First Responder (DEFR)

A

A trained professional who is the first to respond to a digital crime scene and collects and preserves digital evidence.
Example: A police officer trained to collect and preserve digital evidence at the scene of a cybercrime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Digital Evidence Specialist (DES)

A

A trained professional who specializes in the forensic analysis of digital evidence.
Example: A digital forensics investigator who specializes in analyzing data from mobile devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

digital forensics

A

The process of collecting, preserving, analyzing, and presenting digital evidence in a manner that is admissible in a court of law.
Example: A digital forensics investigator analyzing a computer system to find evidence of illegal activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

digital investigations

A

The process of conducting an investigation that involves digital evidence and technology.
Example: A law enforcement agency investigating an online fraud scheme.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

evidence bags

A

Bags used to store physical evidence, often with a label and chain of custody documentation attached.
Example: A police officer placing a knife found at a crime scene in an evidence bag and labeling it with the date and location it was found.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

evidence custody form

A

A form used to document the transfer of physical evidence from one person or agency to another, including the chain of custody.
Example: A police officer filling out an evidence custody form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

exculpatory evidence

A

Evidence that tends to clear or exonerate the accused of guilt or blame.
Example: DNA evidence that proves someone was not present at the scene of a crime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

exhibits

A

Physical or digital evidence presented in a court of law to prove or disprove a fact in a case.
Example: A murder weapon presented as evidence in a murder trial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

forensic workstation

A

A specialized computer system used for digital forensics analysis, with specific hardware and software configurations.
Example: A computer system used to analyze a hard drive for evidence of illegal activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Fourth Amendment

A

An amendment to the United States Constitution that protects citizens from unreasonable searches and seizures by the government.
Example: Police officers obtaining a search warrant before searching someone’s home.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

hostile work environment

A

A workplace environment in which an employee feels uncomfortable or harassed, typically due to discriminatory or abusive behavior.
Example: An employee being subjected to sexual harassment by their supervisor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

inculpatory evidence

A

Evidence that tends to show the guilt or culpability of the accused.
Example: Security camera footage showing a suspect committing a crime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

industrial espionage

A

The theft or unauthorized use of intellectual property, trade secrets, or confidential information for competitive advantage.
Example: A company stealing a competitor’s technology or trade secrets to gain an advantage in the marketplace.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

International Association of Computer Investigative Specialists (IACIS):

A

A professional organization for computer and digital forensics investigators.
Example: A digital forensics investigator joining IACIS to network with other professionals in the field.

25
Q

interrogation

A

The process of questioning a suspect or witness in a criminal investigation.
Example: Police officers questioning a suspect in custody about their involvement in a crime.

26
Q

interview

A

A conversation between an investigator and a person of interest in a criminal investigation, typically less formal than an interrogation.
Example: An investigator interviewing a witness to a crime to gather information.

27
Q

line of authority

A

The chain of command within an organization or agency, typically used to assign responsibility and accountability.
Example: A police department’s line of authority, with the chief of police at the top, followed by captains, lieutenants, sergeants, and patrol officers.

28
Q

multi-evidence form

A

A form used to document multiple pieces of physical evidence collected from a crime scene.
Example: A police officer filling out a multi-evidence form to document the collection of multiple items from a burglary scene.

29
Q

network intrusion detection and incident response

A

The process of monitoring computer networks for unauthorized access or malicious activity and responding to incidents as they occur.
Example: A company using network intrusion detection and incident response measures to detect and prevent cyberattacks.

30
Q

professional conduct

A

The ethical and professional behavior expected of individuals in a particular profession or industry.
Example: A lawyer adhering to professional conduct rules when representing a client.

31
Q

repeatable findings

A

In digital forensics, the ability to reproduce the same results consistently when analyzing the same evidence.
Example: A digital forensics investigator obtaining repeatable findings when analyzing the same hard drive multiple times.

32
Q

search and seizure

A

The legal process of searching for and collecting physical or digital evidence in a criminal investigation.
Example: Police officers searching a suspect’s car for drugs with a valid search warrant.

33
Q

search warrants

A

Legal documents issued by a judge authorizing law enforcement officers to conduct a search for specific items of evidence.
Example: A judge issuing a search warrant for a suspect’s home to look for evidence related to a robbery.

34
Q

single-evidence form

A

A form used to document the collection and transfer of a single piece of physical evidence in a criminal investigation.
Example: A police officer filling out a single-evidence form to document the collection and transfer of a DNA sample.

