Week 1 - The Investigative Process Flashcards

1
Q

What are the two common settings of digital forensics?

A

Cybercrime context - Law enforcement investigating cybercrime.
Organisational context - Investigation conducted within an organisation that normally do not result in criminal proceedings, and at most civil proceedings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the similarities between the two contexts of digital forensics?

A

Equal need for evidential standards.

Similar investigation techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the differences between the two contexts of digital forensics?

A
The difference resources being investigated.
The consequences (e.g. legal proceedings for cybercrime, termination of employment for organisational).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the basic overview steps of an investigation?

A
  1. Acquire the evidence without altering or damaging the original.
  2. Confirm that the recovered evidence is the same as the originally seized data
  3. Analyse the data without modifying it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

According to the ACPO guidelines, what rules/laws is computer-based electronic evidence subject to?

A

The same rules and laws as documentary evidence (Normal evidence).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What must the prosecution do to prove validity/integrity of the data?

A

They must show that the evidence produced is no more or less that it was when first taken into possession of the police. The evidence must be the same as it was in the original data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the first ACPO principle?

A

No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the second ACPO principle?

A

In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the third ACPO principle?

A

An audit trail or other record of all processes applied to computer based electronic evidence should be created and preserved. Such that an independent third party should be able to examine those processes and achieve the same result.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the forth ACPO principle?

A

The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are applied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many principles in the ACPO guidelines are their?

A

4.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whata are the main steps of the investigative process?

A
Identification
Acquisition
Preservation
Search
Analysis
Reconstruction
Presentation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the identification step of the investigative process?

A

Identifying that an incident has taken place.

E.g. a crime report, log monitoring, link for another case, intelligence, suspicion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly