Topic 5 Flashcards
1
Q
What are some ways to determine file ownership? (4)
A
Passwords on the computer/account
File metadata
network logs (for networked users)
who else lives there?
2
Q
What are 2 ways companies bypass privacy issues to conduct investigations?
A
- Company policies stating that internet use can be investigated
- warning banners at logon
3
Q
How can you prepare for a search warrant? (7 ways)
A
- Get case background
- Identify the type of OS or Digital Device
- Determining whether you can seize computers and digital devices
- Getting a detailed description of the location (safety concerns)
- Determining who is in charge
- Using additional technical expertise (if necessary)
- Determining the tools you need
4
Q
Name 6 tools that should be in a digital forensic field kit
A
- Laptop computer
- Digital Camera
- Flashlight
- Gloves
- computer toolkit(screwdrivers, etc)
- Cables (SATA, IDE ribbon
- Evidence log forms
- Notebook
- Computer evidence bag
- Evidence labels, tape and tags
- portable hard drive
5
Q
What steps should you take when examining a device at a search? (5 + 3)
A
- Take photos of the device in place
- Make a sketch of the area and crime scene
- note any peripherals - USB keys etc.
- check if device is on
- If on, note any windows that are open
- examine temporary files and registry
- examine memory
- turn off
6
Q
What are the 5 overall steps in any digital forensics case?
A
- Identify the case requirements
- Plan your investigation
- Conduct the investigation
- Complete the case report
- Critique the case
