M12: Forensics Flashcards
What is the first phase in the forensic process?
Collection.
What does the collection phase involve?
- Identifying
- Labeling
- Recording
- Acquiring
Why is timely data collection important?
To prevent loss of dynamic data like network connections.
What is the second phase in the forensic process?
Examination.
What happens during the examination phase?
Processing collected data to extract relevant information.
What is the third phase in the forensic process?
Analysis.
What is the goal of the analysis phase?
To derive useful information from the examined data.
What is the final phase in the forensic process?
Reporting.
What should be included in the reporting phase?
- Actions taken
- Tools used
- Recommendations.
Why is preserving data integrity important in forensics?
To ensure the data remains unchanged and reliable.
What are the basics of file storage media?
Devices like hard drives, CDs, and USB drives.
What is a filesystem?
A method for storing and organizing files on media.
Why is file integrity important?
To ensure files have not been altered or corrupted.
What are file modification… access… and creation times?
Metadata that shows when a file was last changed, accessed, or created.
What is the purpose of copying files from media?
To create a backup or transfer data without altering the original.
What is a forensic toolkit?
A set of tools used to examine and analyze data files.
How can data files be located?
By searching the filesystem or using forensic tools.
What is data extraction?
The process of retrieving specific information from data files.
Why is it important to use legally justifiable methods in forensics?
To ensure the evidence is admissible in court.
What should be done if technical issues arise during data collection?
Follow established procedures to resolve them.
What is the significance of file headers?
They contain important information about the file type and structure.
How can file integrity be verified?
By comparing file hashes before and after copying.
What are some common types of media used for data storage?
Hard drives, SSDs, CDs, DVDs, and USB drives.
What is the role of file metadata in forensics?
It provides details about the file’s history and usage.
How can forensic tools help in data recovery?
By retrieving lost or deleted files from storage media.
What is the importance of maintaining a chain of custody?
To document who handled the evidence and when.
What are some challenges in examining data files?
Issues like
* Encryption
* File corruption
* Large data volumes.
How can data files be securely stored?
Using encrypted storage and access controls.
What is the purpose of analyzing data files?
To find relevant information that supports an investigation.
Why is it important to document the forensic process?
To provide a clear record of actions taken and findings.
