M12: Forensics Flashcards
What is the first phase in the forensic process?
M12: Forensics
Collection.
What does the collection phase involve?
M12: Forensics
- Identifying
- Labeling
- Recording
- Acquiring
Why is timely data collection important?
M12: Forensics
To prevent loss of dynamic data like network connections.
What is the second phase in the forensic process?
M12: Forensics
Examination.
What happens during the examination phase?
M12: Forensics
Processing collected data to extract relevant information.
What is the third phase in the forensic process?
M12: Forensics
Analysis.
What is the goal of the analysis phase?
M12: Forensics
To derive useful information from the examined data.
What is the final phase in the forensic process?
M12: Forensics
Reporting.
What should be included in the reporting phase?
M12: Forensics
- Actions taken
- Tools used
- Recommendations.
Why is preserving data integrity important in forensics?
M12: Forensics
To ensure the data remains unchanged and reliable.
What are the basics of file storage media?
M12: Forensics
Devices like hard drives, CDs, and USB drives.
What is a filesystem?
M12: Forensics
A method for storing and organizing files on media.
Why is file integrity important?
M12: Forensics
To ensure files have not been altered or corrupted.
What are file modification… access… and creation times?
M12: Forensics
Metadata that shows when a file was last changed, accessed, or created.
What is the purpose of copying files from media?
M12: Forensics
To create a backup or transfer data without altering the original.
What is a forensic toolkit?
M12: Forensics
A set of tools used to examine and analyze data files.
How can data files be located?
M12: Forensics
By searching the filesystem or using forensic tools.
What is data extraction?
M12: Forensics
The process of retrieving specific information from data files.
Why is it important to use legally justifiable methods in forensics?
M12: Forensics
To ensure the evidence is admissible in court.
What should be done if technical issues arise during data collection?
M12: Forensics
Follow established procedures to resolve them.
What is the significance of file headers?
M12: Forensics
They contain important information about the file type and structure.
How can file integrity be verified?
M12: Forensics
By comparing file hashes before and after copying.
What are some common types of media used for data storage?
M12: Forensics
Hard drives, SSDs, CDs, DVDs, and USB drives.
What is the role of file metadata in forensics?
M12: Forensics
It provides details about the file’s history and usage.
How can forensic tools help in data recovery?
M12: Forensics
By retrieving lost or deleted files from storage media.
What is the importance of maintaining a chain of custody?
M12: Forensics
To document who handled the evidence and when.
What are some challenges in examining data files?
M12: Forensics
Issues like
* Encryption
* File corruption
* Large data volumes.
How can data files be securely stored?
M12: Forensics
Using encrypted storage and access controls.
What is the purpose of analyzing data files?
M12: Forensics
To find relevant information that supports an investigation.
Why is it important to document the forensic process?
M12: Forensics
To provide a clear record of actions taken and findings.
