IS4670 CHAPTER 4 TERMS & DEFINITIONS

Question 1

• An organization that provides guidelines for managing a forensics lab. ASCLD also certifies computer forensics labs.

Answer 1

American society of Crime Laboratory directors (AsCLd)

Question 2

• A reasoned proposal for making a change, such as a plan that justifies acquiring newer and better resources to investigate computer forensics cases.

Answer 2

Business case

Question 3

• Records that are produced by a computing device. This information includes logs, content analysis, packet captures, reconstructed artifacts, and so on. The admissibility of computer-generated records depends on their authenticity.

Answer 3

Computer-generated information

Question 4

• A process in which an organization records all updates it makes to its workstations.

Answer 4

Configuration management

Question 5

• A framework for ensuring forensic soundness that has six classes: identification, preservation, collection, examination, analysis, and presentation.

Answer 5

DFRWs framework

Question 6

• A nonprofit volunteer organization that aims to enhance the sharing of knowledge and ideas about digital forensics research. The DFRWS sponsors annual conferences, technical working

Answer 6

Digital Forensics Research Workshop (DFRWs)

Question 7

• A plan that helps a lab restore its workstations and file servers to their original condition after a catastrophic failure occurs.

Answer 7

Disaster recovery plan

Question 8

• A model for forensic investigation that has five phases: readiness, deployment, physical crime scene investigation, digital crime scene investigation, and presentation.

Answer 8

Event-based digital forensic investigation framework

Question 9

• A container that stores evidence and is secured so that no unauthorized person can easily access the evidence. Also known as an evidence locker.

Answer 9

Evidence storage container

Question 10

• A room that stores large computer components, such as computers, monitors, and other peripheral devices. It may or may not be located within the lab itself.

Answer 10

Evidence storage room

Question 11

• A code of evidence law that governs the admission of facts by which parties in the U.S. federal court system may prove their cases.

Answer 11

Federal Rules of Evidence (FRE)

Question 12

• a state in which data is complete and materially unaltered.

Answer 12

Forensic soundness

Question 13

• Information created by humans. It includes e-mail messages, text messages, word processing documents, digital photos, and other records that are transmitted or stored electronically.

Answer 13

Human-generated information

Question 14

• An individual who performs general management tasks for a computer forensics lab, such as promoting group consensus in decision making, maintaining fiscal responsibility for lab needs, and enforcing ethical standards among staff members.

Answer 14

Lab manager

Question 15

• Rules that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury. The rules vary depending on the type of court and the jurisdiction.

Answer 15

Rules of evidence

Question 16

• Special computer-emission used to shield sensitive computing systems and labs and prevent electronic eavesdropping on any computer emissions.

Answer 16

TEMPEST