Understanding the Digital Forensics Profession and Investigations Flashcards
U.S. Constitution; Protects everyone’s rights to be secure in their person, residence, and property from search and seizure.
Fourth Amendment
Legal document authorizing a police officer or other official to enter and search a premise.
Search warrant
Different from digital forensics; Involves retrieving information that was deleted by mistake or lost during a power surge or server crash, for example.
Data recovery
Evidence that is incriminating.
Inculpatory evidence
Evidence that tends to clear the suspect
Exculpatory evidence
Investigations triad
- Vulnerability/Threat Assessment and Risk Management
- Network Intrusion Detection and Incident Response
- Digital Investigations
Part of investigations triad where you test and verify the integrity of stand-alone workstations and network servers.
Vulnerability/Threat Assessment and Risk Management
Part of the investigations triad that detects intruder attacks by using automated tools and monitoring network firewall logs
Network Intrusion Detection and Incident Response
Part of the investigations triad that manages investigations and conducts forensics analysis of systems suspected of containing evidence related to an incident or crime.
Digital Investigations
Introduced training on software for digital forensics examinations.
International Association of Computer Investigative Specialists (IACIS)
A nonprofit group that meets to discuss problems that digital forensics examiners encounter.
Computer Technology Investigators Network (CTIN)
An accusation of fact that a crime has been committed.
Allegation
Has the skill and training to arrive at an incident scene, assess the situation, and take precautions to acquire and preserve evidence.
Digital Evidence First Responder (DEFR)
Has the skill to analyze the data and determine when another specialist should be called in to assist with the analysis.
Digital Evidence Specialist (DES)
Sworn statement of support of facts about or evidence of a crime that is submitted to a judge with a request for a search warrant.
Affidavit
Support the allegation to justify the warrant
Exhibits (evidence)
Involves selling sensitive or confidential company information to a competitor.
Industrial espionage
Involves crimes such as falsification of data, embezzlement, and sabotage
White-collar crimes
Part of company policies that states who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence.
Line of authority
Usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end-users that the organization reserves the right to inspect computer systems and network traffic at will
Warning banner
Has the power to initiate investigations, specified by the business.
Authorized requester
Three types of situations that are common in private-sector environments.
- Abuse or misuse of digital assets
- E-mail abuse
- Internet abuse
The route evidence takes from the time you find it until the case is closed or goes to court.
Chain of custody
Helps you document what has and has not been done with the original evidence and forensic copies of the evidence.
Evidence custody form
