What you need to know

Question 1

Daubert standard:

Answer 1

Standard used by a trial judge to make a preliminary assessment of whether an expert’s
scientific testimony is based on reasoning or methodology that is scientifically valid and can
properly be applied to the facts at issue.

Question 2

The Communications Assistance to Law Enforcement Act of 1994 (CALEA)

Answer 2

a federal wiretap law for
traditional wired telephony.

Question 3

The Electronic Communications Privacy Act of 1986

Answer 3

governs the privacy and disclosure,
access, and interception of content and traffic data related to electronic communications.

Question 4

The Children’s Online Privacy Protection Act of 1998 (COPPA)

Answer 4

protects children 13 years of age
and under from the collection and use of their personal information by websites.

Question 5

The Wireless Communications and Public Safety Act of 1999

Answer 5

allows for collection and use of
“empty” communications, which means nonverbal and nontext communications, such as GPS
information.

Question 6

five types of drive connections:

Answer 6

● Integrated Drive Electronics (IDE) [spoiler answer]
● Extended Integrated Drive Electronics (EIDE)
● Parallel Advanced Technology Attachment (PATA)
● Serial Advanced Technology Attachment (SATA)
● Serial SCSI

Question 7

Solid-state drives

Answer 7

use Negated AND (NAND) gate–based flash memory,
which retains memory even without power.

Question 8

advanced forensic file format

Answer 8

AFF file
format is part of the AFF Library and Toolkit, which is a set of open-source computer forensics
programs. Sleuth Kit and Autopsy both support this file format.

Question 9

EnCase

Answer 9

Creates exact copy of hard drive. EnCase calculates an MD5 hash when the drive is acquired. This hash is
used to check for changes, alterations, or errors.

Question 10

The Forensic Toolkit (FTK) from AccessData

Answer 10

useful at cracking passwords.
provides tools to search and analyze the Windows Registry.

Question 11

Steganography

Answer 11

art and science of writing hidden messages. common methods
of performing this technique is the least significant bit

Question 12

basic steganography terms

Answer 12

-Payload is the information to be covertly communicated.
-Carrier (or carrier file) is the signal, stream, or file in which the payload is hidden.
-Channel is the type of medium used. This may be a passive channel, such as photos,
video, or sound files,

Question 13

Ophcrack

Answer 13

depend on rainbow tables. Ophcrack is usually very
successful at cracking Windows local machine passwords.

Question 14

GUID Partition Table

Answer 14

used primarily with computers that have an Intel-based processor.

Question 15

The /etc Directory

Answer 15

where configuration files are located.

Question 16

Data Doctor

Answer 16

recovers all Inbox and Outbox data and all contacts data, and has
an easy-to-use interface.

Question 17

XRY

Answer 17

breaking an iPhone passcode.

Question 18

When a file is deleted on the iPhone, iPad, or iPod,

Answer 18

.Trashes\501 folder.