IS4670 CHAPTER 12 TERMS & DEFINITIONS

Question 1

• A project of the National Institute of Standards and Technology (NIST) that focuses on developing standards to ensure reliable results during forensic investigations. The project seeks to help forensic tool providers improve their products, keep the justice system informed, and make information available to government agencies and other organizations.

Answer 1

Computer Forensics Tool Testing (CFTT)

Question 2

• The validity, accuracy, usability, and integrity of data. This is an issue in live system forensics.

Answer 2

Data consistency

Question 3

• Forensic analysis of machines that have been shut down.

Answer 3

Dead system analysis

Question 4

• A complete copy of every bit of memory or cache recorded in permanent storage or printed on paper.

Answer 4

Dump

Question 5

• Checking to determine what hardware is present on a system.

Answer 5

Hardware fingerprinting

Question 6

• A live system forensics technique in which an investigator surveys the crime scene and simultaneously collects evidence and probes for suspicious activity. The purpose is to collect relevant evidence from a system to confirm whether an incident occurred.

Answer 6

Live response

Question 7

• The actual time during which a process takes place.

Answer 7

Real time

Question 8

• An image that results from acquiring a file system while it is being updated or changed by a program in process.

Answer 8

Slurred image

Question 9

• A live system forensics technique in which an investigator acquires a physical memory dump of the compromised system and transmits it to the data collection system for analysis.

Answer 9

Volatile memory analysis

Question 10

• A piece of hardware or software that allows a system to read data from an external drive at full speed. At the same time, it blocks any write commands to the external drive to prevent unauthorized modification or formatting of the drive being examined.

Answer 10

Write blocker