Understanding the Digital Forensics Profession and Investigations

Question 1

U.S. Constitution; Protects everyone’s rights to be secure in their person, residence, and property from search and seizure.

Answer 1

Fourth Amendment

Question 2

Legal document authorizing a police officer or other official to enter and search a premise.

Answer 2

Search warrant

Question 3

Different from digital forensics; Involves retrieving information that was deleted by mistake or lost during a power surge or server crash, for example.

Answer 3

Data recovery

Question 4

Evidence that is incriminating.

Answer 4

Inculpatory evidence

Question 5

Evidence that tends to clear the suspect

Answer 5

Exculpatory evidence

Question 6

Investigations triad

Answer 6

1. Vulnerability/Threat Assessment and Risk Management
2. Network Intrusion Detection and Incident Response
3. Digital Investigations

Question 7

Part of investigations triad where you test and verify the integrity of stand-alone workstations and network servers.

Answer 7

Vulnerability/Threat Assessment and Risk Management

Question 8

Part of the investigations triad that detects intruder attacks by using automated tools and monitoring network firewall logs

Answer 8

Network Intrusion Detection and Incident Response

Question 9

Part of the investigations triad that manages investigations and conducts forensics analysis of systems suspected of containing evidence related to an incident or crime.

Answer 9

Digital Investigations

Question 10

Introduced training on software for digital forensics examinations.

Answer 10

International Association of Computer Investigative Specialists (IACIS)

Question 11

A nonprofit group that meets to discuss problems that digital forensics examiners encounter.

Answer 11

Computer Technology Investigators Network (CTIN)

Question 12

An accusation of fact that a crime has been committed.

Answer 12

Allegation

Question 13

Has the skill and training to arrive at an incident scene, assess the situation, and take precautions to acquire and preserve evidence.

Answer 13

Digital Evidence First Responder (DEFR)

Question 14

Has the skill to analyze the data and determine when another specialist should be called in to assist with the analysis.

Answer 14

Digital Evidence Specialist (DES)

Question 15

Sworn statement of support of facts about or evidence of a crime that is submitted to a judge with a request for a search warrant.

Answer 15

Affidavit

Question 16

Support the allegation to justify the warrant

Answer 16

Exhibits (evidence)

Question 17

Involves selling sensitive or confidential company information to a competitor.

Answer 17

Industrial espionage

Question 18

Involves crimes such as falsification of data, embezzlement, and sabotage

Answer 18

White-collar crimes

Question 19

Part of company policies that states who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence.

Answer 19

Line of authority

Question 20

Usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end-users that the organization reserves the right to inspect computer systems and network traffic at will

Answer 20

Warning banner

Question 21

Has the power to initiate investigations, specified by the business.

Answer 21

Authorized requester

Question 22

Three types of situations that are common in private-sector environments.

Answer 22

1. Abuse or misuse of digital assets
2. E-mail abuse
3. Internet abuse

Question 23

The route evidence takes from the time you find it until the case is closed or goes to court.

Answer 23

Chain of custody

Question 24

Helps you document what has and has not been done with the original evidence and forensic copies of the evidence.

Answer 24

Evidence custody form

Question 25

Specially configured PC loaded with additional bays and forensics software.

Answer 25

Forensic workstation

Question 26

Bit-by-bit copy of the original drive or storage medium and is an exact duplicate.

Answer 26

Bit-stream copy

Question 27

File containing the bit-stream copy of all data on a disk or disk partition.

Answer 27

Bit-stream image