IS4670 CHAPTER 6 TERMS & DEFINITIONS

Question 1

• A text file that a series of commands intended to be executed by the command interpreter. When a this is run, another program reads the file and executes its commands.

Answer 1

Batch file

Question 2

• A backup that involves the copying of every bit of data on a computer hard disk drive or another type of storage media. It exactly replicates all sectors on the storage device, so all files and ambient data storage areas are copied.

Answer 2

Bit stream backup

Question 3

• A process that starts an operating system when the user turns on a computer system.

Answer 3

Boot process

Question 4

• A fixed-length block of data—one to 128 sectors—in which DOS- and Windows-based computers store files. These are made up of blocks of sectors.

Answer 4

Cluster

Question 5

• A table that stores associations between files and the clusters assigned to them.

Answer 5

File allocation table (FAT)

Question 6

• An amendment that guards against unreasonable searches and seizures. It specifically requires that search and arrest warrants be judicially sanctioned and supported by probable cause.

Answer 6

Fourth Amendment to the U.S. Constitution

Question 7

• The process of creating a complete sector-by-sector copy of a disk drive. Also known as making a bit stream backup.

Answer 7

Imaging

Question 8

• Evidence that shows, or tends to show, a person’s involvement in an act, or evidence that can establish guilt.

Answer 8

Incriminating evidence

Question 9

• A segment of the forensics world that recommends leaving a suspect computer turned on and working on it immediately after securing it.

Answer 9

Live analysis school of thought

Question 10

• Analysis using the native operating system, on the evidence disk or a forensic duplicate, to peruse the data. It looks for things that are visible, known about, and possibly controlled by the user.

Answer 10

Logical analysis

Question 11

• Offline analysis conducted on an evidence disk or forensic duplicate after booting from a CD or another system. It looks for things that may have been overlooked, or are invisible, to the user.

Answer 11

Physical analysis

Question 12

• | A segment of the forensics world that believes a suspect computer should be carefully shut down immediately when the computer is secured.

Answer 12

Safe shutdown school of thought

Question 13

• The smallest unit of storage on a computer. It is composed of bits and is generally a power of two bytes in size.

Answer 13

Sector

Question 14

• Fringe data that remains on the physical track of storage media after deletion, sweeping, or scrubbing.

Answer 14

Shadow data

Question 15

• Data that an operating system creates and overwrites without the computer user taking a direct action to save this data.

Answer 15

Temporary data

Question 16

• Data from running processes on a live computer. It is memory that is highly sensitive to system usage, such as registers, memory, and cache. Such data is lost whenever a system is used.

Answer 16

Volatile data