IS4670 CHAPTER 3 TERMS & DEFINITIONS Flashcards
Attempts to adversely affect the existence, amount, and quality of evidence from a crime scene or to make the analysis and examination of evidence difficult or impossible to conduct.
Anti-forensics -
Continuity of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered.
Chain of custody -
Raw numbers, pictures, and other “stuff ” that may or may not have relevance to a particular event or incident under investigation.
Data -
A plan that lists the types of data to be collected and describes the expected sources for the data. It should also list any anticipated problems as well as recommended strategies to deal with those problems.
Data analysis plan -
Information such as a chart that helps explain other evidence to a judge and jury.
Demonstrative evidence -
Written evidence that must be authenticated, such as a printed report or a log file.
Documentary evidence -
Anything that changes or destroys digital evidence between the time the evidence is created and when the case goes to court. An action that changes the evidence could be either accidental or deliberate.
Evidence Dynamics -
Data that has been processed and assembled so that it is relevant to an investigation.
Information -
A basic concept of forensic science, which states that “with contact between two items, there will be an exchange.” In other words, every contact leaves a trace.
Locard’s exchange principle -
Data that is difficult to collect and analyze because it is encrypted, compressed, or in a proprietary format.
Obscured data -
A physical object that can be touched, held, or directly observed, such as a hard drive or removable media. Also: Any evidence that speaks for itself, without relying on anything else. An example is a log produced by an audit function.
Real evidence -
A court order that allows law enforcement personnel to collect equipment or data from that equipment. Search warrants are typically used by law enforcement officers.
Search warrant -
A court order than requires the person or organization that owns the equipment to release it for analysis. These are typically used in civil actions or court proceedings.
Subpoena -
Information that is used to support or interpret real or documentary evidence.
Testimonial evidence –
Permission from a computer or equipment owner to search and/or seize equipment as part of an investigation
Voluntary surrender-