35
Q

verdict

A

The decision or finding of a judge or jury in a trial, determining the guilt or innocence of the accused.
Example: A jury finding a defendant guilty of murder and issuing a guilty verdict.

36
Q

vulnerability/threat assessment and risk management

A

The process of identifying and assessing potential vulnerabilities and threats to a system or organization, and developing strategies to manage and mitigate those risks.
Example: A company conducting a vulnerability assessment of their IT infrastructure to identify potential security weaknesses and develop a risk management plan.

37
Q

warning banner

A

A notice or message displayed on a computer system or network to warn users of the system’s security policies and the consequences of unauthorized access or use.
Example: A warning banner displayed on a company’s network login page informing users that the system is monitored and unauthorized access will be prosecuted.

38
Q

white-collar crimes

A

Non-violent crimes committed by individuals or organizations in the course of their occupation or business, typically involving financial fraud, embezzlement, or other forms of white-collar fraud.
Example: Insider trading, securities fraud, and money laundering are examples of white-collar crimes.

39
Q

Digital forensics and data recovery refer to the activities. True or False?

A

True

40
Q

Police in the United States must use procedures that adhere to which of the following?

A

Fourth Amendment

41
Q

The triad of computing security includes which of the following?

A

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

42
Q

What’s the purpose of maintaining a network of digital forensics specialists?

A

To provide a network of experts who can share knowledge, tools, and techniques, and collaborate on complex cases.

43
Q

Policies can address rules for which of the following?

A
  1. When you can log on to a company network from home
  2. The Internet sites you can or can’t access
  3. The amount of personal e-mail you can send
  4. Any of the above- This is the answer.
44
Q

List two items that should appear on a warning banner.

A

Examples of items that should appear on a warning banner include: notification that the system is for authorized use only, that users should have no expectation of privacy, and that unauthorized access is prohibited and may be subject to disciplinary action.

45
Q

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True or False?

A

False

46
Q

List two types of digital investigations typically conducted in a business environment.

A

Two types of digital investigations typically conducted in a business environment include: internal investigations of employees suspected of wrongdoing, and investigations of external threats such as hacking or intellectual property theft.

47
Q

What is professional conduct, and why is it important?

A

Professional conduct refers to the ethical and professional behavior expected of individuals in a particular profession or industry. It is important because it ensures that investigators maintain credibility and adhere to ethical and legal standards, which can impact the outcome of investigations and the reputation of the investigator and their organization.

48
Q

What’s the purpose of an affidavit?

A

An affidavit is a written statement made under oath or affirmation, used as evidence in a court of law. Its purpose is to provide a sworn statement of the facts as the affiant understands them.

49
Q

What are the necessary components of a search warrant?

A

The necessary components of a search warrant include: a description of the place to be searched, the items or evidence to be seized, and the probable cause for the search and seizure.

50
Q

What are some ways to determine the resources needed for an investigation?

A

Ways to determine the resources needed for an investigation include: conducting a risk assessment, identifying the scope of the investigation, and estimating the amount of time and personnel needed to complete the investigation.

51
Q

List three items that should be on an evidence custody form.

A

Three items that should be on an evidence custody form include: a description of the evidence, the date and time the evidence was collected, and the name and signature of the person collecting the evidence.

52
Q

Why should you do a standard risk assessment to prepare for an investigation?

A

Conducting a standard risk assessment can help identify potential obstacles, determine what resources may be needed, and help establish timelines for the investigation.

53
Q

You should always prove the allegations made by the person who hired you. True or False?

A

False

54
Q

For digital evidence, an evidence bag is typically made of antistatic material. True or False?

A

True

55
Q

Why should evidence media be write-protected?

A

Evidence media should be write-protected to prevent accidental or intentional modification or deletion of data on the media, ensuring the integrity of the evidence.

56
Q

List three items that should be in your case report.

A

Three items that should be in a case report include: a description of the investigation, a summary of the findings, and any conclusions or recommendations.

57
Q

Why should you critique your case after it’s finished?

A

Critiquing a case after it is finished can help identify areas for improvement, identify best practices, and help improve the outcome of future investigations.

58
Q

What do you call a list of people who have had physical possession of the evidence?

A

A chain of custody is a list of people who have had physical possession of the evidence, documenting the transfer and possession of the evidence from the time it is collected until it is presented in court.

59
Q

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True or False?

A

True. Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule, which shields from disclosure certain materials prepared in anticipation of litigation or for trial.