"What you need to know for the C840" Flashcards
is the process of acquiring and analyzing information stored on physical storage
media, such as computer hard drives, smartphones, GPS systems, and removable media. Disk
forensics includes both the recovery of hidden and deleted information and the process of
identifying who created a file or message.
Disk Forensics
is the study of the source and content of email as evidence. Email forensics
includes the process of identifying the sender, recipient, date, time, and origination location of
an email message. You can use email forensics to identify harassment, discrimination, or
unauthorized activities. There is also a body of laws that deal with retention and storage of
emails that are specific to certain fields, such as financial and medical.
Email Forensics
is the process of examining network traffic, including transaction logs and
real-time monitoring using sniffers and tracing.
Network Forensics
is the process of piecing together where and when a user has been on the
internet. For example, you can use internet forensics to determine whether inappropriate
internet content access and downloading were accidental.
Internet Forensics
also known as malware forensics, is the process of examining malicious
computer code.
Software Forensics
is the process of searching memory in real time, typically for working
with compromised hosts or to identify system abuse. Each of these types of forensic analysis
requires specialized skills and training.
Live System Forensics
is the process of searching the contents of cell phones. A few years ago,
this was just not a big issue, but with the ubiquitous nature of cell phones today, cell-phone
forensics is a very important topic. A cell phone can be a treasure trove of evidence. Modern
cell phones are essentially computers with processors, memory, even hard drives and operating
systems, and they operate on networks. Phone forensics also includes VoIP and traditional
phones and may overlap the Foreign Intelligence Surveillance Act of 1978 (FISA), the USA
PATRIOT Act, and the Communications Assistance for Law Enforcement Act (CALEA) in the
United States.
Cell-Phone Forensics
___________ establishes a code of information-handling practices that governs the
collection, maintenance, use, and dissemination of information about individuals that is
maintained in systems of records by U.S. federal agencies. A system of records is a group of
records under the control of an agency from which information is retrieved by the name of the
individual or by some identifier assigned to the individual.
The Federal Privacy Act of 1974
________ protects journalists from being required to turn over to
law enforcement any work product and documentary materials, including sources, before it is
disseminated to the public. Journalists who most need the protection of the PPA are those who
are working on stories that are highly controversial or that describe criminal acts, because the
information gathered may also be useful to law enforcement.
The Privacy Protection Act of 1980
A federal wiretap law for
traditional wired telephony. It was expanded in 2004 to include wireless, voice over packets, and
other forms of electronic communications, including signaling traffic and metadata.
The Communications Assistance to Law Enforcement Act of 1994 (CALEA)
governs the privacy and disclosure,
access, and interception of content and traffic data related to electronic communications.
The Electronic Communications Privacy Act of 1986
passed to improve the security and privacy of sensitive
information in federal computer systems. The law requires the establishment of minimum
acceptable security practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information.
The Computer Security Act of 1987 (CSA)
is a law that allows for collection of
“foreign intelligence information” between foreign powers and agents of foreign powers using
physical and electronic surveillance. A warrant is issued by the FISA court for actions under
FISA.
The Foreign Intelligence Surveillance Act of 1978
requires service providers
that become aware of the storage or transmission of child pornography to report it to law
enforcement.
The Child Protection and Sexual Predator Punishment Act of 1998
protects children 13 years of age and under from the collection and use of their personal information by websites. It is noteworthy
that COPPA replaces the Child Online Protection Act of 1988 (COPA), which was determined to
be unconstitutional.
The Communications
The Children’s Online Privacy Protection Act of 1998 (COPPA)
designed to protect persons 18 years of age
and under from downloading or viewing material considered indecent. This act has been subject
to court cases that subsequently changed some definitions and penalties.
The Communications Decency Act of 1996
Includes many provisions relative to the privacy and
disclosure of information in motion through and across telephony and computer networks.
The Telecommunications Act of 1996
allows for collection and use of
“empty” communications, which means nonverbal and nontext communications, such as GPS
information.
The Wireless Communications and Public Safety Act of 1999
primary law under which a wide variety of internet and
communications information content and metadata is currently collected. Provisions exist within
the PATRIOT Act to protect the identity and privacy of U.S. citizens.
The USA PATRIOT Act
contains many provisions about recordkeeping and destruction
of electronic records relating to the management and operation of publicly held companies.
The Sarbanes-Oxley Act of 2002
This is one of the most widely used laws in hacking cases. It covers a wide range of crimes
involving illicit access of any computer.
18 USC 1030 Fraud and Related Activity in Connection with Computers
This is closely related to 1030 but covers access devices (such as routers).
18 USC 1020 Fraud and Related Activity in Connection with Access Devices
This controversial law was enacted in 1998. It makes it a crime to publish methods or techniques to circumvent copyright protection. It is controversial because it has been used against legitimate researchers publishing research papers.
The Digital Millennium Copyright Act (DMCA)
As the name suggests, this law targets any crime related to identity theft. It is often applied in
stolen credit card cases.
18 USC § 1028A Identity Theft and Aggravated Identity Theft
This law covers a range of child exploitation crimes and is often seen in child pornography
cases. Related to this rather broad law are several others, such as:
18 USC § 2251 Sexual Exploitation of Children
Production of sexually explicit depictions of a minor for importation into the
United States
18 U.S.C. § 2260:
Certain activities relating to material involving the sexual exploitation of
minors (possession, distribution, and receipt of child pornography)
18 U.S.C. § 2252:
Certain activities relating to material constituting or containing child
pornography
18 U.S.C. § 2252A:
This was designed as an area where computer vendors could
store data that is protected from user activities and operating system utilities, such as delete
and format. To hide data in the ____ a person would need to write a program to access the ____ and write the data.
(HPA) Host Protected Area
This requires only a single sector, leaving 62 empty sectors of
___ space for hiding data.
Master Boot Record
This is the space that remains on a hard drive if the partitions do not use all the available space. For example, suppose that two partitions are filled with data. When you delete one of them, its data is not actually deleted. Instead, it is hidden.
Volume slack
An operating system can’t access any unallocated space in a partition.
That space may contain hidden data.
Unallocated space
